Need some firewall assistance.

dazed · Feb 17, 2013, 02:48 PM

Hi,

I have a AirPort Extreme and a Mac mini (running Lion) that runs 24/7 which I use as a media server.

I'd like to set it up more securely and am wondering the best way to limit its Internet access. Ideally I'd like it only to be able to access the iTunes Store, and the crashplan servers.

Any ideas? Can I do this with the Macs firewall or do I need to get a third party app?

Thanks

ChristianJapan · Feb 17, 2013, 03:29 PM

What are your concerns ? If you don't have lots other software running, no mail or safari your Mac will not connect to outside.
But too make sure you can use te build-in packet filter called: pf.
A command line tool from BSD roots.

There is some front end tool like http://www.macupdate.com/app/mac/41821/icefloor around but I haven't direct experience. I "outsourced" my pf to a dedicated machine protecting my home network but runs stable 24/7 with a nice web frontend.

The big challenge will be to find the IP adresses you want to allow. Not sure if Apple or crashplan server are always reachable under the same IP.
Apple has its own network with 17.0.0.0/8 but some content comes from 3rd party IP. You would have quite some trial&error.

Having your mac behind a AirPort Extreme in NAT mode should give already good level of security; no packets from outside inbound. Do you plan to serve your media files to outside (like iPhone) ?

dazed · Feb 17, 2013, 06:15 PM

My main concern is shutting down as many ports from the outside world as I can since the machine runs unattended 24/7.

All the machine runs is Clamxav, iTunes and Crashplan.

Feb 17, 2013, 02:48 PM	#1
dazed macrumors 6502 Join Date: Jun 2007	Need some firewall assistance. Hi, I have a AirPort Extreme and a Mac mini (running Lion) that runs 24/7 which I use as a media server. I'd like to set it up more securely and am wondering the best way to limit its Internet access. Ideally I'd like it only to be able to access the iTunes Store, and the crashplan servers. Any ideas? Can I do this with the Macs firewall or do I need to get a third party app? Thanks
	0

Feb 17, 2013, 03:29 PM	#2
ChristianJapan macrumors 68030 Join Date: May 2010 Location: 東京	What are your concerns ? If you don't have lots other software running, no mail or safari your Mac will not connect to outside. But too make sure you can use te build-in packet filter called: pf. A command line tool from BSD roots. There is some front end tool like http://www.macupdate.com/app/mac/41821/icefloor around but I haven't direct experience. I "outsourced" my pf to a dedicated machine protecting my home network but runs stable 24/7 with a nice web frontend. The big challenge will be to find the IP adresses you want to allow. Not sure if Apple or crashplan server are always reachable under the same IP. Apple has its own network with 17.0.0.0/8 but some content comes from 3rd party IP. You would have quite some trial&error. Having your mac behind a AirPort Extreme in NAT mode should give already good level of security; no packets from outside inbound. Do you plan to serve your media files to outside (like iPhone) ? __________________ I support the MacRumors Blood Drive!
	0

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Feb 17, 2013, 06:15 PM	#3
dazed Thread Starter macrumors 6502 Join Date: Jun 2007	My main concern is shutting down as many ports from the outside world as I can since the machine runs unattended 24/7. All the machine runs is Clamxav, iTunes and Crashplan.
	0


MacRumors Forums > Apple Systems and Services > Mac Basics and Help