Need some firewall assistance.

Discussion in 'Mac Basics and Help' started by dazed, Feb 17, 2013.

  1. macrumors 6502a

    Joined:
    Jun 23, 2007
    #1
    Hi,

    I have a AirPort Extreme and a Mac mini (running Lion) that runs 24/7 which I use as a media server.

    I'd like to set it up more securely and am wondering the best way to limit its Internet access. Ideally I'd like it only to be able to access the iTunes Store, and the crashplan servers.

    Any ideas? Can I do this with the Macs firewall or do I need to get a third party app?

    Thanks
     
  2. macrumors demi-god

    ChristianJapan

    Joined:
    May 10, 2010
    Location:
    日本
    #2
    What are your concerns ? If you don't have lots other software running, no mail or safari your Mac will not connect to outside.
    But too make sure you can use te build-in packet filter called: pf.
    A command line tool from BSD roots.

    There is some front end tool like http://www.macupdate.com/app/mac/41821/icefloor around but I haven't direct experience. I "outsourced" my pf to a dedicated machine protecting my home network but runs stable 24/7 with a nice web frontend.

    The big challenge will be to find the IP adresses you want to allow. Not sure if Apple or crashplan server are always reachable under the same IP.
    Apple has its own network with 17.0.0.0/8 but some content comes from 3rd party IP. You would have quite some trial&error.

    Having your mac behind a AirPort Extreme in NAT mode should give already good level of security; no packets from outside inbound. Do you plan to serve your media files to outside (like iPhone) ?
     
  3. thread starter macrumors 6502a

    Joined:
    Jun 23, 2007
    #3
    My main concern is shutting down as many ports from the outside world as I can since the machine runs unattended 24/7.

    All the machine runs is Clamxav, iTunes and Crashplan.
     

Share This Page