Once Again, Happy New Year. I’ve been playing around with the PF firewall on Mac OS X Lion (10.7). I have to say that this is a great feature that is built into Mac OS X Lion that a lot of users do not take advantage of. Many people feel that they don’t need a firewall just because they aren’t running windows… which is the biggest mistake anyone could ever make.

The PF firewall was originally developed for the OpenBSD Unix OS. Previous versions of Mac OS X were running the now obsolete ipfw firewall software which was also developed on the OpenBSD platform. Let’s get to the topic at hand…

This is a quick tutorial on how to setup and configure the PF firewall on Mac OSX Lion.
In order to setup and configure PF you must have root or sudo access. Everything you need is located in the /etc/pf.conf file (this is the main configuration file that PF reads when carrying out its packet filtering duties). All configuration settings are done in the pf.conf file. Now, if you need more information on the pf.conf file and what configuration settings are needed in order to get your firewall up and running type the following command “man pf.conf” or go to openbsd.org which has excellent documentation on the PF firewall.

Once you have the pf.conf configured the way you like it, you can upload the conf file into the pf engine, but first we have to make sure that pf has been enabled. This can be done with the following command:

# pfctl -e

Once the PF has been enabled you can upload your config file to the pf engine using the following command:

# pfctl -f /etc/pf.conf.

Here are some of the other commands you can use for checking on rulesets and other things:

# pfctl -f /etc/pf.conf Load the pf.conf file
# pfctl -nf /etc/pf.conf Parse the file, but don’t load it

# pfctl -sr Show the current ruleset
# pfctl -ss Show the current state table
# pfctl -si Show filter stats and counters
# pfctl -sa Show EVERYTHING it can show

Below is a sample of my pf.conf file:
################################
#My PF Wireless Configuration #
################################

#################
#Variables #
#################

wi_if=”en1″
loop_if=”lo0″

####################################
#Lets get to the Filtering #
####################################

##################################
#Blocking Everything by Default #
##################################
block in all
block out all

###################################
#Selective Traffic #
###################################
pass in quick on $wi_if from any to any
pass out quick on $wi_if from any to any
pass in quick on $wi_if proto icmp
pass out quick on $wi_if proto icmp

As I said before, the PF firewall has a lot of cool features, just too many to go over in this tutorial. If you want to know more, let these 3 things be your guide:

  • man pf.conf
  • google.com
  • openbsd.org

:)

m4s0n501

About The Author

One Response

Leave a Reply