Murus front end for Apple adaptive firewall?

Murus
Post Reply
amstel78
Posts: 4
Joined: Thu Jan 14, 2016 1:53 am

Murus front end for Apple adaptive firewall?

Post by amstel78 » Thu Jan 14, 2016 2:07 am

Is Murus brute force options actually configuring the built in Apple adaptive firewall? I ask because if I run the following in terminal:

Code: Select all

/Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/AdaptiveFirewall.bundle/Contents/MacOS/hb_summary
It doesn't show anything being blocked in the last 24 hours despite Murus brute force list showing activity.

hany
Posts: 485
Joined: Wed Dec 10, 2014 5:20 pm

Re: Murus front end for Apple adaptive firewall?

Post by hany » Thu Jan 14, 2016 1:42 pm

Murus cannot control the Apple Adaptive firewall, you can control it using Server.app. I suggest you to choose one of the two.
With Murus you can set a service "adaptivity" by setting limits for connections over time. This is achieved using simple pf rules and options, as you can verify from Murus expanded pf configuration view and/or runtime pf rules. The best way to test it is with your local sshd and a virtual machine (or another host in your lan).

amstel78
Posts: 4
Joined: Thu Jan 14, 2016 1:53 am

Re: Murus front end for Apple adaptive firewall?

Post by amstel78 » Thu Jan 14, 2016 1:47 pm

I have Server 5 running and it seems to me that there's no UI for AF. At least everything I've seen on the net points to configuring AF via terminal. Unfortunately, I've tried several times and couldn't get it to start, hence me moving to Murus. Murus does an excellent job now that I've had it running for a week, but I'd still like to learn more about Apple's built-in options.

If a front end does exist in Server 5 for AF, grateful if you could point me to someplace that details configuration options. Many thanks.

FWIW, this is what I used to try and get AF running:

Code: Select all

sudo pfctl -f /etc/pf.conf
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctl
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -c
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f
Plus doing the following to get the packet filter started upon next server reboot:

Code: Select all

sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)'
sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plist
sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist

Post Reply