Murus and OSX Server 5

Murus
Post Reply
Torodobrac
Posts: 1
Joined: Thu Feb 04, 2016 11:52 am

Murus and OSX Server 5

Post by Torodobrac » Thu Feb 04, 2016 11:59 am

The Server app on OSX (El Capitan) has a Access tab that allows setting of Custom Access to services. Do these conflict with Murus? Should they be all removed (perhaps bar the Caching service)?
Screen.tiff
You do not have the required permissions to view the files attached to this post.

hany
Posts: 485
Joined: Wed Dec 10, 2014 5:20 pm

Re: Murus and OSX Server 5

Post by hany » Fri Feb 05, 2016 1:47 pm

Server.app's Access tab is somehow confusing because the "Users" column sets rules at application level while the "Network" column sets rules at network level.
Rules at network level are then translated into a Server.app's specific pf anchor. Murus is aware of that and simply *ignores* the whole Server.app's pf anchor and rules. All Murus pf rules (dynamically created, hardcoded or custom added ones) do override Server.app's rules.
So, simply put, you should ignore the "Network" side of Server.app's Access tab and focus on Murus rules. For sake of simplicity you may want to set all services as allowed from all network on this panel, and then forget it.
The "Users" column lists rules that are applied at application level so you must take care of them, however they can't conflict with pf rules as they have nothing to do with the firewall.

Post Reply