Mac | ipfw添加防火墙规则 [英] Mac | ipfw adding firewall rule
问题描述
在我的应用程序中,我需要以一种阻止防火墙的方式来阻止防火墙,该防火墙应该阻止所有url并允许某些URL
In my Application, i need to block firewall such a way that it should block all the url and allow certain URL,
这是我要拧的规则
假设我不想阻止www.google.com,www.facebook.com
assuming i don't want to block www.google.com , www.facebook.com
ipfw 12164 deny tcp from any to any
ipfw 12156 allow tcp from any to www.google.com
ipfw 12157 allow tcp from any to www.facebook.com
但是阻止了所有连接,发生这种情况的防火墙规则应该是什么.
but its blocking all the connection, what should be the firewall rule to have such a scenario.
推荐答案
使用ipfw过滤流量不是一个好主意. ipfw仅适用于IP地址:添加带有主机名的规则时,将解析该主机名并使用当前IP地址.
Using ipfw to filter the traffic isn't a good idea. ipfw only works with IP address: when you add a rule with a hostname, the hostname is resolved and the current IP address in used.
某些主机名可以具有多个IP地址(测试命令host www.google.com)或我更改的IP地址,否则服务器可能返回指向存储在其他地址上的资源的链接.
Some hostname can have multiple IP addresses (test the command host www.google.com) or the IP address my change, or the server may return link to resources stored on other addresses.
If you want to filter the website the user can access, you can use parental controls or Managed Client (MCX).
但是,如果您仍然想使用ipfw,则应该接受传入的TCP流量.您的规则仅接受到www.google.com和www.facebook.com的传出TCP流量,并阻止任何响应.
But if you still want to use ipfw, you should accept ingoing TCP traffic. Your rules only accept outgoing TCP traffic to www.google.com and www.facebook.com and block any response.
您应该这样编写第一个规则:
You should write the first rule like this:
ipfw 12164 deny tcp from any to any out
这篇关于Mac | ipfw添加防火墙规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
