The adaptive firewall helps prevent your computer from being attacked by unauthorized users. OS X Server uses an adaptive firewall that dynamically generates a firewall rule if a user or an IP address generates 10 consecutive failed login attempts.
The adaptive firewall doesn’t require configuration, but must be manually turned on using the following commands:
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -csudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -fThe afctl -c command configures the tool building the whitelist, and the afctl -f command forces adaptive firewall into an active state. For more information about manually starting adaptive firewall, see the Apple Support article OS X Server: How to enable the adaptive firewall.
When too many network requests are made of the server in too short a time period, the adaptive firewall creates a temporary rule for ipfw and ip6fw that blocks the network activity. After a set time period, the temporary firewall rules are removed and ipfw and ip6fw are returned to their normal set of rules. By default, the generated rule blocks the offending IP address for 15 minutes, preventing access.
Although the adaptive firewall automatically engages once it’s turned on, as an administrator you can customize the firewall’s reaction by:
Adding an IP number or address range permanently to a whitelist
Adding an IP number or address range permanently to a blacklist
Changing the blocking time period
Changing the adaptive firewall’s reporting behavior
The adaptive firewall consists of the following:
Utility or file | Description |
|---|---|
/Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl | The executable |
/Applications/Server.app/Contents/ServerRoot/etc/af.plist | The plist format config file for |
/Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.afctl.plist | The launchd plist for |
/var/db/af/whitelist | The file used to store the whitelist |
/var/db/af/blacklist | The file used to store the list of blocked addresses |
/Applications/Server.app/Contents/ServerRoot/System/ Library/CoreServices/AdaptiveFirewall.bundle/Contents/MacOS/hb_summary | A tool that summarizes the host blocking activity of |
For more information about afctl and hb_summary, see their man pages.