There is a nice article about improving OS X security http://www.tuaw.com/2007/03/12/make-os-x-more-secure-now/
. I am interested in closing some ports I don't need (no DNS server in my machine, no Bonjour, no printing..) in such way that fw rules will stay after reboot.
I have a script to delete un-needed ports. Since I can't figure a better way to modify the default rules of ipfw2, I will follow Sebastiaan de With's advice to use Lingon.
Here is the script, the Lingon job is easy: create new "User Daemon", put the path (no command line params needed) , set "Run at load", and reboot to see if it works. It Does !
-----------------------------------------------
/sbin/ipfw show > /tmp/origrules
awk '/dst-port 137 in/ {print "/sbin/ipfw del", substr($1,0,5)}' /tmp/origrules > /tmp/newrules
awk '/dst-port 427 in/ {print "/sbin/ipfw del", substr($1,0,5)}' /tmp/origrules >> /tmp/newrules
awk '/dst-port 631 in/ {print "/sbin/ipfw del", substr($1,0,5)}' /tmp/origrules >> /tmp/newrules
awk '/dst-port 5353 in/ {print "/sbin/ipfw del", substr($1,0,5)}' /tmp/origrules >> /tmp/newrules
awk '/67 to me in/ {print "/sbin/ipfw del", substr($1,0,5)}' /tmp/origrules >> /tmp/newrules
awk '/5353 to me in/ {print "/sbin/ipfw del", substr($1,0,5)}' /tmp/origrules >> /tmp/newrules
chmod +x /tmp/newrules
sh /tmp/newrules
rm /tmp/origrules
rm /tmp/newrules
No comments:
Post a Comment