1

In my Application, i need to block firewall such a way that it should block all the url and allow certain URL,

this is the rule i am wring

assuming i don't want to block www.google.com , www.facebook.com 

ipfw 12164 deny tcp from any to any  
ipfw 12156 allow tcp from any to www.google.com  
ipfw 12157 allow tcp from any to www.facebook.com

but its blocking all the connection, what should be the firewall rule to have such a scenario.

Amitg2k12
  • 3,765
  • 10
  • 48
  • 97

1 Answers1

0

Using ipfw to filter the traffic isn't a good idea. ipfw only works with IP address: when you add a rule with a hostname, the hostname is resolved and the current IP address in used.

Some hostname can have multiple IP addresses (test the command host www.google.com) or the IP address my change, or the server may return link to resources stored on other addresses.

If you want to filter the website the user can access, you can use parental controls or Managed Client (MCX).

But if you still want to use ipfw, you should accept ingoing TCP traffic. Your rules only accept outgoing TCP traffic to www.google.com and www.facebook.com and block any response.

You should write the first rule like this:

ipfw 12164 deny tcp from any to any out
Nicolas Bachschmidt
  • 6,475
  • 2
  • 26
  • 36
  • Thanks a lot, Is it possible to modify/edit parental controls programmatically ? – Amitg2k12 Dec 22 '11 at 15:47
  • Parental Controls settings are stored in the Directory Service database in the records' `MCXSettings` attribute. You can modify it with the [OpenDirectory framework](http://developer.apple.com/library/mac/search/?q=OpenDirectory) or using the `dscl` command line utility. – Nicolas Bachschmidt Dec 22 '11 at 18:35
  • if i run on admin mode will to allow to run the browser under admin mode, the key is my application might run under the admin mode – Amitg2k12 Dec 23 '11 at 11:46