问题
In my Application, i need to block firewall such a way that it should block all the url and allow certain URL,
this is the rule i am wring
assuming i don't want to block www.google.com , www.facebook.com
ipfw 12164 deny tcp from any to any
ipfw 12156 allow tcp from any to www.google.com
ipfw 12157 allow tcp from any to www.facebook.com
but its blocking all the connection, what should be the firewall rule to have such a scenario.
回答1:
Using ipfw to filter the traffic isn't a good idea. ipfw only works with IP address: when you add a rule with a hostname, the hostname is resolved and the current IP address in used.
Some hostname can have multiple IP addresses (test the command host www.google.com) or the IP address my change, or the server may return link to resources stored on other addresses.
If you want to filter the website the user can access, you can use parental controls or Managed Client (MCX).
But if you still want to use ipfw, you should accept ingoing TCP traffic. Your rules only accept outgoing TCP traffic to www.google.com and www.facebook.com and block any response.
You should write the first rule like this:
ipfw 12164 deny tcp from any to any out
来源:https://stackoverflow.com/questions/8604816/mac-ipfw-adding-firewall-rule