Network World IT Roadmap Chicago Roundup

Thursday, April 5, 2007

These days I have found that most trade shows are hopelessly unimpressive, but I must say that Network World IT Roadmap Chicago was very useful. It was very targeted, so it was very relevant. Most of the presentations were good, the crowd was sufficiently nerdy, and the vendors were handing out swag again.

Read the rest of this entry »


Stateful OS X firewall

Monday, March 26, 2007

In the interest of security in depth, you should be running the firewall on your OS X system. I know, I know there are so few vulnerabilities on the Mac. That doesn’t mean that nasty stuff still doesn’t happen.

If you are feeling that the standard firewall settings aren’t quite good enough, you are in luck, OS X comes with a serious firewall, IPFW.

To go with the fancy new trick mentioned in the previous post, I thought you might like to have a basic IPFW firewall to get yourself going. As always I recommend checking man ipfw for more information.

Read the rest of this entry »


Automatically Load OS X Firewall Settings When Your Location Changes

Monday, March 26, 2007

Recently I changed my custom IPFW firewall settings on my laptop, making them specific for home and work networks, switching between wireless and ethernet. The problem was I needed to figure out how to reload the firewall script whenever the state of the network changed.

It turns out that Darwin has a special way to handle this. It uses a daemon called configd to monitor the state of the various services running. configd uses XML files located in /System/Library/SystemConfiguration/ to manage its configuration.

Read the rest of this entry »