Mac OSX Server – AFP Firewalling

afp

Is it possible to write an ipfw rule to:

1 – block a specific AFP Share by the Shares Name?

2 – block that AFP Share from access by anyone but the local network, i.e: no external IPs.

And if so could I have an example please based on my AFP Share name of 'CLOUD'
Thx.

MacPro OSX Server 10.7.latest

Netgear SRX5308

Best Answer

Unfortunately, no... the relevant ipfw rules are all IP/portnumber based and are completely ignorant of protocol specific info like share names.... this means you can either allow all or nothing for the AFP service on the server.

Obviously, if you have 2 servers, just kill outside access for that one server, but then you probably wouldn't be asking the question.

A workaround hack would be to fire up a VM on the server that gets a totally different IP address and then use ipfw to allow/deny as appropriate. Is that an option for you?

Related Solutions

MacOS – Lion deletes files after copying to shared folder on AFP

As noted in my second edit, repairing permissions appears to have fixed the problem, though I don't see how.

MacOS – Reset AFP permissions after uninstalling Mavericks Server

You may be able to configure the AFP parameter admin31GetsSp, to allow administrators to mount entire volumes through AFP by performing this Terminal command:

sudo defaults write /Library/Preferences/com.apple.AppleFileServer admin31GetsSp -bool false

It is most likely necessary to stop and start AFP services after making this change.

Best Answer

Related Solutions

MacOS – Lion deletes files after copying to shared folder on AFP

MacOS – Reset AFP permissions after uninstalling Mavericks Server

Related Question