[geeks] OS X Software Update issues

[Bryan Fullerton]

On Sunday, Aug 10, 2003, at 02:09 Canada/Eastern, Sandwich Maker wrote:

> anyone else here running brickhouse on osx?  afaik it appears to be a
> front panel for a hidden osx fw ability.

That 'hidden osx fw ability' would be ipfw, which OS X inherited from 
FreeBSD. It's partially exposed in Control Panel -> Sharing -> 
Firewall, and of course available at the command line.

On my TiBook:
[ronin:~] bryanf% sudo ipfw show
Password:
02000   688  100424 allow ip from any to any via lo*
02010     0       0 deny ip from 127.0.0.0/8 to any in
02020     0       0 deny ip from any to 127.0.0.0/8 in
02030     0       0 deny ip from 224.0.0.0/3 to any in
02040     0       0 deny tcp from any to 224.0.0.0/3 in
02050   420   43881 allow tcp from any to any out
02060   361   74227 allow tcp from any to any established
02070     0       0 allow tcp from any to any 22 in
02080     0       0 allow tcp from any to any 631 in
12190     0       0 deny tcp from any to any
65535 10323 1064808 allow ip from any to any

On my FreeBSD 5.1 box:
katana.bryanf:/> sudo ipfw show
00100    236998    31105110 allow ip from any to any via lo0
00200         0           0 deny ip from any to 127.0.0.0/8
00300         0           0 deny ip from 127.0.0.0/8 to any
65000 103999654 86857148205 allow ip from any to any
65535         0           0 deny ip from any to any

(both on the local LAN now, so rules are fairly lax)

Hopefully OS X 10.3 - which allegedly updates userland *NIX code to a 
newer FreeBSD code base - will include ipfw's dummynet traffic shaping 
features. Very useful, especially when you're paying for bandwidth. :)

Bryan