Languages

OS X Server: Packet filter rules do not load

Symptoms

On OS X Mountain Lion systems configured as a server using OS X Server, the pfctl utility may not load rules into the packet filter. Rules added automatically by the Adaptive Firewall service and rules added manually by the system administrator will not be enforced by the packet filter.

Resolution

To resolve this issue, use a text editor as the root user to edit the /etc/pf.anchors/com.apple file. Locate the following line near the end of the file:

load anchor "400.AdaptiveFirewall/" from "/Applications/Server.app/Contents/ServerRoot/private/etc/pf.anchors/400.AdaptiveFirewall"

Edit the line to remove the forward slash character "/" after the first "400.AdaptiveFirewall". After editing the line, it should appear like this:

load anchor "400.AdaptiveFirewall" from "/Applications/Server.app/Contents/ServerRoot/private/etc/pf.anchors/400.AdaptiveFirewall"


Save changes to the file, then use the pfctl command to reload rules and enable the packet filter:

sudo pfctl -f /etc/pf.conf
sudo pfctl -e

 

Alternative non-interactive procedure

As an alternative to the procedure described above, system administrators may use the following command to edit the file non-interactively:

sudo ruby -an -i.bak -e 'puts $_ =~ /^(load anchor "400.AdaptiveFirewall)\/(".*)/ ? $1<<$2 : $_' /etc/pf.anchors/com.apple
Last Modified: Sep 28, 2012
Helpful?
Yes
No
  • Last Modified: Sep 28, 2012
  • Article: TS4418
  • Views:

    4252
  • Rating:
    • 20.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked