Afctl automatic firewall

Similar Messages

• Afctl (Adaptive Firewall) error in 10.8.2

  I have enabled the Adaptive Firewall in OS X Server (2.2) under Mountain Lion 10.8.2 as per Apple's instructions:
  http://support.apple.com/kb/HT5519
  However, I get back an error everytime I try to enable it:
  # afctl -f
  No ALTQ support in kernel
  ALTQ related functions disabled
  pf enabled
  Token : 18446743524496027528
  No ALTQ support in kernel
  ALTQ related functions disabled
  Jan 22 17:41:50 server.domainredacted.com afctl[17998] <Notice>: Cannot update the Event Monitor config
  When I try to alter a setting:
  sh-3.2# afctl -T 10
  Jan 22 17:42:09 server.domainredacted.com afctl[18005] <Notice>: Cannot update the Event Monitor config
  Or when I try to disable it:
  sh-3.2# afctl -X
  Jan 22 17:45:29 server.domainredacted.com afctl[18021] <Notice>: Cannot update the Event Monitor config
  I thought perhaps that afctl was having trouble writing to AdaptiveFirewall.plist in /Applications/Server.app/Contents/ServerRoot/private/etc/emond.d/rules
  sh-3.2# ls -l /Applications/Server.app/Contents/ServerRoot/private/etc/emond.d/rules
  total 0
  -rw-r--r--  1 root  wheel   3344 Jan 22 00:11 AdaptiveFirewall.plist
  But even adding world write permissions to this file didn't help.
  I also wondered if perhaps afctl was looking for AdaptiveFIrewall.plist in the wrong place:
  sh-3.2# ls -l /etc/emond.d/rules/
  total 0
  -rw-r--r--  1 root  wheel   822 Jan 21 20:01 SampleRules.plist
  -rw-r--r--  1 root  wheel  8964 Jan 21 20:01 Xsan.plist
  But copying AdaptiveFirewall.plist here (or symbolic linking the file in this dir) didn't do the trick either.
  Anyone have any idea why afctl keeps complaining that it  "Cannot update the Event Monitor config" in OS X Server 2.2 / Mountain Lion 10.8.2?
  Rusty

  An additional (and confusing) update. The adaptive firewall may actually be doing something on my machine after all, but it's definitely not consistent. While digging through my logs again today, I noticed the events that I've pasted below. Apologies for the wall of text, but I've included the entire transcript of the attack for completeness.
  2/6/13 10:48:44.161 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:48:44.161 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:48:51.331 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:48:51.331 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:48:55.243 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:48:55.243 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:03.151 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:03.151 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:07.112 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:07.112 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:10.989 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:10.989 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:21.890 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:21.890 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:25.801 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:25.801 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:29.699 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:29.699 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:29.700 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:29.870 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:29.948 PM afctl[25763]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:29.954 PM emond[117]: 381912569.864889 Host at <IP-ADDRESS> was blocked for 15
  2/6/13 10:49:29.954 PM emond[117]: 381912569.864889 Host at <IP-ADDRESS> was blocked for 15
  2/6/13 10:49:29.954 PM emond[117]: 381912569.864889 Host at <IP-ADDRESS> was blocked for 15
  2/6/13 10:49:33.591 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:33.591 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:33.592 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:33.669 PM afctl[25764]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:33.675 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:33.754 PM afctl[25765]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:33.759 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:33.836 PM afctl[25766]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:37.477 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:37.477 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:37.478 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:37.552 PM afctl[25768]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:37.558 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:37.633 PM afctl[25769]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:37.638 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:37.720 PM afctl[25770]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:41.433 PM log[7449]: auth: Error: od[getpwnam_ext](server,<IP-ADDRESS>): No record for user
  2/6/13 10:49:41.433 PM log[7449]: auth: Error: od(server,<IP-ADDRESS>): verify plain: lookup failed for user: server
  2/6/13 10:49:41.434 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:41.511 PM afctl[25771]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:41.516 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:41.597 PM afctl[25772]: Address already in the blacklist, not added (timeout has been updated)
  2/6/13 10:49:41.602 PM emond[117]: Host at <IP-ADDRESS> will be blocked for at least 15 minutes
  2/6/13 10:49:41.678 PM afctl[25773]: Address already in the blacklist, not added (timeout has been updated)
  Note that I've made no changes to this server since my last post, but afctl does indeed appear to be working in those logs; there are no more login attempts from that IP after this excerpt. Additionally, I thought this might be a good sign for progress on getting Apple's KB Article (http://support.apple.com/kb/HT5519) to work, but I still receive the <Notice>: Cannot update the Event Monitor config error.
  Also, what's up with the auth errors logging after the IP's already been blocked? And there's a 4-second window preceeding them each time.
  Curiouser and couriser.

• Built-in Firewall and Blocking of Dreamweaver

  When I turn on the automatic firewall in Sharing Preferences (OS 10.4.11) my uploads to a remote server through Dreamweaver MX are blocked. Is there a way to open the Firewall to allow these uploads? Thanks for any suggestions.

  Hi Kaplan,
  Have you enabled ftp in the Sharing Pref Pane?
  There are two main types of FTP are active and passive. In active FTP, the FTP server initiates a data transfer connection back to the client. For passive FTP, the connection is initiated from the FTP client.
  Different Ports need opening for the two, this is for Linux, but applies to any ftp...
  http://www.linuxhomenetworking.com/wiki/index.php/QuickHOWTO_:_Ch15_:_Linux_FTP_ServerSetup

• Transfers across messenger? firewall?

  when sending files across msn messenger they ake considerable longer than when i am doing it on a windows pc, im assuming this is down to the automatic firewall on my macbook, is there a way around this or is there a way where i can temporarily take the firewall down until the transfer is complete and then put it back up?
  any help needed
  thanks

  nearly every test is a different speed, im in the u.k
  some say 3mbps some say 6 some less some more
  confused????
  all i no is that if i were to use msn on my brothers laptop running msn messenger the file transfers would be alot faster so im guessing the difference is sumwhere in the laptops and the systems not the connections

• Is arch automaticly blocking my programs?

  Well I have a slight problem that I mentioned in the "Newbie Corner" : http://bbs.archlinux.org/viewtopic.php?id=45827
  Now I've started thinking that maybe Arch has some automatic firewall blocking some random stuff for me...
  Samba and bittorrent works but mpd and lan over wine doesn't...
  Something just gotta be wrong here...
  So does Arch have an invisible firewall or is my computer just fucking with me?

  I do not have a software firewall enabled although I have a router.
  I tried the thing you said in sysctl.conf and tried opening everything in the hosts files and still no go...
  Can it have something to do with the fact that it is a windows client trying to connect to the mpd server?
  EDIT: Oh yeah I also opened the port in the firewall, not working...
  EDIT2: Woho dyscoria I think you fixed it for me! Thanks alot I tried another client and that one could connect Thanks alot
  But I now got another problem It won't play sound at the remote computers but that I might be able to solve myself
  EDIT3: Oh yeah what did that change in: sysctl.conf  do?
  Last edited by Izuil (2008-03-26 18:10:18)

• Would like ver. 5.0.1 but ver. 4.9 it is...

  steps i've taken and results:
  1) attempted Da Gopha's "stepwise clean uninstallation of iTunes." Result: could not uninstall Quicktime 7 at all. from the Add/Remove Programs, clicked Change/Remove, UninstallShield comes up, processing bar scrolls from left to right then disappears. that's it. any insight, anyone?
  2) attempted Dmitry's "All fixes in one thread...step by step..." Result: nothing. followed steps to the T, double-clicked iTunes icon, my harddrive whirs a little bit, but no iTunes. so...
  3) uninstalled ver. 5.0.1. and even though i couldn't uninstall Quicktime 7, i decided to reinstall ver. 4.9 which WORKS just like it should!
  please pass on that if your situation is like mine and you decide to forego version 5 altogether and go back to version 4.9, you DO NOT need to uninstall Quicktime 7.
  but i'd still like to know why i couldn't uninstall QT 7 in the first place. anyone? (not that i plan to uninstall now...i mean, with a working iTunes and all)

  hey b,
  in the beginning beginning, i did encounter "QT unavailable" errors, but i remedied that with the standalone install. also, the iTunes install would freeze during the "starting services" portion, and i've learned it's due to the Bonjour service, which i remedied that as well. after that, iTunes 5 DID launch once (only once). i had to quit the program while it was converting songs, and after that, iTunes 5 was no more. i used Dmitry's and Do Gopha's techniques because i just couldn't get iTunes to launch. yes, i have Norton IS 2005, but i attempted iTunes installs while both enabled and disabled with the same result: the "symptomless launch failure" u spoke about. the "automatic" firewall setting was recommended by the Norton program.

• How to use iMac w/Airport and DSL connection as a wireless router ???

  My iMac G5 (with Airport) is connected via Ethernet to a DSL modem.
  I want to connect my iBook G3 (non-Airport) wirelessly through the G5 to access the internet in a small home network, (without a standalone router).
  I have a USB adapter (ASUS wl-167G) and MAC OS drivers for the iBook. I seem to be getting a connection to the Airport card in the G5, but nothing to the modem with Safari or Firefox.
  I need some detailed instructions on setting up the iMac to access the DSL normally AND pass through a wireless connection for the iBook.
  Future plans are to buy an Airport Express for stereo and printer purposes.
  If using the Express will greatly simplify what I'm trying to do here, please advise so, (and how), and I'll get one now.
  Thanks
  Ken

  Thanks sig, but I am already set up that way. Also in sharing>internet>
  Airport options: channel-automatic, firewall-off, services-on (file sharing,Etc.)
  Network Status shows: Built -in -Ethernet, active and a IP address. Airport, sharing is on and using Airport and an ID #
  I also tried setting Airport to channel 11 (what the USB "Dongle" is connected to).
  Still no joy.
  I think I may need to manually configure both Airport TCP/IP in the iMac, and the USB Adapter in the iBook but I don't know what values to enter for IP Address, Subnet Mask, and Router.
  In way over my head, here. Any additional help is greatly appreciated.
  Ken
  20" iMac iSight G5,1.5 GHz Ram;   Mac OS X (10.4.4)   iBook 900 MHz G3 (OS X 10.3.9); iPod Photo 60Gb; LaCie 250 Gb FW HD

• Auto Log-ins messed up

  I don't know what is going on.
  This morning out of nowhere, none of my auto log-ins work.
  My ISP.
  YouTube
  eBay
  Amazon
  stuff like that does not recognize me and needs at least two more steps than yesterday.
  I did a MacScan and it looks clean. And Safari is set to do it auto.
  What is up ?

  I didn't sign into it or anything but I did click the link to the bogus page, before stopping and reporting it to amazon.
  That probably caused the problem with Amazon cookies. I'm wondering if it also had the same effect on the others you mention (pure speculation).
  While it's helpful to Amazon etc. to report suspected phishing e-mails, opening the e-mail does raise a flag relative to security concerns.
  Apple has gone on record saying OS X Leopard will offer "security enhancements including anti-phishing protection in Mail and Safari, and an automatic firewall that limits network resources available to an application". How that plays out functionally remains to be seen.

• Garbage on the screen instead of setup screen

  Hi
  My son's wrt54g2 v1.5 linksys router was working fine.  WPA2 mode was setup also, working correctly, until he came home one night and wasn't able to use wifi.  Computers, phones etc., that were setup with the security code could not logon.
  I had him try to use his browser and connect using 192.168.1.1, but, all that came up with was a screen full of garbled characters instead of the setup screen.
  Next I had him try to reset the router, holding in the reset button for 30 seconds, then coldbooting the router.  Unfortunately, the same garbled character screen reappeared.  Fortunately, it did reset the security, so he can use the router without security. 
  We really don't want to leave the router running without WPA2, and, would like to once again access the routers setup, so, If someone has any ideas, I'd appreciate suggestions.  We've already reset the router 4 times, and, it works connecting to the internet fine, we just can't get into the routers firmware to reset passwords or setup WPA2.  Tried connecting using both Firefox and Chrome, his laptop uses Windows, mine Linux.  Tried accessing using wifi and using ethernet.  Did I cover it all?
  Thanks in advance
  Tom

  Thanks again for responding.  And no, there are no firewalls on the computers I used for testing.  We use the router as our firewall.  Today, I used my "siduction" install (Debian Sid) to see if I could come up with anything interesting, which needless to say, I didn't.  I'm one of the Core members of "siduction", and, we don't install a firewall by default.  It's up to the user to install it if they deem it necessary.  I also use a Linksys E2500 for my own home network, and the same laptop worked perfectly fine bringing up my router's setup screen before I used it to test my son's router.  I also use Fedora, which comes with an automatic firewall, and, that install also had no trouble with the setup screen.  I also have openSUSE on my network, along with a few Windows dual boot laptops.  All of my machines bring up my 192.168.1.1 without incident. 
  Is there anyway to test the RAM and/or firmware without being able to access the linksys using 192.168.1.1?  I'm starting to think that the router is just suffering from old age and there might be a hardware problem.  Its also possible that he might have had a power line drop or surge that might have affected the router.  While I have all my electronics plugged in to UPS's, he had his router plugged directly in to the outlet.
  It's funny, everything the router is supposed to do, it is doing well.  It's supplying IP addresses, accepting multiple wifi logins, and asking for a password to enter setup.  It just won't show me the setup screen.

• Out going mail not sending in mavericks

  I've had this problem since upgrading to mavericks, mail not sending and the sntp server showing off line.
  I"VE FIXED IT!!!!
  Guys hope this helps, the ports show default - 25, 465, 585 in edit smtp settings. Check the next box down - use this port and type in 25, I know its in the default list but its sent my mail when using the custom port.
  Hope this helps, I spent all day yesterday on to my server supplier and onto chat with Apple in US but couldnt solve it.
  Best of luck!!

  For the past few weeks, I have been noticing a similar problem: access to 11 email accounts, and three domains, is blocked on occasion. According to my web hosting company, this is happening because some process was attempting to connect via port 585, an insecure IMAP port; and that an automatic firewall rule was invoked to block those attempts. The blocking would last for about one hour after the last attempt was made to connect.
  I'm running Mavericks. If I quit Mail, then restarted one hour later, the problem was resolved. UNTIL Mail attempted to connect to my mail servers, upon which the blocks were triggered again.
  I downloaded Little Snitch. It told me, unsurprisingly at this point, that three email accounts were attempting to use port 585 to connect to their mail server. But I DON'T USE IMAP with those accounts! Why Mail is attempting to connect to a port which I haven't configured it to use is the puzzle.
  The solution for me: tell Little Snitch to deny any access via port 585.

• Dilemma To App or not To App Is that the Question ask ask ?

  Edited to add clarification    Since  I'm on that subject I thought I use this thread also to asked an opinion.
  when first applied for the U.S Business Perk. Last Month on 7/20.my credit report was on freeze except TU (now I learned they pull EX for me.)
   I called back they requested for me to unfreeze all my CR. I figured  I'll just open a personal checking account with US.bank  to build a relationship learning what others have had experiences with U.S Bank and hoping to place me in a better position had a lot on my plate at the time strong contemplations for approval with them, and quite honestly i think it helped a tad, During filling out the app asked if I wanted to apply for a personal  visa I thought it over to myself, since I had to unlock all my CR I might as well apply i felt it was good logic  go for the for the whole package.  my EX they pulled  only do a SP. on there personal checking, Note: I frozen all those 3rd party other outside data CRA, I didn't not want any problems since I've heard and learned they also pull other 3rd party CR,
  My Thoughts was to tried to get U.S Bank  to use that same hp ,from my the checking/visa app for the businesses CC, but was told they need it reopen (

  Dan A wrote:
  My client doesn't have vnc configured and I am concerned that if there is a network blip or other kind of connection interruption while my upgrade is happening, I will be forced to trash the upgrade, restore from backup and start again.
  My client refuses to countenance this - they say they have never used vnc and don't want to start now.Your client shows ignorance. VNC is not a security risk.
  It depends on HOW it is used. As is the case with almost every single piece of s/w that you expose on a network.
  If X11 is directly used on the network, using VNC in a similar fashion is not less secure. And is a lot more robust and a lot faster.
  If the issue is not exposing VNC directly to the public network, VNC can be tunnelled.
  Start vncserver on the server. Display 1 will be by default on port 5901. It also binds (by default) to all IPs on that server, including localhost. If the server is hardened (or even default iptables activated), port 5901 is automatically firewalled and not accessible via the server's public network interfaces.
  However, it will be available on localhost.
  Create a local tunnel from your client to server. E.g. ssh -L 5901:localhost:5901 root@ora-server*
  Your localhost connections on port 5901 will be passed to ora-server - where this server passes it to localhost:5901, the VNC server display.
  Next run vncviewer localhost:1* on your client. And you are connected to the VNC server display via a secure and encrypted ssh tunnel.
  2 commands needed on your side to create a secure connection to a VNC server on target platform that itself is not directly exposed to any external network.

• Controlling the Adaptive Firewall with `afctl`

  For those of you that don't know, afctl controls (is?) Leopard Server's Adaptive Firewall. Its a really cool program, you give it an IP address, and a time-to-live in minutes, and that ip instantly gets firewalled for about that many minutes.
  Here is the man page for the program:
  http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/afctl.8. html
  And here is the man page for it's config file:
  http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/af.plist .5.html
  At first it seems like the perfect program. But I'm having big problems with it, all regarding rule numbers.
  afctl's first firewall rule is number 1700. Its next rule is 1705. And so on and so on. Now my rules come from a script I have running on my server, that automatically 'detects' abusers and blocks them. Rules last for 1 hour. So after the first hour of running, rule 1700 will expire, then 1705 and so on. New rules that are constantly getting generated, are up to maybe lets just say 1840.
  So even though rules only last an hour, the rule numbers keep going up and up and up. This becomes a big problem because once the rules get to 12300, the overlap and then pass existing rules in ipfw. Once they surpass this, incoming packets are matched and accepted before they get to their block rule (generated by afctl). So every second or so, another and another and another firewall rule gets added to block that same IP. But the rules are so high they don't work. Multiply this by 30 or 40 IPs at a time and you can see how once my afctl rules get to 12300, total chaos ensues.
  If I totally disable my script for two hours, and let all my afctl rules expire. Then I can re-enable the script and it will start generating rules again at 1700. But this can be a problem, some times I'm getting more traffic than I can handle during those two hours. After about 250 requests per second, things start to get sketchy.
  I need a way to manage these rule numbers without having to turn off the script that makes these rules.
  One thing that confuses me is the 'default_set' setting in the af.plist file. I'm not sure what this means, but does this somehow let me put my afctl rules into their own 'group'? The default setting for 'default_set' in my plist file is 17. That means nothing to me though. Reading the ipfw man page, it refers to it's whole configuration as it's 'ruleset'. So I'm not sure what this setting is, or if it can help me.
  As it stands now, I have to 'reset' my rules (by way of disabling my script and letting all afctl created rules expire) about every other day. If I could have afctl rules increment by 1 instead of 5, that would give me about 10 days. Still a bandaid, but a better bandaid. If there was a way to make afctl choose rules that are the lowest available rule number greater than 1699, so as rules expired, their numbers would be recycled. That would also work. Although i'd feel better if my dymanic rules also had a greater range to life in, than 1700-12300. But I'd have to be under one **** of an attack for that not to be enough.

  Well I found a solution, but it's not great. I run the following commands daily (nightly).
  sudo rm /var/db/af/blacklist;
  sudo ipfw delete set 17;
  sudo /usr/libexec/afctl;
  This deletes any memory afctl has of it's rules. Then it manually deletes all the rules it's made. Then it recreates it's database file.
  This will make your rules start over every night so you won't get 'rule number overflow' headaches.
  OF COURSE the whole point of afctl is auto-expiring firewall rules. So if you're going to do this, I might as well have my server firewall addresses directly to ipfw instead of bothering with afctl. I'm going to leave it using afctl now only because its already set up and running. At least I can be away from my server now without having a rule number overflow which for several different reasons brings my server to it's knees.

• Adaptive Firewall & afctl

  is the adaptive firewall working in 10.6 Server? i can't get it to auto block an IP after numerous failed attempts like 10.5 Server does.

  I highly recommend adding:
  export PATH=$PATH:/Applications/Server.app/Contents/ServerRoot/usr/libexec
  to ~/.bash_profile
  That way, afctl can be easily summoned:
  $ which afctl
  /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl
  Rusty

• Itunes unblocking itself on my firewall? I do not want automatic connection without my permission how do I fix this

  I dont want Itunes to load automatically or to access the internet without asking first. I have tried several times to restrict permissions in the firewall and when I restart the computer itunes has undone by block. What can I do

  Good day AMELIASARAH,
  One resolution to your issue would be to update your iPhone using iTunes on your computer rather than over the air. This requires much less space on the iPhone as most of the work is done by the computer. See this article for how to do it -
  If you need more space for an iOS update - Apple Support
  Thanks for using Apple Support Communities.
  Safe computing,
  Brett L 

• Firewall rules getting set automatically

  When my users try to access the firewall tab of the Sharing preference pane, they get the "Other firewall software is running on your computer" error. There is no other firewall software running and i've tried the 'ipfw flush' solution. This works temporarily, but as soon as I restart the computer, this rule keeps popping up when I run 'ipfw list':
  00001 allow udp from any 626 to any dst-port 626
  Is there some software that automatically adds this rule to the firewall? Xsan? Remote Desktop?
  Thanks!
  Jason
  G5s   Mac OS X (10.4.7)  

  It seems to be this entry that's causing the OS X firewall to think there's other firewall software managing settings and won't allow me to manage the firewall through the PreferencePane.
  Is there a way to stop it from being added or a workaround so we can manage firewall settings via the GUI?