Packet Filter (PF) Status in 10.9

Howdy Developers,
I have couple of questions regarding the pf status in 10.9. For some reason Apple does not seem to clearly state what they are going to do with PF? I understand that this is the direction apple plans to move, so are they going to remove older firewall framework (ipfw)?
The reason for this question is to get advice from developers regarding how our code development should proceed. My application uses ipfw (divert rule) to forward all tcp traffic to userspace. This works well in 10.9 as well. The divert rule in question is inserted to the table by my code programatically using following code.
    if ((fw_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) {
         return -1;
    bzero(&fw, sizeof(struct ip_fw));
          fw.version = IP_FW_CURRENT_API_VERSION;
          fw.fw_number = 1;
    fw.fw_prot = IPPROTO_TCP;
    fw.fw_flg = IP_FW_F_DIVERT | IP_FW_F_OUT;
    fw.fw_un.fu_divert_port = port;
    fw.fw_uar.fw_pts[0] = 80; /* Not relavent */
          fw.fw_nports = 0;
    if (setsockopt(fw_sock, IPPROTO_IP, IP_FW_ADD, &fw, sizeof(fw)) == -1) {
  return -1;
This is prefered way for my application. Unfortunately, Apple decided to depricate this with 10.7. In 10.8 the definition of struct ip_fw is no longer found. I had to use 10.7 SDK to make this work.
With new xcode 5.0.1, 10.7 SDK is no longer supported and this means either I run older xcode for just compiling this code and newer xcode for rest of the code. This is very ugly situation. I want to know if I shoud migrate to PF? If so how do I programatically set similar divert rule?
Assuming there is programatical interface for PF, then would this work on 10.7, 10.8 and 10.9?
I also see that OS X firewall uses PF in the backend. Users can enable this via preferences. Is there a way to programatically control this interface? I mean I would like to make sure the firewall is turned off when my application starts running.
I know I asked lots of questions. I hope someone can help as there is nil documentation on what Apple wants its developers to do.
Regards,
Chandy

I think your question might be better suited to the Developer forums at devforums.apple.com or the mailing lists. You might even want to open a tech support ticket.

Similar Messages

  • Uninstall TMG Packet Filter

    Hello,
    After removing TMG 2010 from a Windows 2008 R2 server, the following TMG Packet filter was left behind and the "uninstall" option is greyed out.
    How can I uninstall this?  Any ideas greatly appreciated...  (see image below)...
    Brett
    B

    Anyone else solve this issue? I have this same problem now.
    One of the techs here was building a second domain controller. And they didnt check to see what all was running on the Windows 2008r2 VM before they finished. I found out later after it was premoted and such. all the details I think removed forefront and
    this same thing is left behind. We really only use TMG as a Proxy server so only need 1 NIC configuration. Anyway I've tried everything I know to try to get this removed but I'm having no luck.
    Bizquick

  • Adaptive-Firewall (af) blacklist or blockedHosts? Packet-Filter (pf)

    I have just upgraded my Mac mini Server from the latest version of OS X 10.8.5 and OS X Server 2.2.1 to OS X 10.9.3 and OS X Server 3.1.2 by turning off all server services (except Open Directory), upgrade to OS X 10.9.3 and touching up System Preferences, reboot, upgrade OS X Server 3.1.2 and run the Server app to upgrade the server's directories, files and services, and now proceeding carefully by comparing notes from my previous configuration and turning on required server services one by one.
    Now the Adaptive Firewall (af) and Packet Filter (pf) perplexes me since OS X 10.8...
    I have configured how to enable af on system boot-up based on information from Apple support documents. I understand that Event Monitor (emon) monitors the incoming IP connections (among its other functions) and if it detects abnormal behaviour from a particular IP connection, emon uses af to add the offending IP address to af's blacklist file.
    My first question is: does af itself blocks the IP connection, or does it use pf instead to do the job?
    If af uses the latter, my second question is: does af uses some internal socket/pipes to communicate with pf, or does pf uses some file from af?
    Now if pf uses some file from af, it can't be the blacklist file as the pf.anchor uses the table from /var/db/af/blockedHosts file, and it seems that the blockedHosts file is perpetually an empty file and no app or process seems to touch the file since it was created.
    The gist of my question is that the af and/or pf on my system seem not to be doing their job even though emon is detecting abnormal IP connections based on the log messages its been producing after following Apple support documents to enable Adaptive Firewall on my system.

    "The gist of my question is that the af and/or pf on my system seem not to be doing their job even though emon is detecting abnormal IP connections based on the log messages its been producing after following Apple support documents to enable Adaptive Firewall on my system."
    And when and which service use the /var/db/af/blockedHosts file?

  • Unable to Uninstall "TVT Packet Filter Miniport #4

    Does anyone know the purpose of the TVT Packet Filter Miniport #4 that appears in my Device Manager list under Network adapters?  The listing shows it with a yellow ! and I am unable to update the driver or uninstall it.  I get the message "Failed to uninstall the device. The device may be required to boot up the computer."
    Thanks in advance for any information. 

    This is easily fixed:
    1) Go to Control Panel, Network Connections
    2) For each Device listed, choose its Properties, then uncheck TVT Packet Filter, then click OK.
    3) Double check making certain that you have unchecked all TVT Packet Filter for each Network Device listed.
    4) Go to Control Panel, System, Device Manager.
    5) Now you can Uninstall the <yellow exclamation mark> (TVT Packet Filter missing driver) under Other Devices.
    6) If you followed the above steps correctly, this error should not recur.

  • How to set a data packet to red status.

    I have a big load which ended mostly in green data packets except for two, which were red,  because of server / resources issues. I tried to update them manually and they turned yellow but all processes ended and they are still in yellow. I want to try a manual update again, but I can't because they have to be in red status. How can i change the status of a single packet? This was a pretty hard load, and I can't afford to loose what so far made it okay to the Infocube.

    Hi,
      You need to force the request to red and then ur datapacket will turn to red then update the two packets manually then force it to green.
    Regards,
    Malar

  • Checking Filter Highlight Status

    Hi,
    I'd like to check the status of the filter before re-applying it. (Project 2010)
    Code
    Private Sub Project_Change(ByVal pj As Project)
        Dim txtFilter As String
        Dim blHighlight As Boolean
    'SOMETHING ALONG THE LINES OF :
        If CurrentFilter.Highlight = True then blHighlight = True else blHighlight = False
        txtFilter = CurrentFilter
        FilterApply txtFilter, blHighlight
    End Sub
    - I do this in the ThisWorkbook Change event, so after a change is made project re-applies the filter and the update is applied immediately, disappearing the yellow line.
    If you have any other suggestions on how to do this feel free to post, eg an option to automatically re-apply that I've missed.

    Hi pbyrne98,
    Use following code to check if a highlight filter is selected:
    Dim viewSingle As viewSingle
    For Each viewSingle In Application.ActiveProject.ViewsSingle
    If (ActiveProject.CurrentView = viewSingle.Name) Then
    Debug.Print viewSingle.Name
    Debug.Print viewSingle.HighlightFilter
    If viewSingle.HighlightFilter = True Then
    ' Highlight filter
    Exit For End If
    End If
    Next
    Hope this helps

  • Filter by Status of Message

    I am currently trying to migrate from Thunderbird on my old PC, and have hit a snag.
    In Thunderbird, I can filter only of the message status is 'Read'. This means the message remains in my Inbox until I have read it and manually fired the Filters. It lets me keep all important emails in my Inbox until they are dealt with. Is there similar functionality in Mail? I can't see 'status' in the list of conditions.
    Thanks.

    Greetings,
    There is no such function in Mail. All incoming mail is in the Inbox unless you move it, regardless of whether or not you have read it. You can use Smart Mailboxes to filter messages by whether or not they've been Read, Flagged, etc., but you must set those up yourself, and they apply only after your messages have arrived in the Inbox.

  • Filter on status for user/position

    Hi All,
    I am working on Status Management and my requirement is to have a single status (System status In Simulation) of status profile linked to a particular BP and visible from it but hidden for another BP.
    The status profile has to be the same used for MKT Object.
    Anyone can tell me if there is some particular settings in CRM to do that? Any Badi to be implemented?
    Thanks a lot,
    Isa
    Edited by: isabel2 on Feb 9, 2012 12:43 PM

    Hi
    Thank you very much for your advice.
    And sorry for late reply.
    We managed to solve the problem by this way.
    ①Go to SLFN0001 as we did before.
    ②Add new status in the first screen (just add something)
    ③Go to u2192Translationu2192Status Translation
    ④Select Maintenace lang: German  and Language: Your lang (I put Japanese)
    ⑤Write status and Status and Save
    ⑥Go back to first screen of SLFN0001 and double click the new one that you created
    ⑦Add new transaction by New Entries (F5)
    ⑧choose transaction whatever you like (I choose it at random)
    ⑨Go back to first screen and make sure highest number is all the same
    I have two points to mention.
    ①Please make sure to put transaction control (or action ) to your new one.
    ②Please make sure to highest number same from the  top to the bottom
    Otherwise the new status is not going to appear.

  • Packet filter problem on BM 3.8

    I have BM 3.8 on OES NetWare. After I installed I realized the public NIC
    was bad and replaced it. I found the filters were set to the wrong
    interface, and had no exceptions set. Using FILTCFG, I changed the
    interface for the filters to the new public NIC, and then had to disable
    the filters because they had no exceptions. Now, I can't connect to
    iManager on the BM server, and iMgr run from my main server does not show
    the NBM Access Management option. What can I do short of reinstalling BM?

    On Mon, 29 Jan 2007 20:03:05 GMT, Caterina Luppi <[email protected]> wrote:
    >Check this TID 10097678
    >http://www.novell.com/support/search...200%2025373104
    >
    >and see if it fixes your issue.
    Yes, it did. Thank you. Of course, I wasted a day trying to resolve a comms
    problem between servers until I finally thought to disable all of the
    filters.
    Donald Albury

  • How to add a alert filter in ipsmc for version 5 signatures

    I am trying to understand how event or alert filters work in version 5.x. If I use VMS ipsmc to manage the sensors, how do you add a sensor filter for a particular event that we do not want to see appear in the SecMon console any more.
    It looks like you have one of two options however i am not sure of the method to follow. you could edit the signature its self or it seems that you must use “Configuration Settings > Event Actions (IPS 5.x) > SigEvent Action Filters”
    I would like to create a filter from any to a single address host IP address but when I select the add button, I only have the option to specify a range of addresses. Do I just enter the single address in the start field and then leave the finish field blank?
    The filter should “not alert” or “take any action”. How do I exclude certain destination or source IPs from producing an alert?

    We are still trying to get this filter to work. Can anybody give us an example of how it should look on the sensor?
    The sensor filter that we would like to create should “exclude” any source IP, any source port to specific destination hosts on all destination ports (icmp has none) from capturing events and storing them in the event store on the sensor.
    This is the filter that we have so far on the sensor. What’s the problem with it?
    service event-action-rules rules0
    filters edit icmp-w-echo-filter-sensor-sensor-0-D
    signature-id-range 2100
    subsignature-id-range 0-255
    attacker-address-range 0.0.0.0-255.255.255.255
    victim-address-range a.b.c.x,a.b.c.y
    attacker-port-range 0-65535
    victim-port-range 0-65535
    risk-rating-range 0-100
    no actions-to-remove
    deny-attacker-percentage 100
    filter-item-status Enabled
    stop-on-match False
    no user-comment
    exit
    filters move icmp-w-echo-filter-sensor-sensor-0-D begin
    exit

  • Want to use presentation date variable in Advance SQL filter option

    Hi,
    I want to use presentation date variable in Advance SQL filter option.....I am getting the below error.
    SQL in Advance SQL filter ----
    "Fact Status Details"."Load Date" =
    (select min(Cast("D Time"."Business Date" as char))-1
    from "D Time" where "D Time"."Operational Month Sk" =
    (select "D Time"."Operational Month Sk" from "D Time" where date '@{Date1}'=cast("D Time"."Business Date" As char)))
    Error ---
    Error getting drill information: SELECT "Fact Status Details"."Load Date" saw_0 FROM "Pre RFAI Sales" WHERE "Fact Status Details"."Load Date" = (select min(Cast("D Time"."Business Date" as char))-1 from "D Time" where "D Time"."Operational Month Sk" = (select "D Time"."Operational Month Sk" from "D Time" where date '@{Date1}'=cast("D Time"."Business Date" As char)))
    Error Details
    Error Codes: YQCO4T56:OPR4ONWY:U9IM8TAC:OI2DL65P
    Odbc driver returned an error (SQLExecDirectW).
    State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 27002] Near <select>: Syntax error [nQSError: 26012] . (HY000)
    SQL Issued: {call NQSGetLevelDrillability('SELECT "Fact Status Details"."Load Date" saw_0 FROM "Pre RFAI Sales" WHERE "Fact Status Details"."Load Date" = (select min(Cast("D Time"."Business Date" as char))-1 from "D Time" where "D Time"."Operational Month Sk" = (select "D Time"."Operational Month Sk" from "D Time" where date ''@{Date1}''=cast("D Time"."Business Date" As char)))')}
    Load Date format ---YYYYMMDD
    Please advise...i need to fix this issue urgently.

    Thanks for your reply.
    Could you please help me with the correct code...i tried to correct it....
    "Fact Status Details"."Load Date" =
    (select Cast(min("D Time"."Business Date" )-1 as char)
    from "D Time" where "D Time"."Operational Month Sk" =
    (select "D Time"."Operational Month Sk" from "D Time" where Date'@{Date1}'=cast("D Time"."Business Date" As char)))
    Please let me know if i am wrong..this code is also not working.

  • How to add a dynamic filter in query panel

    I want to display the data in recent week, is it possible to add a dynamic filter in query panel?
    eg. filter--> actionDate >= CurrentDate - 7
    BO version: BOX I 3.1

    We are still trying to get this filter to work. Can anybody give us an example of how it should look on the sensor?
    The sensor filter that we would like to create should “exclude” any source IP, any source port to specific destination hosts on all destination ports (icmp has none) from capturing events and storing them in the event store on the sensor.
    This is the filter that we have so far on the sensor. What’s the problem with it?
    service event-action-rules rules0
    filters edit icmp-w-echo-filter-sensor-sensor-0-D
    signature-id-range 2100
    subsignature-id-range 0-255
    attacker-address-range 0.0.0.0-255.255.255.255
    victim-address-range a.b.c.x,a.b.c.y
    attacker-port-range 0-65535
    victim-port-range 0-65535
    risk-rating-range 0-100
    no actions-to-remove
    deny-attacker-percentage 100
    filter-item-status Enabled
    stop-on-match False
    no user-comment
    exit
    filters move icmp-w-echo-filter-sensor-sensor-0-D begin
    exit

  • Project Status Report using CATSPS. Billable/Non-billable Hours?

    I am working on a Project Status Report and am using CATSPS table instead of CATSDB table since thatu2019s the cross-application table for PS module. But I am facing a small problem in using CATSPS table. There is no field in CATSPS table that tells me if the hours are billable or non-billable. Table CATSDB had a field u201CBill Typeu201D (Billable/Non-Billable) but I donu2019t see anything like that in CATSPS. If I use CATSDB table and filter out status "30" for only approved hours, I am getting duplicate entries for actual hours in Crystal Report 2008. What is the correct table to be used in this case and also what is the mapping field(s).
    Also, looking to display the billing type for the document in VBRP table. I am able to display the document type code but not the description itself. Which table will have this mapping?
    Also, in Crystal I have the total Purchased hours at the 3rd level WBS but the total actual hours are coming from the 4th level WBS (Activity level). Each 3rd level WBS can have multiple 4th level WBS (difference networks). How do I know (logic) which 4th level WBS total to pick up and add to which 3rd level WBS total? Also, how do I display the total actual work hours form the 4th level WBS to display at the 3rd level?
    Here is an example:
    WBS ,  Level ,  SKU# , Network# ,  Activity#  ,   Purch. Hours  ,  Act. Bill. Hours ,  Remaining Hours
    EP-2927-AMB-0001 , 3 , 600-310-100000 , N/A , N/A , 100.00 ,  N/A , 55.00 (=100.00 - (30.00+15.00))
    (Purchase Hours from this line) - Total Act. Bill. Hours from level(s) 4 below: A+B)
    EP-2927-AMB-00011 , 4 , N/A , 000004008303 , 10 ,  N/A , 5.00 , N/A
    EP-2927-AMB-00011 , 4 , N/A , 000004008303 , 20 ,  N/A , 6.00 , N/A
    EP-2927-AMB-00011 , 4 , N/A , 000004008303 , 30 ,  N/A , 15.00 , N/A
    EP-2927-AMB-00011 , 4 , N/A , 000004008303 , 40 ,  N/A , 4.00 , N/A
    (A)    Total Billable Hours = 30.00 (5.006.0015.00+4.00)
    EP-2927-AMB-00012 , 4 , N/A , 000004008304 , 10 ,  N/A , 6.00 , N/A
    EP-2927-AMB-00012 , 4 , N/A , 000004008304 , 20 ,  N/A , 4.00 , N/A
    EP-2927-AMB-00012 , 4 , N/A , 000004008304 , 30 ,  N/A , 5.00 , N/A
    (B)    Total Billable Hours = 15.00 (6.004.005.00)
    If you notice there are two level 4 WBS (EP-2927-AMB-00011 & EP-2927-AMB-00012) in this example that are under level 3 WBS (EP-2927-AMB-0001). The Purchased Hours are coming from level 3 which means the hours are assigned per project at the WBS 3 level. Within each project there are different activity levels where actual hours worked by each employee are coming from. I need to sum the actual hours from all the available level 4 WBS and bring them over to the corresponding level 3 WBS in order to calculate the remaining hours. My challenge is how do I know which level 4 WBS belong to which level 3 WBS since there are more than one level 3 WBS in a Project and each level 3 WBS can have multiple level 4 WBS?
    Please advise.
    Regards.
    -Rohit
    Edited by: RohitBora on Feb 27, 2012 8:40 AM
    Edited by: RohitBora on Feb 27, 2012 7:27 PM

    Hi,
    My personal suggestion to you is try to describe problem very crisp and easy to understand so that you will get quick responses. Its very difficult to read and pin point what you are aksing and finally you will miss readers attentions.
    As standard practice, hours planned at indiviudal activity level and actual costs posted on each indiviudal activity will roll up and display the aggregate values at corresponding higher WBS element level. At the same time system will let you know reamining hours at indiviudal level and not higher level as rolled up.
    Your WBS structuure is bit confusing me, in what way you are encoutring problem in identitying level 3 and level 4 WBS elements. Key will clearly denotes which is level 3 and level 4. As cited by you, EP-2927-AMB-0001 this should be level 3 and EP-2927-AMB-00011 is level 4. I am sorry to say that structure key was not maintained proper way and bit confusing.
    Regards,
    PSR
    Edited by: PSR on Feb 27, 2012 11:05 PM

  • Problems with filter exception using Network IP range

    We are using a spam filtering service for out incoming email. As such, all
    our email is directed to our SMTP server from their IP address range. We
    employ a dual firewal set up. We have a Netscreen firewall connected to the
    Internet and the Border Manager 3.8 server sits between the Netscreen and
    our internal network. On the BM server I have set up a generic proxy with a
    proxy port of 1025 to proxy the incoming email to our internal mail server.
    The Netscreen is set up to forward all SMTP (port 25) traffic to the
    BorderManager server on port 1025. Using FiltCfg I also set up a packet
    filter exception to allow traffice from the service providers network
    (Network = 104.56.144.0, Mask = 255.255.248.0) to port 1025. With this
    setup most email is received just fine. However I was getting reports of
    bounced and delayed email. Working with our service provider it was
    detemined that randomly some connections were failing. I used PktScan to
    collect packet trace infomation from our BM server. On a regular basis
    there are groups of SYN packets from the service providers email servers
    which are not receiving a response from the BM server. In some cases the BM
    server does eventuall respond with a SYN/ACK. There are also times when the
    BM server responds immediately after the first SYN. All the incoming
    connections from the service provider are currently comming in from two IP
    addresses, 104.56.144.247 and 104.56.145.247. The BM server is showing the
    same problem for both IP addresses, sometimes it responds immediatley to the
    SYN, sometimes it takes a few SYN packets before it responds, and sometimes
    the BM server never responds to the connection attempt. On a whim I added
    filter exceptions which specifed the two host IP addresses specifically
    (other than that the rules are identical to the one using the Network
    specification). After doing this the BM server is now responing immediately
    to all the incoming SMTP connection attempts from the service provider. Why
    would I be seeing this problem with the filter exception defined with a
    Network specification but not with Host specifications? Is there anything I
    can do to fix this?
    Thank you for any help provided,
    Brad Johnson

    Yes. I created 8 separate 255.255.255.0 exceptions. In viewing the packet
    trace data for the last couple of days it appears this resoloved the
    problem.
    Thanks
    Brad Johnson
    "Craig Johnson" <[email protected]> wrote in message
    news:[email protected]..
    > In article <XCo8l.13813$[email protected]>, Brad Johnson
    > wrote:
    >> Both servers are running NW 6.5 sp 6. After this problem started I
    >> applied
    >> BM38sp5_IR1, TCP681K, and wsock6o. This had no affect on the issue.
    >>
    >> If I create individual exceptions for the IP addresses I am currently
    >> receiving mail from, rather than using the range of potential addresses,
    >> the
    >> problem goes away.
    >>
    > Well, it sounds definitive enough, but I think if it were a generic issue
    > to
    > the patch level I would have heard about it from my clients who use
    > Postini
    > mail filtering service. All of the Postini-related servers have a network
    > address as a source in the filter exceptions for smtp.
    >
    > Instead of using a 255.255.248.0 mask, does it work if you set up 8
    > different
    > 255.255.255.0 exceptions?
    >
    >
    > Craig Johnson
    > Novell Support Connection SysOp
    > *** For a current patch list, tips, handy files and books on
    > BorderManager, go to http://www.craigjconsulting.com ***
    >
    >

  • Adapter Engine Holding Status

    Hi,
    I am  working on an automation of XI message monitoring which includes checking the Adapater engine Holding count.
    From where can I fetch the number of messages with HOLDING status.
    Regards,
    Karthik

    Hi,
    Just go to Run Time workbench (RWB) from your Integration Builder and then click on message monitoring --> then select the Database from dropdwon box ---> then from filter option "Status" select the "Holding" and press the start button and you will get your restult.
    Regards,
    Sarvesh

Maybe you are looking for

  • Apple TV does not show up in device list

    I've read all the post with the same subject but still can not get the Apple TV to show up in the device list of itunes. I have multiple computers on a wired/wireless network, one is a windows XP laptop machine and it sees the Apple TV fine, can sync

  • How Big a Hard Drive can I put in my macbook?

    I'm looking to upgrade my internal hard drive, is there a limit on the size I can upgrade to? I have a 150G drive, and I'm running out of space. I'm thinking about going for the gold, and getting a 1T...  any recommendations? Thanks!

  • Using Imovie clip files on a pc

    Hi I used Imovie to log and capture from dvcam then i copied everything from the clips folder to dvd. the problem is my doesnt recognise the format. Is there anyway i can use these on my pc? I intend to use premier pro1.5 and i dont mind re-rendering

  • Best methods for this project

    Hi I have this to create for a client. http://www.qwerty-design.co.uk/bensons/ If you click on the London area (bottom right if you're not from the UK) and click the map will zoom to reveal two markers. When these are rollover they reveal store names

  • How to load another page in a frame?

    Hi! I have a frame with a page where is a button. I need to load another page in the frame when I click the button. How can I make it on the ADF? I work on JDeveloper 10.1.3.4.