I have a couple of firewall rules I would to like to apply at startup. I have followed the instructions from http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf On page 192.
However, the rules do not get applied at startup.
I am running 10.6.8 NON Server Edition.
I can however run: (Which applies the rules correctly)
sudo ipfw /etc/ipfw.conf
Which results in:
00100 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in
00200 fwd 127.0.0.1,8443 tcp from any to any dst-port 443 in
65535 allow ip from any to any
Here is my /etc/ipfw.conf
# To get real 80 and 443 while loading vagrant vbox
add fwd localhost,8080 tcp from any to any 80 in
add fwd localhost,8443 tcp from any to any 443 in
Here is my /Library/LaunchDaemons/ipfw.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>ipfw</string>
<key>Program</key>
<string>/sbin/ipfw</string>
<key>ProgramArguments</key>
<array>
<string>/sbin/ipfw</string>
<string>/etc/ipfw.conf</string>
</array>
<key>RunAtLoad</key>
<true />
</dict>
</plist>
The permissions of all the files seem to be appropriate:
-rw-rw-r-- 1 root wheel 151 Oct 11 14:11 /etc/ipfw.conf
-rw-rw-r-- 1 root wheel 438 Oct 11 14:09 /Library/LaunchDaemons/ipfw.plist
Any thoughts or ideas on what could be wrong would be very helpful!
Thanks to polynomial for having me test via launchctl. The result was:
I changed the permissions as follows:
Then everything worked great. Also found if the
@
is present (Extended attribute flag) this can also cause the same problem.