U2Lynne
2008-01-08, 11:06 AM
I came across this link on another site and thought it would be helpful for those users stuck being sandvined (is this a verb?) by Comcast. I did not write it and I am not sandvined so I haven't even tried it. In other words, I cannot help with it.
Source: http://wakarimasu.googlepages.com/macosx
Warning: It is highly recommended that you do this at a local console.
Step 1
Open terminal
Step 2
Run the command:
sudo mkdir /Library/StartupItems/Firewall
Step 3
Save the following to the file /Library/StartupItems/Firewall/Firewall
#!/bin/sh
## Boot Script for firewall
#####################################
#
# Replace 55259 with your BitTorrent port and 55339 with your bittorrent port+100
#
#####################################
# Purge existing rules, this blanks any existing rules
/sbin/ipfw -f flush
########
# Basic Settings
########
# Allow everything on the localhost (127.0.0.1)
/sbin/ipfw -f add 00100 allow ip from any to any via lo0
# Now check for spoofing attacks via localhost, and deny them
/sbin/ipfw -f add 00110 deny from 127.0.0.0/8 to any in
/sbin/ipfw -f add 00120 deny from any to 127.0.0.0/8 in
/sbin/ipfw -f add 00130 deny from 224.0.0.0/3 to any in
/sbin/ipfw -f add 00140 deny from any to 224.0.0.0/3 in
# Setup stateful filtering
# allows any estabilshed outbound connections to recieve data on the same port
/sbin/ipfw -f add 25000 check-state
/sbin/ipfw -f add allow tcp from any to any established
/sbin/ipfw -f add allow tcp from any to any out setup keep-state
/sbin/ipfw -f add allow udp from any to any out keep-state
/sbin/ipfw -f add allow icmp from any to any out
# Block RST Packets on your BitTorrent Port
/sbin/ipfw -f add deny tcp from any to me 55259-55359 tcpflags rst
# Allow new incoming BitTorrent connections
/sbin/ipfw -f add pass tcp from any to any 55259
/sbin/ipfw -f add pass udp from any to any 55259Step 4
Append any of the following rules to the file.
Apple File Sharing # Allow AppleShare File Sharing
/sbin/ipfw -f add allow tcp from any to me 548 keep-state setup
/sbin/ipfw -f add allow tcp from any to me 427 keep-state setup Samba/Windows File Sharing # Allow Microsoft SMB file sharing
/sbin/ipfw -f add pass tcp from any to me 135-139
/sbin/ipfw -f add pass udp from any to me 135-139
# Allow direct-hosted SMB w/out NetBIOS
/sbin/ipfw -f add pass tcp from any to me 445
/sbin/ipfw -f add pass udp from any to me 445 iTunes sharing # iTunes library sharing
/sbin/ipfw -f add allow tcp from any to me 3689 setup
/sbin/ipfw -f add allow udp from any to me 3689 keep-state VNC # Allow VNC
/sbin/ipfw -f add pass tcp from any to me 5900More filters coming soon...
Step 5
Save the following in the file /Library/StartupItems/Firewall/StartupParameters.plist
{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("Network");
OrderPreference = "None";
Messages =
{
start = "Starting NAT/Firewall";
stop = "Stopping NAT/Firewall";
};
}Step 6
Run the following commands:
sudo chown root /Library/StartupItems/Firewall/Firewall
sudo chmod 755 /Library/StartupItems/Firewall/Firewall
sudo chown root /Library/StartupItems/Firewall/StartupParameters.plist
sudo chmod 644 /Library/StartupItems/Firewall/StartupParameters.plist
Step 7
Close all open applications and reboot your computer.
Step 8
Configure your torrent client to use a static outgoing (source) port or an outgoing port range. This port range should start with your bittorrent port (e.g. 55259), and extend to your bittorrent port+100. (e.g. 55359)
Troubleshooting: If you cannot connect to the internet after doing this fix, open terminal and run the following commands:
sudo rm /Library/StartupItems/Firewall/StartupParameters.plist
sudo rm /Library/StartupItems/Firewall/Firewall
Then reboot and please let me know.
Source: http://wakarimasu.googlepages.com/macosx
Warning: It is highly recommended that you do this at a local console.
Step 1
Open terminal
Step 2
Run the command:
sudo mkdir /Library/StartupItems/Firewall
Step 3
Save the following to the file /Library/StartupItems/Firewall/Firewall
#!/bin/sh
## Boot Script for firewall
#####################################
#
# Replace 55259 with your BitTorrent port and 55339 with your bittorrent port+100
#
#####################################
# Purge existing rules, this blanks any existing rules
/sbin/ipfw -f flush
########
# Basic Settings
########
# Allow everything on the localhost (127.0.0.1)
/sbin/ipfw -f add 00100 allow ip from any to any via lo0
# Now check for spoofing attacks via localhost, and deny them
/sbin/ipfw -f add 00110 deny from 127.0.0.0/8 to any in
/sbin/ipfw -f add 00120 deny from any to 127.0.0.0/8 in
/sbin/ipfw -f add 00130 deny from 224.0.0.0/3 to any in
/sbin/ipfw -f add 00140 deny from any to 224.0.0.0/3 in
# Setup stateful filtering
# allows any estabilshed outbound connections to recieve data on the same port
/sbin/ipfw -f add 25000 check-state
/sbin/ipfw -f add allow tcp from any to any established
/sbin/ipfw -f add allow tcp from any to any out setup keep-state
/sbin/ipfw -f add allow udp from any to any out keep-state
/sbin/ipfw -f add allow icmp from any to any out
# Block RST Packets on your BitTorrent Port
/sbin/ipfw -f add deny tcp from any to me 55259-55359 tcpflags rst
# Allow new incoming BitTorrent connections
/sbin/ipfw -f add pass tcp from any to any 55259
/sbin/ipfw -f add pass udp from any to any 55259Step 4
Append any of the following rules to the file.
Apple File Sharing # Allow AppleShare File Sharing
/sbin/ipfw -f add allow tcp from any to me 548 keep-state setup
/sbin/ipfw -f add allow tcp from any to me 427 keep-state setup Samba/Windows File Sharing # Allow Microsoft SMB file sharing
/sbin/ipfw -f add pass tcp from any to me 135-139
/sbin/ipfw -f add pass udp from any to me 135-139
# Allow direct-hosted SMB w/out NetBIOS
/sbin/ipfw -f add pass tcp from any to me 445
/sbin/ipfw -f add pass udp from any to me 445 iTunes sharing # iTunes library sharing
/sbin/ipfw -f add allow tcp from any to me 3689 setup
/sbin/ipfw -f add allow udp from any to me 3689 keep-state VNC # Allow VNC
/sbin/ipfw -f add pass tcp from any to me 5900More filters coming soon...
Step 5
Save the following in the file /Library/StartupItems/Firewall/StartupParameters.plist
{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("Network");
OrderPreference = "None";
Messages =
{
start = "Starting NAT/Firewall";
stop = "Stopping NAT/Firewall";
};
}Step 6
Run the following commands:
sudo chown root /Library/StartupItems/Firewall/Firewall
sudo chmod 755 /Library/StartupItems/Firewall/Firewall
sudo chown root /Library/StartupItems/Firewall/StartupParameters.plist
sudo chmod 644 /Library/StartupItems/Firewall/StartupParameters.plist
Step 7
Close all open applications and reboot your computer.
Step 8
Configure your torrent client to use a static outgoing (source) port or an outgoing port range. This port range should start with your bittorrent port (e.g. 55259), and extend to your bittorrent port+100. (e.g. 55359)
Troubleshooting: If you cannot connect to the internet after doing this fix, open terminal and run the following commands:
sudo rm /Library/StartupItems/Firewall/StartupParameters.plist
sudo rm /Library/StartupItems/Firewall/Firewall
Then reboot and please let me know.