Article:		Tiger's Improved Firewall (and How to Use It)
Subject:		Disable firewall for the local network
Date:		2005-11-02 08:26:09
From:		helgegrimm
How do I configure the firewall if I want to disable it for the local network only? I would like to be able to use the web server, ssh and file sharing from all other computers in the house, but prevent anyone else from connecting to these services.

Showing messages 1 through 1 of 1.

• Disable firewall for the local network
  2005-11-03 08:50:07  salamon [Reply | View]
  
  
  With ipfw you wouldn't disable the firewall for 'the local network'. Instead you would leave the firewall enabled but write rules that only allowed traffic from the local network. Learning to use ipfw rules syntax is a bit difficult.
  
  Below is a sample of the rules I use, but they're probably not much use if you don't already know how to write them :( In addition once you start writing your own rules you can no longer use the System Preferences pane to manage the firewall. At least that's how it worked pre-Tiger. One more caveat and addendum is that I'm not an expert in this, I just played around with it until I got the behavior I wanted.
  
  
  These rules would allow anyone on your network to access the web server but block anyone else, if your network used the 192.168.0.x subnet. It would also log any attempts to access it from outside your network.
  
  $oip is your external ip address, probably something like 192.168.0.2, in this example.
  
  ipfw add allow tcp from 192.168.0.0/24 to $oip 80,443 setup
  ipfw add deny log tcp from any to $oip 80,443 setup