Adding Additional Rules to the Packet Firewall
If you need to add additional rules to the macOS Packet Firewall beyond those provided in the EPM installation, there is a folder setup in the installation that will allow those to automatically load at startup. You would only need to make sure the file with those rules is placed in the /etc/pf.anchors/edu.utexas.shared.pf.d folder on the system.
Adding firewall rules via scripting
If you are writing a script to generate the custom rule file you will want to write it similar to this example:
#!/bin/bash
# setup location for file
file_location=/etc/pf.anchors/edu.utexas.shared.pf.d/customrules.file
#check for existing copy of file
if [ -e $policy ]; then
echo "That custom rules file already exists, nothing done!"
else
#create file if it does not already exist
cat > $file_location <<EOF
# =====================================================
# Custom Rules to do stuff
# =====================================================
# Allow DHCP
#pass in log inet proto udp from any port 67 to any port 68
EOF
fi
#set proper permissions for the custom rule file
/bin/chmod 644 $file_location
/bin/chown root:wheel $file_location
#restart packet fire wall to ensure changes are loaded
/usr/local/bin/pf-restart.sh
Adding firewall rules via package
A package can be constructed to deliver the custom rules file to the /etc/pf.anchors/edu.utexas.shared.pf.d folder on the system.
The included UTexas-PacketFirewall-ExtraRules.zip archive uses the Whitebox Packages application to construct the package.
Search UT EPM Documentation Service Links Get Help EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization. SERVICE STATUS ConfigMgr: Every Tuesday, from 6 a.m. – 10 a.m. Jamf: Every Tuesday, from 8 a.m. – 12 p.m. Jamf Server Upgrades: Wednesday 12 am - 3 am