![]() ![]() When ads are placed on legitimate websites, even if you never click on an ad, simply visiting the site with the advertisement can cause harm. With ad-blocking software, you can prevent this. Ad servers track users and their behavior, collect data about what sites they visit, what search queries they have, etc. When the browser has to download less content, it becomes faster. It may also be enough to set Disabled flag to true on the /System/Library/LaunchDaemons/ are 3 reasons to use ad blockers on a Mac: I cannot figure out how to change the defaults so I don't have to keep changing the /etc/icefloor.sh file whenevery I hit the update rules button. Changing the copy in the Icefloor.app bundle does not seem to affect this behavior. I presume that this patch will have to be done again when updating to new system software.Īlso, Icefloor repeatedly replaces the icefloor.sh script when loading rules, so the script has to have the 'sleep 5' line replaced with every rules update (maybe not with the 'test' button). I hate modifying any /System files, but can't find a better way right now. Making both changes has now allowed the ruleset to survive multiple system reboots. Making either change alone did not fix the problem. By enabling system pfctl with -e flag, and then forcing the icefloor script to wait 5 before calling pfctl again, the system action then gets overwritten by icefloor, rather than the other way around. I presume that what is happening is that icefloor is launching pfctl, and then the system is also launching it and turning pf off. I also had to change the file /System/LaunchDaemons/ by adding the '-e' flag to program arguments like this: I move the "sleep 5" line to just after the 'ipconfig waitall' line (I presume that the important thing here is to make sure it sleeps before the '/sbin/pfctl -ef /etc/pf.conf' line). Yeah, it turns out that just sleeping at the end of the icefloor.sh script doesn't really do anything. but I don't like having the internet down while there's someone else home.ĭoes anyone have any advice? Or perhaps a "better" way for me to find a solution? I work in a Windows shop, so I don't get as much exposure to Mac or Linux as I like.įYI: This is for my home config. My day-job is programming, not infrastructure (although I think I have a good handle on it). Of course, there's a chance that something else is the problem. Question is: What is it, or how can I find out what it is? I removed the extended attribute for Apple's quarantine from icefloor.sh and icefloor_ef.sh).īest I can tell, there's something else loading after IceFloor that's disabling PF. ![]() At this exact moment, the PF Firewall is disabled and the IceFloor Ruleset is enabled, but that might just be some recent tests I've been running (ie. If I launch the IceFloor GUI, I generally see "PF Firewall: Disabled IceFloor Ruleset: Disabled Boot Scripts Installed IceFloor Mode: Advanced" in the status bar. When this happens, the Mac Mini can get online, but it won't route requests for the other clients (Macs, iPhones, iPads, Windows PC, etc.). I'm running into an issue where launchd launches /etc/icefloor.sh at boot (tested via syslog output in the script), but PF is disabled when the system has finished booting. I have been putting up with it for a while (probably months now), but I'm still bothered that my configuration is not "self-sufficient" at the moment. ![]() It's configured to turn on automatically when power has been supplied, but NAT doesn't work without some user-intervention on my part. I have it plugged into an UPS, so it can shut down safely and such. as long as I never shut down the Mac Mini. recognizing that it uses PF, which is supposed to replace IPFW at some point (from what I understand). Shortly after (as in, perhaps less than a day), I stumbled on IceFloor, downloaded it, installed it, and configured it to match what I needed. When I was first setting up the NAT, I was using the IPFW method of routing requests. It's also hosting other services, such as DNS, LDAP, etc. The Mac Mini is hosting DHCP via the MacPorts dhcpd server. ![]() Their router supplies IPs on the 192.168.77.0 subnet, and my Mac Mini supplies IPs on the 192.168.84.0 subnet. I'm using the Mac Mini to host services as the IPTV service provided by my ISP doesn't work if their router doesn't supply the IPs. I have it configured in such a way that the Mac Mini is a NAT for traffic from en0 to vlan0 (linked via en0, routed by the RVS4000). I have a Mac Mini (late 2012 model) set up as a server w/ Mac OS X Server (Mountain Lion v10.8.4), wired to a Time Capsule with routing disabled, which is wired to a RVS4000 router. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |