Existing users, 
There have been various reports of problems getting Brickhouse to startup properly in 10.3.9 or later, and the reason for that is twofold, (1) the boot script doesn't write any messages to the console letting you know whether it's starting or not, leading to confusion, and (2) the parameters file doesn't list the proper required services needed to be running before starting the script, causing it to start too early and consequently, the settings get wiped out when the system firewall extension gets loaded. Brickhouse needs to load after the IP Firewall extension loads, not before.
To solve this, your boot script needs to look like this (/Library/StartupItems/Firewall/Firewall):
#!/bin/sh
# Firewall Boot Script
# Generated by BrickHouse
. /etc/rc.common
#===========================================================
# Activate Firewall Filters
#===========================================================
ConsoleMessage "Activating Brickhouse Filters"
/sbin/ipfw -q /etc/firewall.conf
#===========================================================
# Enable IP Firewall Logging
#===========================================================
ConsoleMessage "Enabling Brickhouse Logging"
/usr/sbin/sysctl -w net.inet.ip.fw.verbose=1
/usr/sbin/sysctl -w net.inet.ip.fw.verbose_limit=65535
And your startup parameters file needs to look like this (/Library/StartupItems/Firewall/StartupParameters.plist):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Description</key>
<string>BrickHouse Firewall</string>
<key>Messages</key>
<dict>
<key>start</key>
<string>Activating Firewall</string>
<key>stop</key>
<string>Clearing Firewall</string>
</dict>
<key>OrderPreference</key>
<string>Late</string>
<key>Provides</key>
<array>
<string>Firewall</string>
</array>
<key>Requires</key>
<array>
<string>NetworkExtensions</string>
<string>Resolver</string>
<string>Super Server</string>
</array>
</dict>
</plist>
For the record, the Messages key in the parameters file has been deprecated by Apple and doesn't do anything, which is why normally you can't even tell if the rules have been applied. The addition of the ConsoleMessage commands in the actual script remedies that.
After making the changes and rebooting, you should now be able to look at the system.log and see if Brickhouse has loaded properly.
While Brickhouse is a great product, it's plain sloppy of the developer not to have corrected this by now.
Flying Buttress
advanced configuration for OS X's built-in firewall
Version: 1.4
10.3.9
Feedback Type: Review
Contributed by: amcgee Sunday, July 03 2005 @ 06:29 PM PDT
Product Platform: MacOSX
Used Product For: Over One Year
Recommend Product: YES
Overall Rating:
Ease of Use:
Support:
Features:
Quality / Stability:
Price:
Comments
10.3.9 - amcgee
It's all text. Just replace the text I listed with that in each file. You'll have to use sudo and your favorite command-line editor, or Pseudo or Skeleton Key along with TextEdit or another GUI text editor, since the files are not normally editable by the admin.Saturday, July 09 2005 @ 04:43 PM PDT
10.3.9 - Jim Babcock
amcgee: Before I got your reply, I woke up that nite and said: OF course, use sudo, go to vi (now an over 45 years old editor!) and update the two files!!!!I did and Voila! BH 1.3 NOW works as advertized...
EXCEPT... after this change, NEVER NEVER press the BH's "Install" button in the configuration pane... that'll take you BACK to the original BH errors!!!!
Thanks again,
Jim B
Monday, July 11 2005 @ 12:34 PM PDT
10.3.9 - adriatichouse_dotmac
This looks tremendously useful. Unfortunately, although not your average computer user, I have not used sudo before and don't quite know the steps I would have to employ to change the script concerned. I'm up for trying it and have managed in the past to change DOS scripts when I was a PC user (now very much converted to Mac!) I can follow the instructions by the letter but could you post instruction as to how to get to the point where I check down the script and alter it to look like yours. I, too, like Brickhouse but am finding it a little problematic since install on Friday. I have a couple of other trials sitting on my desktop which I could try instead but Brickhouse seems to be the best and I'd rather get it working properly. I have emailed the developer but, as with other reviews, there seems to be no response.Sunday, October 02 2005 @ 10:09 AM PDT
10.3.9 - adriatichouse_dotmac
Just to add, I tried using Pseudo - drag and drop file, open in TextEdit and edit the file. The trouble is, now that it's edited, it won't let me save it over the top of the original and so now it's just a text file!! I've been reading up about Terminal and using the vim editor in Terminal but when I follow what I think is the command, I don't see any text in the file. It would probably be easier to work in TextEdit for the moment but I can't find a way to save the file back to the Unix Executable the original file says it is. Please help.Monday, October 03 2005 @ 02:32 AM PDT
10.3.9 - adriatichouse_dotmac
Just to follow up - finally - have sorted it out myself. I didn't realise that it wasn't the file I should have been dropping on to Pseudo, it was the TextEdit application, so I dropped the TextEdit application on to Pseudo, opened the file in TextEdit, edited the file as before, and clicked Save and, hey presto, it let me save the file and I now have a new file. It appears to be working.Just in case all this is useful to another daring but relatively new user!
Monday, October 03 2005 @ 03:52 AM PDT
10.3.9 - Jim Babcock
I too have enjoyed BH since Jaguar...I am a 10.3.9 victim of BH V1.3 irregularites
I understand how to update the .plist...
How does one "compile" the sh script to replace the 'Firewall Boot Script' ?
I have rudimentary knowledge of UNIX....(Hence the use of BH :-) and can navigate Terminal...
Any help would be much appreciated. I have lived with this 10.3.9 thimg since mid-May
Cheers, Jim B
Reply to This
Saturday, July 09 2005 @ 04:36 PM PDT