Thank you for your review
Email me when discounted: 


IceFloor is a free and open source graphic interface for the OS X built-in PF network firewall.
  • IceFloor is group based. Create groups and assign addresses, services and parameters to pass or block connections
  • makes use of its own set of PF configuration files; default OS X PF configuration files in /etc are not modified by IceFloor
  • start with IceFloor Wizard to create a basic PF configuration in a few mouse clicks
  • use IceFloor interface to set up very complex and customized PF rulesets
  • manage inbound and outbound connections with filtering and bandwidth rules for more...

What's New

Version 2.0.2:
  • Boot scripts bug fixed. Now pf is enabled after system reboot
  • Now compatible with OS X 10.10 Yosemite DP1
  • Minor bug fixes
  • To update from IceFloor 2.0, please backup your IceFloor configuration, uninstall IceFloor 2.0, and install IceFloor 2.0.x, then re-import your configuration and start PF.


OS X 10.7 or later

Similar Software

Open Comparison
Suggest Other Similar Software
Leave a Review

IceFloor User Discussion

Nobody has reviewed or commented on this app yet. Add your own comment and get a discussion going!
Sort by: Time | Smiles
LokC1457 Member IconReview+0

Well all I wanted to do is limit my upload speed when I have to upload large files (I have no qos). I've tried many other apps that claimed to do that but after a long time this is the only one that works. A bit complicated to use for me, I'm sure this app got many other functions, but I'm happy I can upload large files without slowing down my internet.

Reply0 replies
Version 2.0.1
Dbrock6931 Member IconReview+0

Not really a problem but a question. I am trying to escalate the privilege of Lync for audio calls. Is there a way to do that with this tool? the Audio quality stinks when running, currently.

Reply0 replies
Version 2.0.1
JamesK9816 Member IconReview-1

IceFloor has helped me to rebuild a firewall for blocking specific ports after Apple took the GUI away in Server 10.8. Unfortunately, with it turned on, I have problems connecting wireless devices to our network.

Our server is connected to the internet via a Netgear wireless router. The DHCP server on the router is disabled and instead we use the DHCP server bulit into Mac OS X Server 10.8.

Clients connected to the LAN via ethernet get an IP address from the DHCP server, no problem.

However clients which connect to the wireless router do not get an IP address from the server when IceFloor is turned on. It works fine with IceFloor turned off.

The server is on and I have a 'local' address group which includes This address group is associated with Essential system services which includes ports 67 & 68 (all protocols) - I understand that these are the ones needed for DHCP.

The log shows lots of the following:

Mar 10 19:37:26 mail.ferry-marina.co.uk pf[46237]: 00:00:01.706581 rule 9/0(match): block in on en0: > BOOTP/DHCP, Request from 3c:07:54:5c:dc:20, length 300

this suggests to me that the DHCP requests from wireless clients are being blocked by the firewall.

I've added to the local address list to see if that made a difference, and it didn't.

Please can you help?

Reply2 replies
Version 2.0.1
Hanynet.com (Developer)

I use the same setup in my network and dhcp works on both nets (ethernet and wifi). You need to enable 'Essential system services' to enable dhcp lease, you don't need anything else. You can also create a custom dedicated service for dhcp (ports 67-68 tcp/udp). If your ethernet clients do get dhcp lease and your wifi clients do not gei it, then probably there's a mistake in your firewall configuration. Please remember you have to take into consideration both network address and network interface. Probably you have added address to a group with the wrong interface. Try to create a specific group for with its own interface. Please check also your dhcp service configuration.
If pf blocks dhcp, you should see this on your logs:
00:00:08.088570 rule 9/0(match): block in on en0: (tos 0x0, ttl 255, id 61793, offset 0, flags [none], proto UDP (17), length 328) > BOOTP/DHCP, Request from 00:0c:29:83:c5:f9, length 300, xid 0xce927e4d, secs 33, Flags [none]
Client-Ethernet-Address 00:0c:29:83:c5:f9
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 9:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
Option 119, LDAP, Option 252, Netbios-Name-Server
MSZ Option 57, length 2: 1500
Client-ID Option 61, length 7: ether 00:0c:29:83:c5:f9
Lease-Time Option 51, length 4: 7776000
Hostname Option 12, length 10: "109-VMWare"


sorry only just got back to this. It can't be an interface thing as you suggest because the MacMini is only using one interface (ethernet). The wireless box is attached to the same LAN as the other wired clients. But with IceFloor PF turned on, wireless clients cannot connect to the network but wired ones can. Have you any other ideas to help? Thanks

bobc3934 Member IconReview-9

i have several admin accounts on my mac. the installation account gets informed that it needs to be an administrator to run the program...when i log to a different account admin account, i can run the program. switching back to my main account, no such luck...any suggestions? I really can't write a valid review until i can operate the program...

Reply2 replies
Version 2.0
Hanynet.com (Developer)

Posting a review in which you admit that you cannot review, is almost useless. The manual is clear. YOU MUST BE AN ADMIN, period.
Anyway. Icefloor 2 can be used only by admin users. You can't run it from a normal user and then authenticate as admin. It won't work. You must log in to OSX with an admin account. Say thanks to Mavericks security APIs.
Please note: this kind of "reviews" is completely useless, nobody needs it.


I agree with the developer: I find it unfair for Hany's hard work to post a comment like bob's as a review.

Snaporaz Member IconComment+28

would be interesting to see how many of you have the same issue with this app: after rebooting the computer, the icefloor ruleset ist not enabled anymore. this happens to me on various computers, even on a fresh and clean install of os x mountain lion. if you enable it again in the icefloor-firewall-tab, everything is fine until the next reboot of your computer after which the ruleset is disabled again.

Reply3 replies
Version 1.6.1
Hanynet.com (Developer)

I've received 2 or 3 reports about pf rules not loading at boot. After many tests I was unable to replicate the same errors so I don't know why this happens. Maybe you should look at system logs and try to guess why pf rules do not load at boot.

Hanynet.com (Developer)

try these shell commands:

sudo xattr -c /Library/LaunchDaemons/com.hanynet*
sudo xattr -c /etc/icefloor.sh

and reboot :)

Hanynet.com (Developer)

This "rare" bug has been fixed in version 2.0.1.

xeen3d Member IconReview+1

IceFloor 1.4 is most stable and Feature rich PF Front-end i know. For normal User a fast way to get a secure system and for advanced User a good Way to control what have done with PF.
For all Users without knowledge of TCP/IP use the set and forget it Mode, select your Services that you would share like SMB and enable Firewall thats all.
For all Users with enough Network knowledge try this PF front-end you will get enough Power to make advanced Firewall Rulesets and nice Logging Features.

Reply0 replies
Version 1.4
charlesolease Member IconReview+5

5/5 stars!!!

Great application. I had slow internet for 2 weeks and called Geek Squad. Some elongated story about UPnP was hacked, my router was hacked etc. etc. and they wanted to come out and the cost was going to be $500 dollars. Instead I tried this application and installed it on all my Macs (only have Apple computers) setting up the firewall rules and "emerging threats." Internet is now running fast again and with online help I checked my router and the UPnP rules that were created in my router by a remote hacker, according to Geek Squad, are now gone. So long story short this app saved me $500.

As a noobie I would just like to ask how the "emerging threats" works? Where is this list pulled from and how will it automatically update? How will this part of the firewall protect me?

Reply0 replies
Version 1.3
newsun Member IconReview+3

Tried this out to be able to open some ports on OSX 10.7. After enabling it, everything that tried to access the internet in any fashion crashed or got stuck, pfctl was getting stuck when looking at top, IceFloor would not load back up once closed. I ended up having to disable the IceFloor anchors in the pf.conf file and then hard reset the system before I could load IceFloor to disable it and get back to a working state for my machine.

I really don't understand why the default firewall on OSX does not have any semi-advanced options such as opening ports. :(

Reply1 reply
Version 1.2
Hanynet.com (Developer)

PF on 10.7 is somehow buggy, it hangs the system on some macs. Bugs has been fixed in 10.8's PF.
Bad PF configurations may also hang the system. IceFloor is not responsible for system hangs in any case, it's just a PF frontend.

About "opening ports"... Easy answer: firewalls are not used to open ports. Firewalls are used to close or filter ports. Ports are open by default. Please RTM.

Rick72 Member IconComment+6

Looks promising and was eager to give this a whirl on my Lion Server but it says that Lion Server is not supported?

Reply2 replies
Version 1.0 beta 3
Hanynet.com (Developer)

Lion server is not supported by IceFloor. Lion server still relies on ipfw, even if ipfw itself is deprecated. The firewall pane in serveradmin is about ipfw not pf. Lion server is also officially marketed with ipfw and not pf (see apple page for osx server). It is possible to use both pf and ipfw on osx lion server but, to me, it's not a good idea.
This first release of IceFloor is aimed at client systems only. Feature like forwarding, port redirection, nat, traffic shaping will be added in a future version of IceFloor.
For these reasons IceFloor does not support osx server.

Hanynet.com (Developer)

IceFloor version 1.2 runs on Mac OS X Server 10.7. The support for this os is experimental. The main window (services list, action and options) is not available. You must configure PF using the IceFloor Rules manager (by hand, WaterRoof-way :D).
Use only on test environments. Do not rely on PF using Mac OS X Server 10.7.

user icon+47
Version 2.0.1
user icon+0
Version 2.0
user icon+6
Version 2.0
user icon+48
Version 2.0
user icon+1
Version 2.0
user icon+0
Version 1.6.1
user icon+0
Version 1.5
user icon+5
Version 1.3
user icon+93
Version 1.2
user icon+200
Version 1.2
> 4 22


Current Version (2.x)


Downloads 21,285
Version Downloads 1,290
License Free
Date 05 Jun 2014
Platform OS X / Intel 32
Price Free
Learn how MacUpdate Desktop makes installing apps from MacUpdate.com one-click easy.
Next time, install IceFloor with 1-click

Learn how MacUpdate Desktop can install apps on MacUpdate with the simple click of the Install apps with MacUpdate Desktop icon. Plus, keep all your apps updated. Play video...