IceFloor
IceFloor
2.0.2

3.8

IceFloor free download for Mac

IceFloor

2.0.2
05 June 2014

Front-end for the built-in PF firewall in OS X 10.7 or later.

Overview

IceFloor

IceFloor is a free and open source graphic interface for the OS X built-in PF network firewall.
  • IceFloor is group based. Create groups and assign addresses, services and parameters to pass or block connections
  • makes use of its own set of PF configuration files; default OS X PF configuration files in /etc are not modified by IceFloor
  • start with IceFloor Wizard to create a basic PF configuration in a few mouse clicks
  • use IceFloor interface to set up very complex and customized PF rulesets
  • manage inbound and outbound connections with filtering and bandwidth rules for your Mac and NAT clients
  • hide services using port knocking, list and block connections on the fly using Inspector
  • create new configuration presets and easily switch between predefined and custom PF presets
  • mix IceFloor PF rules with your custom PF rules, interact with external applications like sshguard
  • share Internet connection using PF NAT, assign per-client filtering and bandwidth rules and redirections
  • browse PF ruleset with the new PF Rules Browser, display filtering, bandwidth and NAT PF rules and pipes
  • analyze PF logs with numerical and graphical statistics, enumerate remote hosts using stroke or nmap based GUI tools
  • debug and test PF rulesets easily and quickly using the optional IceFloor Menulet
  • IceFloor requires OS X 10.7 or later. Some features requires OS X 10.8 or later.
Note: While the software is classified as free, it is actually donationware. Please consider making a donation to help support development.

What's new in IceFloor

Version 2.0.2:
  • Boot scripts bug fixed. Now pf is enabled after system reboot
  • Now compatible with OS X 10.10 Yosemite DP1
  • Minor bug fixes
  • To update from IceFloor 2.0, please backup your IceFloor configuration, uninstall IceFloor 2.0, and install IceFloor 2.0.x, then re-import your configuration and start PF.

Join over 500,000 subscribers.

Subscribe for our newsletter with best Mac offers from MacUpdate.

13 IceFloor Reviews

See all

Rate this app:

charlesolease
11 December 2012

Most helpful

5/5 stars!!! Great application. I had slow internet for 2 weeks and called Geek Squad. Some elongated story about UPnP was hacked, my router was hacked etc. etc. and they wanted to come out and the cost was going to be $500 dollars. Instead I tried this application and installed it on all my Macs (only have Apple computers) setting up the firewall rules and "emerging threats." Internet is now running fast again and with online help I checked my router and the UPnP rules that were created in my router by a remote hacker, according to Geek Squad, are now gone. So long story short this app saved me $500. As a noobie I would just like to ask how the "emerging threats" works? Where is this list pulled from and how will it automatically update? How will this part of the firewall protect me?
Like (2)
Version 1.3
DesignT1
09 January 2017
I am testing IceFloor with El Capitan 10.11.6 with Menulet and it seems a great PF. How can I see the banned IP and how can I remove a banned IP address ? Thanks
Like
Version 2.0.2
robert-30
08 March 2016
I'd be a lot happier with it if it loaded my existing pf.conf rules into itself so I could check/use them immediately. Instead, it took over and blocked everything from the get go. I had to uninstall it again to get back online. So although it looks really good, and really does seem to cover just about everything needed, if you have an existing rule set - be careful. Correct me if I'm wrong of course, I usually am.
Like
Version 2.0.2
ozotheclown
26 December 2014
@hanynet.com Great that you are providing the sources with your project! I would like to compile the sources myself, already have Xcode on my system. However, I'm lacking the information on building the application; things like a project or makefile. Do you have any tips/guidance on how to start?
Like
Version 2.0.2
2 answer(s)
ozotheclown
ozotheclown
28 December 2014
Got it! overlooked the file IceFloor.xcodeproj
Like
info-239
info-239
23 January 2015
If you want to compile it please use xcode 3.2 :)
If you also want to modify the interface then you have to enable the "hidden" applescript panel in xcode in order to be able to make changes.
Like
ozotheclown
26 December 2014
@hanynet.com Great that you are providing the sources with your project! I would like to compile the sources myself, already have Xcode on my system. However, I'm lacking the information on building the application; things like a project or makefile. Do you have any tips/guidance on how to start?
Like
Version 2.0.2
LokC1457
24 May 2014
Well all I wanted to do is limit my upload speed when I have to upload large files (I have no qos). I've tried many other apps that claimed to do that but after a long time this is the only one that works. A bit complicated to use for me, I'm sure this app got many other functions, but I'm happy I can upload large files without slowing down my internet.
Like
Version 2.0.1
Dbrock6931
18 May 2014
Not really a problem but a question. I am trying to escalate the privilege of Lync for audio calls. Is there a way to do that with this tool? the Audio quality stinks when running, currently.
Like
Version 2.0.1
JamesK9816
25 April 2014
IceFloor has helped me to rebuild a firewall for blocking specific ports after Apple took the GUI away in Server 10.8. Unfortunately, with it turned on, I have problems connecting wireless devices to our network. Our server is connected to the internet via a Netgear wireless router. The DHCP server on the router is disabled and instead we use the DHCP server bulit into Mac OS X Server 10.8. Clients connected to the LAN via ethernet get an IP address from the DHCP server, no problem. However clients which connect to the wireless router do not get an IP address from the server when IceFloor is turned on. It works fine with IceFloor turned off. The server is on 10.0.0.201 and I have a 'local' address group which includes 10.0.0.0/24. This address group is associated with Essential system services which includes ports 67 & 68 (all protocols) - I understand that these are the ones needed for DHCP. The log shows lots of the following: Mar 10 19:37:26 mail.ferry-marina.co.uk pf[46237]: 00:00:01.706581 rule 9/0(match): block in on en0: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 3c:07:54:5c:dc:20, length 300 this suggests to me that the DHCP requests from wireless clients are being blocked by the firewall. I've added 0.0.0.0 to the local address list to see if that made a difference, and it didn't. Please can you help?
Like
Version 2.0.1
2 answer(s)
Hany
Hany
26 April 2014
I use the same setup in my network and dhcp works on both nets (ethernet and wifi). You need to enable 'Essential system services' to enable dhcp lease, you don't need anything else. You can also create a custom dedicated service for dhcp (ports 67-68 tcp/udp). If your ethernet clients do get dhcp lease and your wifi clients do not gei it, then probably there's a mistake in your firewall configuration. Please remember you have to take into consideration both network address and network interface. Probably you have added 10.0.0.0/24 address to a group with the wrong interface. Try to create a specific group for 10.0.0.0/24 with its own interface. Please check also your dhcp service configuration. If pf blocks dhcp, you should see this on your logs: eg: 00:00:08.088570 rule 9/0(match): block in on en0: (tos 0x0, ttl 255, id 61793, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:83:c5:f9, length 300, xid 0xce927e4d, secs 33, Flags [none] Client-Ethernet-Address 00:0c:29:83:c5:f9 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Parameter-Request Option 55, length 9: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name Option 119, LDAP, Option 252, Netbios-Name-Server Netbios-Node MSZ Option 57, length 2: 1500 Client-ID Option 61, length 7: ether 00:0c:29:83:c5:f9 Lease-Time Option 51, length 4: 7776000 Hostname Option 12, length 10: "109-VMWare"
Like (1)
JamesK9816
JamesK9816
10 May 2014
sorry only just got back to this. It can't be an interface thing as you suggest because the MacMini is only using one interface (ethernet). The wireless box is attached to the same LAN as the other wired clients. But with IceFloor PF turned on, wireless clients cannot connect to the network but wired ones can. Have you any other ideas to help? Thanks
Like
bobc3934
15 January 2014
Hi, i have several admin accounts on my mac. the installation account gets informed that it needs to be an administrator to run the program...when i log to a different account admin account, i can run the program. switching back to my main account, no such luck...any suggestions? I really can't write a valid review until i can operate the program...
Like
Version 2.0
2 answer(s)
Hany
Hany
04 February 2014
Posting a review in which you admit that you cannot review, is almost useless. The manual is clear. YOU MUST BE AN ADMIN, period. Anyway. Icefloor 2 can be used only by admin users. You can't run it from a normal user and then authenticate as admin. It won't work. You must log in to OSX with an admin account. Say thanks to Mavericks security APIs. Please note: this kind of "reviews" is completely useless, nobody needs it.
Like (7)
LuukLuuk
LuukLuuk
31 March 2014
I agree with the developer: I find it unfair for Hany's hard work to post a comment like bob's as a review.
Like (4)
Snaporaz
20 July 2013
would be interesting to see how many of you have the same issue with this app: after rebooting the computer, the icefloor ruleset ist not enabled anymore. this happens to me on various computers, even on a fresh and clean install of os x mountain lion. if you enable it again in the icefloor-firewall-tab, everything is fine until the next reboot of your computer after which the ruleset is disabled again.
Like
Version 1.6.1
3 answer(s)
Hany
Hany
22 September 2013
I've received 2 or 3 reports about pf rules not loading at boot. After many tests I was unable to replicate the same errors so I don't know why this happens. Maybe you should look at system logs and try to guess why pf rules do not load at boot.
Like (1)
Hany
Hany
14 October 2013
try these shell commands: sudo xattr -c /Library/LaunchDaemons/com.hanynet* sudo xattr -c /etc/icefloor.sh and reboot :)
Like
Hany
Hany
25 April 2014
This "rare" bug has been fixed in version 2.0.1.
Like
xeen3d
09 January 2013
Hi IceFloor 1.4 is most stable and Feature rich PF Front-end i know. For normal User a fast way to get a secure system and for advanced User a good Way to control what have done with PF. For all Users without knowledge of TCP/IP use the set and forget it Mode, select your Services that you would share like SMB and enable Firewall thats all. For all Users with enough Network knowledge try this PF front-end you will get enough Power to make advanced Firewall Rulesets and nice Logging Features.
Like (1)
Version 1.4