[原文]The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator.
Apple Mac OS X Server servermgr_ipfilter Admin Tool Rule Write Failure
Local Access Required
Loss of Integrity
Mac OS X contains a flaw that may allow firewall rules to be discarded. The issue is triggered when using servermgr_ipfilter with multiple subnets and Address Groups, and some rules may be discarded based on the order the subnets were entered into an Address Group. It is possible that the flaw may allow incorrect firewall settings resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.