or Connect
AppleInsider › Forums › Software › Mac OS X › Do most of you enable firewall?
New Posts  All Forums:Forum Nav:

Do most of you enable firewall?

post #1 of 19
Thread Starter 
I'm relatively new to the Mac and am wondering if most people enabled the firewall on OS X or not? If so, do you use any special settings?
post #2 of 19
Quote:
Originally Posted by markw10 View Post

I'm relatively new to the Mac and am wondering if most people enabled the firewall on OS X or not? If so, do you use any special settings?

I do. I use the default settings and open up the ports/services as I add them.
What goes online stays online. What is online will become public.
Reply
What goes online stays online. What is online will become public.
Reply
post #3 of 19
I don't and never did. First of all I have a hardware firewall at my house and second, when no services are enabled in the "Sharing" preference panel, attacks from the outside are very, very unlikely.
post #4 of 19
What's a firewall?
Citing unnamed sources with limited but direct knowledge of a rumoured device - Comedy Insider (Feb 2014)
Reply
Citing unnamed sources with limited but direct knowledge of a rumoured device - Comedy Insider (Feb 2014)
Reply
post #5 of 19
Quote:
Originally Posted by Ireland View Post

What's a firewall?

It is the one that gives your back (or a$$ if you wish ) some fire and makes you run around trying to figure out what is burning, or protects it from that if enabled.
post #6 of 19
Quote:
Originally Posted by gwoodpecker View Post

I don't and never did. First of all I have a hardware firewall at my house and second, when no services are enabled in the "Sharing" preference panel, attacks from the outside are very, very unlikely.

How do you surf the net with no open ports? Did you use the force to type that post? You do not have it on - therefore I think ALL your services are enabled.
onlooker
Registered User

Join Date: Dec 2001
Location: parts unknown




http://www.apple.com/feedback/macpro.html
Reply
onlooker
Registered User

Join Date: Dec 2001
Location: parts unknown




http://www.apple.com/feedback/macpro.html
Reply
post #7 of 19
Quote:
Originally Posted by onlooker View Post

How do you surf the net with no open ports? Did you use the force to type that post? You do not have it on - therefore I think ALL your services are enabled.

Gwoodpecker is right. By default OS X does not have any open ports. Someone from the outside will not be able to establish a connection to your box unless you start some of the "Sharing" services.

In the case of you making a request on your machine, and having it be answered (ex. surfing the web), a firewall buys you nothing. It lets the reply traffic through. Think about it, you don't have to open port 80 to surf the web, but you sure do to run a web server.
"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
Reply
"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
Reply
post #8 of 19
Quote:
Originally Posted by onlooker View Post

How do you surf the net with no open ports? Did you use the force to type that post? You do not have it on - therefore I think ALL your services are enabled.

Now come on, you know exactly that the discussion about desktop firewalls is in over 90% of all cases about blocking open ports into the computer only. Nothing can (in Windows: should) come in on its own from the outside when no ports are open (or the computer is completely firewalled).

We were not talking about server services going out or anything else...
post #9 of 19
Quote:
Originally Posted by gwoodpecker View Post

Now come on, you know exactly that the discussion about desktop firewalls is in over 90% of all cases about blocking open ports into the computer only. Nothing can (in Windows: should) come in on its own from the outside when no ports are open (or the computer is completely firewalled).

We were not talking about server services going out or anything else...

Enable the firewall. Restart your computer and try to surf the web without opening any ports. It wont work - Mine didn't.
onlooker
Registered User

Join Date: Dec 2001
Location: parts unknown




http://www.apple.com/feedback/macpro.html
Reply
onlooker
Registered User

Join Date: Dec 2001
Location: parts unknown




http://www.apple.com/feedback/macpro.html
Reply
post #10 of 19
Quote:
Originally Posted by onlooker View Post

Enable the firewall. Restart your computer and try to surf the web without opening any ports. It wont work - Mine didn't.

That still has nothing to do with incoming packets.
post #11 of 19
Quote:
Originally Posted by onlooker View Post

Enable the firewall. Restart your computer and try to surf the web without opening any ports. It wont work - Mine didn't.

Are we talking about the same things here? If you enable the firewall that is built into the Sharing System Preference then you can surf, FTP, send and receive email. It doesn't block TCP requests from your computer. It will block unsolicited requests from the outside world trying to access your computer. If I understand correctly, if you go to a web site that issues a cookie or interacts with a database, then that is a request from your computer and it will be allowed by the system firewall.

There are firewalls, third party software, built-in to the OS X Server and hardware that if they are fully activated you are dead in the water.
post #12 of 19
OS X uses ipfw for the firewall. If you turn it on and have no services enabled the rule set is...

02000 92 10952 allow ip from any to any via lo*
02010 0 0 deny ip from 127.0.0.0/8 to any in
02020 0 0 deny ip from any to 127.0.0.0/8 in
02030 0 0 deny ip from 224.0.0.0/3 to any in
02040 0 0 deny tcp from any to 224.0.0.0/3 in
02050 3 351 allow tcp from any to any out
02060 3 290 allow tcp from any to any established
02065 0 0 allow tcp from any to any frag
12190 1 48 deny tcp from any to any
65535 22065384 21876305651 allow ip from any to any

and will allow surfing, passive ftp, etc. as long as it initiates from your system. This is because of dynamic rules that are put in place by the rules 02050 and 02060 above that allow for routes to be established from internal. Enabling services does two things.

1) It starts the appropriate daemon for the service to allow outsider to get something from your computer - httpd for web, sshd for remote login, etc.

2) if the firewall is active the appropriate port is opened in the firewall for these services. port 443 and 80 for web/http, port 22 for sshd/login, etc.

If you close the port then the service never gets a request.

If you have a typical home router with NAT between your system and the internet then you have reasonable protection against external attacks. This does nothing for e-mail/malicious web sites, etc. but those are very few a far between on the Mac. Your router may also have a firewall as well and you may route a given port, say 80, to your computer so it can act as a web server. That would increase your risk of an attack.

BTW you don't need to restart your system to have changes in the firewall take effect.
post #13 of 19
How good is the OSX firewall anyway ? I read somewhere that it's just somewhat mediocre ...
post #14 of 19
Quote:
Originally Posted by theGAR View Post

How good is the OSX firewall anyway ? I read somewhere that it's just somewhat mediocre ...

Any software firewall solution could be considered as mediocre. But, in the Mac OS X case, it can be fine tuned using the terminal utility ipfw, like on any BSD Unix system, so what you have read is just nonsene. Although the firewall settings accessed through System Preferences are pretty basic, there are utilities with GUI that can do the trick for those who would not risk to mess with the terminal as administrators.
post #15 of 19
Anybody use a hardware firewall on their mac? And does anybody know a good hardware firewall for the mac?

- Mark
post #16 of 19
Quote:
Originally Posted by sc_markt View Post

Anybody use a hardware firewall on their mac? And does anybody know a good hardware firewall for the mac?

- Mark

I assume you're referring to a dedicated firewall appliance. As such it would have nothing to do with with being either mac or pc or linux as it would be a separate piece of hardware.
post #17 of 19
Quote:
Originally Posted by sc_markt View Post

Anybody use a hardware firewall on their mac? And does anybody know a good hardware firewall for the mac?

- Mark

Why would you want to? The built in firewall in OS X can pretty much do all you'd really want. The only reason to purchase a hardware firewall is to protect a whole network segment. (You could use OS X for this, but it would kinda be a waste of a machine. Perhaps if you had an old box with 2 network cards in it ...)

"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
Reply
"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
Reply
post #18 of 19
Quote:
Originally Posted by sc_markt View Post

Anybody use a hardware firewall on their mac? And does anybody know a good hardware firewall for the mac?

Not exactly an answer to your question, but the NAT firewall coming with Airport and other routers is something to be considered too. Not exactly a hardware firewall, but a good companion to the computer software firewall.
post #19 of 19
Honestly, I disabled ALL my firewalls. I had three going for no real reason, but if I was to ever firewall anything it would be through my router, not my OS. It just makes more sense, and to be honest if someone REALLY wants in your computer, they will find a way. After hacking through my own router, I gave up with firewalls in general. So for all of you out there who have nothing better to do, have at it.
2.16 GHz 20" IMac w/ 3 Gb of RAM
2 GHz MacBook w/ 2 Gb of RAM
2 GHz MacBook w/ 4 Gb of RAM
1.83 GHz MacMini w/ 1 Gb of RAM (Hooked up to LCD 42")
Palm LifeDrive running LINUX (That was a pain in...
Reply
2.16 GHz 20" IMac w/ 3 Gb of RAM
2 GHz MacBook w/ 2 Gb of RAM
2 GHz MacBook w/ 4 Gb of RAM
1.83 GHz MacMini w/ 1 Gb of RAM (Hooked up to LCD 42")
Palm LifeDrive running LINUX (That was a pain in...
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Do most of you enable firewall?