Mac OS X Firewall Question
I know that Apple has a built-in Firewall called ipfw. I've read about it on their website. The question I have is just how secure is it? I haven't enabled any ports and am using the "out-of-the-box" configuration. I would just like to hear what you all have to say about ipfw and hopefully the things you all say will be good ones. I'm hooked up to a DSL line and am susceptable if the firewall isn't able to thwart an intruder. So lets hear what you all have to say about Apple's built-in firewall with an "out-of-the-box" setup. Thank you in advance for your comments.
Comments
If you do choose to enable it (in the "Sharing" system preference), you have a very limited range of GUI options. To give you an idea of how complex it is, check out my firewall rules at: http://homepage.mac.com/barto_act/re...x/firewall.txt. My ruleset is, believe it or not, a simple one for a single box without an services running.
In Mac OS X, unless you enable the various advanced services (eg SSH or Apache), your box has almost total security.
Barto
Just wondering. It works great, regardless.
Originally posted by ethar
Or did Apple create their own?
As far as I know, IPFW comes from FreeBSD, Mac OS X's crazy uncle.
Originally posted by Barto
IPFW is a fantastic firewall. However, it is a very complex and powerful one, and NOT enabled by default.
If you do choose to enable it (in the "Sharing" system preference), you have a very limited range of GUI options. To give you an idea of how complex it is, check out my firewall rules at: http://homepage.mac.com/barto_act/re...x/firewall.txt. My ruleset is, believe it or not, a simple one for a single box without an services running.
In Mac OS X, unless you enable the various advanced services (eg SSH or Apache), your box has almost total security.
Barto
yours actually is a lot more complicated than it needs to be. i mean, it certainly doesn't hurt, but you are blocking a lot of ip ranges that generally don't cause pain. like 10.x.y.z, 192.x.y.z, 169.254.y.z. Those are local networks and subnets, so you if you have a little lan setup, you probably can't comm with any of the other comps.
but, to the originator: out of the box, your computer is extremely secure. you only really need the firewall if you feel unsafe, and if you have any services (like anything from the Sharing panel of sysprefs) enabled.
and yes, ipfw comes from bsd. iptables and ipchains are linux deals.
Originally posted by thuh Freak
i mean, it certainly doesn't hurt, but you are blocking a lot of ip ranges that generally don't cause pain.
Call me paranoid. One time I saw packets going in and out of my network with private network source addresses. Really weird, I can't explain what was going on. So I blocked them.
http://www.freebsd.org/doc/en_US.ISO...firewalls.html
The FreeBSD IPFW manual.
Barto
Originally posted by elbogo
Isn't there an easy way to put up a firewall, without going into the Terminal? Perhaps a third party software or something? I know, dumbo question... but some things should be easy.
All the information here is about the built in firewall, and there are three ways to configure it - The Sharing Preference Pane, a shareware GUI utility called "Brickhouse" and the terminal command ipfw.
The built in preference pane does a good job, but doesn't offer more advanced options that you can get with Brickhouse or the command line. Brickhouse can do everything that you can do from the command line, so it's just a preference between simplicity, nice-looking configurability, and 1337 g33k H4Xx0r-ing.