Do most of you enable firewall?

Posted:
in macOS edited January 2014
I'm relatively new to the Mac and am wondering if most people enabled the firewall on OS X or not? If so, do you use any special settings?

Comments

  • Reply 1 of 18
    areseearesee Posts: 776member
    Quote:
    Originally Posted by markw10 View Post


    I'm relatively new to the Mac and am wondering if most people enabled the firewall on OS X or not? If so, do you use any special settings?



    I do. I use the default settings and open up the ports/services as I add them.
  • Reply 2 of 18
    I don't and never did. First of all I have a hardware firewall at my house and second, when no services are enabled in the "Sharing" preference panel, attacks from the outside are very, very unlikely.
  • Reply 3 of 18
    irelandireland Posts: 17,798member
    What's a firewall?
  • Reply 4 of 18
    pbpb Posts: 4,255member
    Quote:
    Originally Posted by Ireland View Post


    What's a firewall?



    It is the one that gives your back (or a$$ if you wish ) some fire and makes you run around trying to figure out what is burning, or protects it from that if enabled.
  • Reply 5 of 18
    onlookeronlooker Posts: 5,252member
    Quote:
    Originally Posted by gwoodpecker View Post


    I don't and never did. First of all I have a hardware firewall at my house and second, when no services are enabled in the "Sharing" preference panel, attacks from the outside are very, very unlikely.



    How do you surf the net with no open ports? Did you use the force to type that post? You do not have it on - therefore I think ALL your services are enabled.
  • Reply 6 of 18
    Quote:
    Originally Posted by onlooker View Post


    How do you surf the net with no open ports? Did you use the force to type that post? You do not have it on - therefore I think ALL your services are enabled.



    Gwoodpecker is right. By default OS X does not have any open ports. Someone from the outside will not be able to establish a connection to your box unless you start some of the "Sharing" services.



    In the case of you making a request on your machine, and having it be answered (ex. surfing the web), a firewall buys you nothing. It lets the reply traffic through. Think about it, you don't have to open port 80 to surf the web, but you sure do to run a web server.
  • Reply 7 of 18
    Quote:
    Originally Posted by onlooker View Post


    How do you surf the net with no open ports? Did you use the force to type that post? You do not have it on - therefore I think ALL your services are enabled.



    Now come on, you know exactly that the discussion about desktop firewalls is in over 90% of all cases about blocking open ports into the computer only. Nothing can (in Windows: should) come in on its own from the outside when no ports are open (or the computer is completely firewalled).



    We were not talking about server services going out or anything else...
  • Reply 8 of 18
    onlookeronlooker Posts: 5,252member
    Quote:
    Originally Posted by gwoodpecker View Post


    Now come on, you know exactly that the discussion about desktop firewalls is in over 90% of all cases about blocking open ports into the computer only. Nothing can (in Windows: should) come in on its own from the outside when no ports are open (or the computer is completely firewalled).



    We were not talking about server services going out or anything else...



    Enable the firewall. Restart your computer and try to surf the web without opening any ports. It wont work - Mine didn't.
  • Reply 9 of 18
    spindriftspindrift Posts: 674member
    Quote:
    Originally Posted by onlooker View Post


    Enable the firewall. Restart your computer and try to surf the web without opening any ports. It wont work - Mine didn't.



    That still has nothing to do with incoming packets.
  • Reply 10 of 18
    Quote:
    Originally Posted by onlooker View Post


    Enable the firewall. Restart your computer and try to surf the web without opening any ports. It wont work - Mine didn't.



    Are we talking about the same things here? If you enable the firewall that is built into the Sharing System Preference then you can surf, FTP, send and receive email. It doesn't block TCP requests from your computer. It will block unsolicited requests from the outside world trying to access your computer. If I understand correctly, if you go to a web site that issues a cookie or interacts with a database, then that is a request from your computer and it will be allowed by the system firewall.



    There are firewalls, third party software, built-in to the OS X Server and hardware that if they are fully activated you are dead in the water.
  • Reply 11 of 18
    physguyphysguy Posts: 920member
    OS X uses ipfw for the firewall. If you turn it on and have no services enabled the rule set is...



    02000 92 10952 allow ip from any to any via lo*

    02010 0 0 deny ip from 127.0.0.0/8 to any in

    02020 0 0 deny ip from any to 127.0.0.0/8 in

    02030 0 0 deny ip from 224.0.0.0/3 to any in

    02040 0 0 deny tcp from any to 224.0.0.0/3 in

    02050 3 351 allow tcp from any to any out

    02060 3 290 allow tcp from any to any established

    02065 0 0 allow tcp from any to any frag

    12190 1 48 deny tcp from any to any

    65535 22065384 21876305651 allow ip from any to any



    and will allow surfing, passive ftp, etc. as long as it initiates from your system. This is because of dynamic rules that are put in place by the rules 02050 and 02060 above that allow for routes to be established from internal. Enabling services does two things.



    1) It starts the appropriate daemon for the service to allow outsider to get something from your computer - httpd for web, sshd for remote login, etc.



    2) if the firewall is active the appropriate port is opened in the firewall for these services. port 443 and 80 for web/http, port 22 for sshd/login, etc.



    If you close the port then the service never gets a request.



    If you have a typical home router with NAT between your system and the internet then you have reasonable protection against external attacks. This does nothing for e-mail/malicious web sites, etc. but those are very few a far between on the Mac. Your router may also have a firewall as well and you may route a given port, say 80, to your computer so it can act as a web server. That would increase your risk of an attack.



    BTW you don't need to restart your system to have changes in the firewall take effect.
  • Reply 12 of 18
    thegarthegar Posts: 92member
    How good is the OSX firewall anyway ? I read somewhere that it's just somewhat mediocre ...
  • Reply 13 of 18
    pbpb Posts: 4,255member
    Quote:
    Originally Posted by theGAR View Post


    How good is the OSX firewall anyway ? I read somewhere that it's just somewhat mediocre ...



    Any software firewall solution could be considered as mediocre. But, in the Mac OS X case, it can be fine tuned using the terminal utility ipfw, like on any BSD Unix system, so what you have read is just nonsene. Although the firewall settings accessed through System Preferences are pretty basic, there are utilities with GUI that can do the trick for those who would not risk to mess with the terminal as administrators.
  • Reply 14 of 18
    sc_marktsc_markt Posts: 1,401member
    Anybody use a hardware firewall on their mac? And does anybody know a good hardware firewall for the mac?



    - Mark
  • Reply 15 of 18
    physguyphysguy Posts: 920member
    Quote:
    Originally Posted by sc_markt View Post


    Anybody use a hardware firewall on their mac? And does anybody know a good hardware firewall for the mac?



    - Mark



    I assume you're referring to a dedicated firewall appliance. As such it would have nothing to do with with being either mac or pc or linux as it would be a separate piece of hardware.
  • Reply 16 of 18
    Quote:
    Originally Posted by sc_markt View Post


    Anybody use a hardware firewall on their mac? And does anybody know a good hardware firewall for the mac?



    - Mark



    Why would you want to? The built in firewall in OS X can pretty much do all you'd really want. The only reason to purchase a hardware firewall is to protect a whole network segment. (You could use OS X for this, but it would kinda be a waste of a machine. Perhaps if you had an old box with 2 network cards in it ...)



  • Reply 17 of 18
    pbpb Posts: 4,255member
    Quote:
    Originally Posted by sc_markt View Post


    Anybody use a hardware firewall on their mac? And does anybody know a good hardware firewall for the mac?



    Not exactly an answer to your question, but the NAT firewall coming with Airport and other routers is something to be considered too. Not exactly a hardware firewall, but a good companion to the computer software firewall.
  • Reply 18 of 18
    feartecfeartec Posts: 119member
    Honestly, I disabled ALL my firewalls. I had three going for no real reason, but if I was to ever firewall anything it would be through my router, not my OS. It just makes more sense, and to be honest if someone REALLY wants in your computer, they will find a way. After hacking through my own router, I gave up with firewalls in general. So for all of you out there who have nothing better to do, have at it.
Sign In or Register to comment.