Firewall

loom001 · Mar 17, 2003

I am looking for a good firewall. I know that I can go to version tracker, but I would like to know what people are using and how they like the products, and what the best features are. I have one (Kerio Personal Firewall) for my windows based system that is great it blocks all the applications like lets say an app was trying to communicate to the internet it would pop up an alert telling me so, and I could allow or deny. that is a feature that I really like and was wondering if MAC had one that had a feature like that?

Thanks!

michaelsanford · Mar 17, 2003

Darwin has ipfw, which works at the packet level. It's very powerful, and comes with Mac OS X, I believe Jaguar (10.2) also has a configuration panel for it, but anything prior to 10.2 you'll need to get a tool like BrickHouse to configure it, unless you want to edit the rules file yourself...

I would recommend using this instead of a third-party one like Norton Personal Firewall. ipfw is light, doesn't use many system resources, and does all you need.

I don't know of any off-hand that pop up a request to allow or deny a connection, but I personally don't find that useful at all. You just open the ports for the services you want (FTP, SSH, HTTP, ICQ, whatever) and close everything else, simple!

michaelsanford · Mar 17, 2003

Darwin has ipfw, which works at the packet level. It's very powerful, and comes with Mac OS X, I believe Jaguar (10.2) also has a configuration panel for it, but anything prior to 10.2 you'll need to get a tool like BrickHouse to configure it, unless you want to edit the rules file yourself...

I would recommend using this instead of a third-party one like Norton Personal Firewall. ipfw is light, doesn't use many system resources, and does all you need.

I don't know of any off-hand that pop up a request to allow or deny a connection, but I personally don't find that useful at all. You just open the ports for the services you want (FTP, SSH, HTTP, ICQ, whatever) and close everything else, simple!

loom001 · Mar 17, 2003

So is there away to totally shut down your workstation for all inbound and outbound ports? Then add them in one by one? I want to totally lock down my MAC and only let the ports that I want to go out? Thanks for the help!

Giaguara · Mar 18, 2003

i believe brickhouse does that.

and i wish the system's built-in firewall was more specific = deciding all ports etc.

loom001 · Mar 18, 2003

Found a little app that I think will work great for monitoring other apps. It is called little snitch. Can be found on version tracker and the Developers website is http://www.obdev.at/products/littlesnitch/index.html . This exactly what I was looking for when it came to monitoring my applications and what they are talking to the internet for. I have the power to grant and deny. Still in search of a good firewall.

michaelsanford · Mar 18, 2003

Yes you can, that method is called "Explicit Allow" (it just means that you close everything by default, and open the ports you want open).

Here's an extract from my /etc/firewall.conf You don't need to know what this means, it's just an example to show you the way you can close everything, then open specific services. This firewall.conf was generated by BrickHouse (rules not in order):

Code:

#################################################
## Allow All Outgoing Services
#################################################  
add 54016 allow all from any to any out via ppp0    

#################################################
## Deny All Incoming Services
#################################################
add 54017 deny log all from any to any in via ppp0

#################################################
## Allow Network Time (NTP)
#################################################
add 4003 allow udp from any 123 to any 1024-65535 via ppp0

#################################################
## World Wide Web
#################################################
add 4008 allow tcp from any to any 80 in via ppp0
add 4008 allow tcp from any 80 to any out via ppp0

In 10.1.x you use a utility like BrickHouse to configure the firewall; like I said I thought 10.2 had a panel to configure it, but I don't know (because Jag still hasn't arrived!)

michaelsanford · Mar 18, 2003

Cool I'll take a look at Snitch, might be useful for configuring my firewall (I can't seem to allow MSN file transfers).

loom001 · Mar 18, 2003

This program seems like it is worth while firewall think that I am going to check out. Does carry a $59.00 price tag. http://www.intego.com/netbarrier/

michaelsanford · Mar 18, 2003

That's one of the reasons I like ipfw, it carries a $0 price tag

loom001 · Mar 18, 2003

Originally posted by michaelsanford
That's one of the reasons I like ipfw, it carries a $0 price tag

you are correct FREE is better. I think that for controlling my apps I am going to use snitch, but I am going to give just using the built in Firewall a try. By the way nice website.

michaelsanford · Mar 18, 2003

Cool, well good luck.

And thanks

LogicMan · Mar 28, 2003

does ipfw have a graphics interface? where can i find it on the mac?

loom001 · Mar 28, 2003

I have found this freeware one called SunShield
http://homepage.mac.com/opalliere/shield_man.html

You can also find it at MacUpdate see link below
http://www.macupdate.com/info.php/id/10655

Enjoy and I hope this helps!

Firewall

loom001

Registered

michaelsanford

Translator, Web Developer

michaelsanford

Translator, Web Developer

loom001

Registered

Giaguara

Chmod 760

loom001

Registered

michaelsanford

Translator, Web Developer

michaelsanford

Translator, Web Developer

loom001

Registered

michaelsanford

Translator, Web Developer

loom001

Registered

michaelsanford

Translator, Web Developer

LogicMan

Registered

loom001

Registered