Where is the firewall log for OS X?

That is a good question, I am curious myself about that. I stopped using Norton because of ichatav, and rely on Apple's built in firewall.
 
Actually, the ipfw used by Mac OS X can create a log, but using the rules in the prefs panel it won't. You can make a startup item that overrides these rules and turns logging on (in which case it turns up in /var/log/ipfw.log), but then you won't be able to use the prefs panel to control it..
 
IIRC, all you need to do is add "log" to any rules you want to log..

So, for example, here's the ipfw rules used by Apple (just type sudo ipfw list to see these on your system)
02000 allow ip from any to any via lo*
02010 deny ip from 127.0.0.0/8 to any in
02020 deny ip from any to 127.0.0.0/8 in
02030 deny ip from 224.0.0.0/3 to any in
02040 deny tcp from any to 224.0.0.0/3 in
02050 allow tcp from any to any out
02060 allow tcp from any to any established
02070 allow tcp from any to any 4000 in
02080 allow tcp from any to any 4662 in
02090 allow tcp from any to any 9725 in
02100 allow tcp from any to any 6891-6900 in
02110 allow tcp from any to any 5190 in
12190 deny tcp from any to any
65535 allow ip from any to any

To log any entry, you'd change it like this:
02010 deny log ip from 127.0.0.0/8 to any in

If you want to know how to set up a startup item to put these rules in place, just do a google for "'mac os x' ipfw rules"
 
You must log in or register to reply here.
Back
Top