 |
 |
Who's using a 3rd party firewall?
|
|
|
|
|
Grizzled Veteran
Join Date: Feb 2005
Status:
Offline
|
|
I'm behind a NAT router w/ my G4 iBook. Can I safely assume that the Tiger firewall is more than sufficient?
Are there any good free 3rd party firewalls worth looking at?
Thanks in advance!
Chris
|
|
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
1) Yes. The OS X firewall is quite a good option-more than adequate protection
2) Good question. I'm hoping to learn a lot from upcoming responses.
|
|
Glenn -----
OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Online
|
|
Does OSX's firewall only block inbound ports (like Windows built in firewall), or does it also block outbound traffic (like many of the third party firewalls for Windows)?
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status:
Offline
|
|
I guess NetBarrier is a good option, but it uses to mess iChat Bonjour file transfers…
|
"That plane's dustin' crops where there ain't no crops."
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2000
Location: Northern California
Status:
Offline
|
|
Originally Posted by mduell
Does OSX's firewall only block inbound ports (like Windows built in firewall), or does it also block outbound traffic (like many of the third party firewalls for Windows)?
No, but Little Snitch blocks outgoing (not free).
|
Mac OS X 10.5.0, Mac Pro 2.66GHz/2 GB RAM/X1900 XT, 23" ACD
esdesign
|
| |
|
|
|
|
|
|
|
Moderator  Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
The built-in firewall can do that, it is extremely powerful. However, you need adjust settings like these manually.
|
|
I don't suffer from insanity, I enjoy every minute of it.
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Online
|
|
Originally Posted by OreoCookie
The built-in firewall can do that, it is extremely powerful. However, you need adjust settings like these manually.
Is it written from scratch, a port of pf or ipf from one of the BSDs, or something else?
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
It's a port of ipfw which is the standard firewall of FreeBSD (although newer versions offer OpenBSD's pf as an equivalent option). Hence OS X firewall is a lot more powerful than any of its commercial competitors.
|
|
I don't suffer from insanity, I enjoy every minute of it.
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Firewalls are not some sort of magic "black box" software that you just sort of install and forget about. Any firewall is completely useless if the rules governing the firewall are bogus or misconfigured. Talking about which firewall is the best is not really an appropriate question to be asking, IMHO.
In the Unix world, the two major firewalls supported are ipfw, pf, and iptables (which used to be ipchains). Iptables is the standard on Linux, and ipfw (and pf) are the standards on the BSDs. You don't gain anything from using some sort of alternative firewall software, ipfw is a part of the OS X kernel and works just fine.
Where there is room for some exploration of additional options is in software that helps you configure rules for ipfw. There is absolutely nothing special about this software at all, you could create those very same rules yourself - they are just GUI front ends to configuring your rules using the ipfw command line tool. This isn't to say that there is something wrong with using a GUI to configure your firewall, but no rule configuration utility is better or worse than another, it's just a matter of finding a GUI that you like.
Understanding what these rules do is important if you really want to understand your firewall. A firewall is not an on or off switch that just makes everything magically secure. Essentially, the OS X firewall blocks incoming connections to unused ports, and allows all outgoing connections. There are advanced options that allow for things such as stealth mode, and blocking UDP packets. All of this provides you with a basic level of protection.
However, if you want to get into blocking access to your computer from certain IP addresses that are attacking your computer, get into more advanced features such as using your firewall for NAT, port knocking, etc. you are going to have to learn more on your own, and stray away from the OS X GUI.
(Last edited by besson3c; Aug 6, 2006 at 06:21 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Administrator Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally Posted by besson3c
Understanding what these rules do is important if you really want to understand your firewall.
Nicely stated. As is your point that the GUI won't let a user go very far in configuring the OS X firewall beyond some fairly standardized configurations.
But before doing ANYTHING to a firewall, the user must know what he wants it to allow and what he wants blocked. And (maybe most especially) in WHAT DIRECTION he wants allowing and blocking to happen. So the user MUST KNOW HIS APPS and what they are supposed to do. If you don't know which apps are supposed to contact the Internet, stick with the plain-jane setup that the firewall starts with. It's fairly conservative, so it's fairly "safe."
|
|
Glenn -----
OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Moderator Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
I agree. All I wanted so say though is that it isn't necessary to pay for a firewall on an OS X system. The built-in firewall will be more robust than the commercial alternatives. There are a great many GUIs to configure ipfw rules, although you need to know what you are doing.
The Apple's default settings are reasonable and most people won't have to bother tinkering with the settings.
|
|
I don't suffer from insanity, I enjoy every minute of it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
