Welcome to the MacNN Forums.

Macnnmember · Feb 24, 2005, 08:01 PM

How effective is 10.3's Firewall program? Does it compare to a program such as Nortons. How safe would using it with my broadband connection (cable)?

chabig · Feb 24, 2005, 08:07 PM

The firewall is very good. You don't need to supplement it with anything else, certainly not Norton. The consensus among most here is that Norton causes more problems than it solves. The only reason people buy is because it has name recognition with switchers.

Chris

Millennium · Feb 24, 2005, 08:35 PM

The firewall which comes with OSX is actually quite powerful, though you wouldn't know it from the interface Apple provides to configure it. While it'll get the job done for casual net users, if you have needs above and beyond the basics there are third-party configuration tools available which do a much better job. One of the first was called BrickHouse, and while its interface is a little rough around the edges it's still one of the best out there.

theolein · Feb 24, 2005, 10:13 PM

As the others have said, OSX's firewall is very powerful, but Apple provides only a simple interface to the user, which is probably a good thing, since most users would not understand the more powerful features, such as blocking outgoing connections on certain ports as well as incoming on most ports.

The commandline tool ipfw is where all the action happens. It has a fairly good manpage, and if you do some online research, it'll do all you need and much more.

cambro · Feb 25, 2005, 08:29 AM

Maybe this isn't the place for this question, but...

Out of the box, does OS X need a firewall? What ports are default-open to incoming traffic?

CatOne · Feb 25, 2005, 05:14 PM

Originally posted by cambro:
Maybe this isn't the place for this question, but...

Out of the box, does OS X need a firewall? What ports are default-open to incoming traffic?

Out of the box, no ports are open to incoming traffic. So no, it really doesn't need a firewall, because there's nothing listening, and therefore there aren't any services that can be attacked.

If you turn on remote access or some form of sharing, then ports will be opened. Of course, you can't use a firewall on those ports, because they need to listen

theolein · Feb 25, 2005, 07:51 PM

Originally posted by CatOne:
Out of the box, no ports are open to incoming traffic. So no, it really doesn't need a firewall, because there's nothing listening, and therefore there aren't any services that can be attacked.

If you turn on remote access or some form of sharing, then ports will be opened. Of course, you can't use a firewall on those ports, because they need to listen

This is why a customised firewall is such a good idea, i.e. setting up ipfw properly. With the rules set up correctly, you can share data to certain address and not to others, thereby avoiding most of the pitfalls of having open ports.

Burke · Feb 26, 2005, 08:25 PM

Since I use a router with a built-in firewall, I only rely on an app to monitor outgoing connections. I suppose "LIttle Snitch" is the best for that?

CatOne · Feb 28, 2005, 10:37 AM

Originally posted by Burke:
Since I use a router with a built-in firewall, I only rely on an app to monitor outgoing connections. I suppose "LIttle Snitch" is the best for that?

yes.