 |
 |
OSX Firewall in Sharing Control Panel any good?
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2002
Status:
Offline
|
|
i'm wondering how the Firewall function in the Sharing System Prefs. panel is. Does it slow anything down if I use it? Or would I really be better of buying a hardware firewall?
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2001
Status:
Offline
|
|
I would also like to know.
I am playing with Net Barrier, and am having major problems connecting computers, and to the web via my cable modem. Rendezvous doesn't work - although I wonder if it is just rendezvous, and not the firewall.
When I get an airport basestation, can I just use WEP and WPA and ditch the software firewall?
|
|
Religion is an insult to human dignity. With or without it, you'd have good people doing good things and evil people doing bad things, but for good people to do bad things, it takes religion - Steven Weinberg.
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2003
Location: Pittsburgh, Pennsylvania
Status:
Offline
|
|
Originally posted by mediahound:
i'm wondering how the Firewall function in the Sharing System Prefs. panel is. Does it slow anything down if I use it? Or would I really be better of buying a hardware firewall?
Why buy a firewall? You have all the functionality of a commercial firewall available to you at the Mac OS command line. Check out the man page for ipfw. ipfw is the firewall utility that the control panel drives, except from the command line you have much better control over the rulesets. If you buy a hardware package most likely it will be using linux w/ iptables, which is the exact same strengh as ipfw, but less configurable. Enjoy.
ndt
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2002
Status:
Offline
|
|
but wouldn't doing it via the OS be slower than letting a piece of separate hardware handle it?
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Apr 2000
Location: Los Angeles, CA
Status:
Offline
|
|
Not quite. The hardware firewall you describe are usually cheap appliances either running Linux with netfilter/iptables (which is a good firewall to begin with) or some custom/proprietary software running over simple hardware. Just because they are dedicated doesn't mean they are "faster." Some hardware firewall appliances are also problems in themselves because they can be a single-point-of-failure. If they fail, you'll have to remove them (some are pass-through, however).
Fast firewalls are those that are intended to be used in corporate/enterprise environments, where data throughput is really, really high. A firewall in itself already introduces latency, but industry-grade firewalls (like the high-end ones made by SonicWall and others) make that almost negligible (or at least worth it).
Mac OS X's firewall (ipfw) is also used by other Unix systems (e.g. *BSD) that are deployed in enterprise environments. If you want a tool to help you use it without delving into the command line, you can use an application like Brickhouse or Firewalk X. The firewall is more than adequate for high-end broadband services (it is used in high-speed LANs after all).
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
