advanced firewall configuration in leopard

On 2008-11-23 20:22:36 +0100, mikie <mike RemoveThis @exorergee.pl> said:

> i tried: "sudo ipfw list" but it prints just:
> 65535 allow ip from any to any
> it confuses me, because i have my firewall turned on, so why does it
> allow "any to any" ?

does "preferences->security->firewall" have something to do with ipfw
or is it just another (high level?) firewall mechanism?

mikie <mike.TakeThisOut@exorergee.pl> wrote:

> On 2008-11-23 20:22:36 +0100, mikie <mike.TakeThisOut@exorergee.pl> said:
>
> > i tried: "sudo ipfw list" but it prints just:
> > 65535 allow ip from any to any
> > it confuses me, because i have my firewall turned on, so why does it
> > allow "any to any" ?
>
> does "preferences->security->firewall" have something to do with ipfw
> or is it just another (high level?) firewall mechanism?

The Firewall in Leopard's System Preferences is a new "application
firewall", independent of ipfw. I don't know what underlying tool(s) it
uses.

It is designed to recognise incoming connections according to the
specific application on the Mac which is involved, ignoring the port
number. If enabled, it allows the user to decide which applications are
allowed to accept incoming connections (initiated by other computers).

It has no control over outgoing connections (initiated by applications
on your computer). Little Snitch is a good solution for keeping an eye
on outgoing connections.

If you want to configure ipfw, it can be used at the same time as the
"application firewall" and/or Little Snitch, for additional security.
You can use the ipfw command line tool (if you know how) or existing GUI
tools like WaterRoof (formerly known as BrickHouse, if I remember right)
which configure ipfw for you.

--
David Empson
dempson.TakeThisOut@actrix.gen.nz

On 2008-11-24 01:02:12 +0100, dempson RemoveThis @actrix.gen.nz (David Empson) said:

>>> i tried: "sudo ipfw list" but it prints just:
>>> 65535 allow ip from any to any
>>> it confuses me, because i have my firewall turned on, so why does it
>>> allow "any to any" ?
>> does "preferences->security->firewall" have something to do with ipfw
>> or is it just another (high level?) firewall mechanism?
> The Firewall in Leopard's System Preferences is a new "application
> firewall", independent of ipfw. I don't know what underlying tool(s) it
> uses.
>
> It is designed to recognise incoming connections according to the
> specific application on the Mac which is involved, ignoring the port
> number. If enabled, it allows the user to decide which applications are
> allowed to accept incoming connections (initiated by other computers).
>
> It has no control over outgoing connections (initiated by applications
> on your computer). Little Snitch is a good solution for keeping an eye
> on outgoing connections.
>
> If you want to configure ipfw, it can be used at the same time as the
> "application firewall" and/or Little Snitch, for additional security.
> You can use the ipfw command line tool (if you know how) or existing GUI
> tools like WaterRoof (formerly known as BrickHouse, if I remember right)
> which configure ipfw for you.

your answer was definitely exhaustive and very helpful.
thanks a lot!

mikie <mike DeleteThis @exorergee.pl> wrote:

> On 2008-11-24 01:02:12 +0100, dempson DeleteThis @actrix.gen.nz (David Empson) said:
>
> >>> i tried: "sudo ipfw list" but it prints just:
> >>> 65535 allow ip from any to any
> >>> it confuses me, because i have my firewall turned on, so why does it
> >>> allow "any to any" ?
> >> does "preferences->security->firewall" have something to do with ipfw
> >> or is it just another (high level?) firewall mechanism?
> > The Firewall in Leopard's System Preferences is a new "application
> > firewall", independent of ipfw. I don't know what underlying tool(s) it
> > uses.
> >
> > It is designed to recognise incoming connections according to the
> > specific application on the Mac which is involved, ignoring the port
> > number. If enabled, it allows the user to decide which applications are
> > allowed to accept incoming connections (initiated by other computers).
> >
> > It has no control over outgoing connections (initiated by applications
> > on your computer). Little Snitch is a good solution for keeping an eye
> > on outgoing connections.
> >
> > If you want to configure ipfw, it can be used at the same time as the
> > "application firewall" and/or Little Snitch, for additional security.
> > You can use the ipfw command line tool (if you know how) or existing GUI
> > tools like WaterRoof (formerly known as BrickHouse, if I remember right)
> > which configure ipfw for you.
>
> your answer was definitely exhaustive and very helpful.
> thanks a lot!

Problems with the Leopard firewall are outlined here:

http://db.tidbits.com/article/9294

The case it seems to make is that if you want to know (and control)
what's going in your computer's software firewall you're better off
turning off the black-box Leopard firewall and turning on ipfw (and
configuring it with WaterRoof). m.

--
matt neuburg, phd = matt DeleteThis @tidbits.com, http://www.tidbits.com/matt/
Leopard - http://www.takecontrolbooks.com/leopard-customizing.html
AppleScript - http://www.amazon.com/gp/product/0596102119
Read TidBITS! It's free and smart. http://www.tidbits.com