Author Topic: Mac software firewall  (Read 841 times)

Offline BuriaL

  • Member
  • Posts: 488
Mac software firewall
« on: December 30, 2009, 08:24:12 PM »
A friend of mine asked me what sort of firewall to get on a mac.
I dont know anything about macs. Dont know anyone else that have one ether.

Suggestions?

Offline Lumiinous

  • Member
  • Posts: 47
Re: Mac software firewall
« Reply #1 on: December 31, 2009, 12:52:17 AM »
Just use a router, if not already using one. Hardware firewall.

Honestly, I wouldn't even be using a software firewall if not for the one built into Windows, but it never bugs me and I've never had any problems with it, so I saw no reason to disable it.

But yeah, basically, if he's behind a router, he's also behind a firewall.

Offline SirSkyRider

  • Member
  • Posts: 1392
  • life is noise
Re: Mac software firewall
« Reply #2 on: January 01, 2010, 11:56:10 AM »
Basically, software firewalls are pretty useless. So having a router should be perfectly fine.

If he wants to close certain ports, he can do so via the Terminal app.

Offline Xiong Chiamiov

  • Member
  • Posts: 3012
  • I'm gonna tolerate and love the SHIT out of you!
    • changedmy.name
Re: Mac software firewall
« Reply #3 on: January 03, 2010, 05:30:46 AM »
A quick search tells me that not only is there an iptables-type application preinstalled on OS X, but also an included GUI for it.
Projects of interest: nagi | sheska | bdg
Posts made between 2009-05-09 and 2011-08-26 were in the capacity of staff.  Please read accordingly.

Offline geoffreak

  • Member
  • Posts: 1258
  • Yes I yam!
    • Anime Bite
Re: Mac software firewall
« Reply #4 on: January 05, 2010, 11:37:22 PM »
Hardware firewall. Software firewall.

Offline rl9009

  • Member
  • Posts: 153
  • Baiting Mugus since 1999
Re: Mac software firewall
« Reply #5 on: January 08, 2010, 05:55:58 PM »
You can definitely try my IPTables Firewall rules if you want a Mac software firewall.

Code: [Select]
# Generated by iptables-save v1.4.4 on Tue Dec 22 18:59:03 2009
*nat
:PREROUTING ACCEPT [2965974:3905346829]
:POSTROUTING ACCEPT [1522:96978]
:OUTPUT ACCEPT [6752:508159]
# Port forwarding
COMMIT
# Completed on Tue Dec 22 18:59:03 2009
# Generated by iptables-save v1.4.4 on Tue Dec 22 18:59:03 2009
*filter
:INPUT ACCEPT [4298771:4397921774]
:FORWARD ACCEPT [5578830:2863752069]
:OUTPUT ACCEPT [3642964:402750318]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -i eth0 -o eth1 -j ACCEPT
COMMIT
# Completed on Tue Dec 22 18:59:03 2009

I've been using this iptables for quite some time, but you should change it to suit your needs. Besides, why need a firewall when you can just NAT yourself and save all the hard work... No wait, NATing was supposed to solve the problem of IPv4 address exhaustion, not to be implemented as a security solution.