Mac software firewall

[BuriaL]

A friend of mine asked me what sort of firewall to get on a mac.
I dont know anything about macs. Dont know anyone else that have one ether.

Suggestions?

[Lumiinous]

Just use a router, if not already using one. Hardware firewall.

Honestly, I wouldn't even be using a software firewall if not for the one built into Windows, but it never bugs me and I've never had any problems with it, so I saw no reason to disable it.

But yeah, basically, if he's behind a router, he's also behind a firewall.

[SirSkyRider]

Basically, software firewalls are pretty useless. So having a router should be perfectly fine.

If he wants to close certain ports, he can do so via the Terminal app.

[Xiong Chiamiov]

A quick search tells me that not only is there an iptables-type application preinstalled on OS X, but also an included GUI for it.

[geoffreak]

Hardware firewall. Software firewall.

[rl9009]

You can definitely try my IPTables Firewall rules if you want a Mac software firewall.

Code: [Select]

# Generated by iptables-save v1.4.4 on Tue Dec 22 18:59:03 2009
*nat
:PREROUTING ACCEPT [2965974:3905346829]
:POSTROUTING ACCEPT [1522:96978]
:OUTPUT ACCEPT [6752:508159]
# Port forwarding
COMMIT
# Completed on Tue Dec 22 18:59:03 2009
# Generated by iptables-save v1.4.4 on Tue Dec 22 18:59:03 2009
*filter
:INPUT ACCEPT [4298771:4397921774]
:FORWARD ACCEPT [5578830:2863752069]
:OUTPUT ACCEPT [3642964:402750318]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -i eth0 -o eth1 -j ACCEPT
COMMIT
# Completed on Tue Dec 22 18:59:03 2009

I've been using this iptables for quite some time, but you should change it to suit your needs. Besides, why need a firewall when you can just NAT yourself and save all the hard work... No wait, NATing was supposed to solve the problem of IPv4 address exhaustion, not to be implemented as a security solution.