PDA

View Full Version : Are there any firewall experts in the house




XFce
Jun 27, 2006, 04:12 AM
Is there a way to make Apples built in firewall more secure ?
I blocked UDP and enabled stealth mode that helps but I would like to go under advanced settings and make the firewall more secure then it already is. Maybe disable cretin ports or add some type of bsd script or apply some type of rule that would block ports that are enabled by default but are not not being used. any suggestions would be appreciated.



Queso
Jun 27, 2006, 04:19 AM
The built-in Apple firewall is basically ipfw, which is common to several UNIX distros, and the rules for the firewall are stored in the /etc/firewall.conf file. It's very configurable, although obviously you need to understand how to stick a rule together correctly to ensure you don't disrupt your Mac's normal operation. Googling ipfw will give you several results on constructing additional rules.

Either use a text editor such as vi to add or edit rules directly in that file, or use "Flying Buttress" a GUI app that edits the file for you. FB is available on versiontracker.com.

XFce
Jun 27, 2006, 08:34 PM
dynamicv thanks for responding

The reason why I am so concerned about internet security is because telemarketers call my home telephone number 2-3 minutes after I join a internet discussion forum. Never fails.
If possible I would like to add some type of BSD/ Apple script that would make my new Intel i mac core duo safe from hackers and from telemarkerters who track my every click then call my home phone 2 seconds after I log into the internet, trying to sell me something. I thought about buying a third party firewall but decided not to because I donít trust third party programs if they are not made by Apple.

Queso
Jun 28, 2006, 03:34 AM
Interesting. I think this is probably more related to either your ISP or Cable company having a deal with the telemarketers. If they spot IP traffic on your broadband channel it's a safe bet you're home, so they alert the marketing company. I would ring your ISP/Cableco to ask if I were you, and if they answer that this is what they are doing, demand to speak to the highest person you can in their office, seriously let rip at them and insist that they remove you from the list they pass over.

However, just in case it is something on your Mac, you may want to install Little Snitch (http://www.obdev.at/products/littlesnitch/index.html), which spies on the traffic leaving your computer to ensure that nothing is attempting to "call home" without your knowledge, and blocks anything you don't want to permit. It takes a bit of training in the beginning, but well worth it once you get it used to your normal programs. Although it is shareware ($25 a license), it sounds like it's perfect for your requirements. Like you, there is no way I would install a third party firewall from McAfee or Symantec, but Little Snitch gets recommendations from everyone as far as I can see.