Do most of you enable firewall?

Discussion in 'macOS' started by markw10, Apr 2, 2007.

  1. markw10 macrumors 6502

    Joined:
    Sep 4, 2006
    #1
    I'm relatively new to the Mac and am wondering if most people enabled the firewall on OS X or not? If so, do you use any special settings?
     
  2. Fearless Leader macrumors 68020

    Joined:
    Mar 21, 2006
    Location:
    Hoosiertown
    #2
    turn it on. be happy. really easy to change stuff.

    Well i say this coming from a traveling laptop. If you be at home with a router between you and da intertubes then no need to worry about it.
     
  3. bmcgrath macrumors 65816

    bmcgrath

    Joined:
    Oct 5, 2006
    Location:
    London, United Kingdom
    #3
    yep I got a firewall turned on. Maybe thats just because I was use to having a firewall on in the windows days that its carried over to the mac....
     
  4. matthew24 macrumors 6502

    matthew24

    Joined:
    May 30, 2002
    Location:
    Netherlands
    #4
    Behind a router. (HW firewall). So OSX: Off. (The less resources the better)
     
  5. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #5
    The resources are so minimal that you won't notice a difference.
     
  6. wrldwzrd89 macrumors G5

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #6
    I have the OSX firewall enabled on both my Macs, even though I'm behind a router with a firewall. I feel safer that way :D
     
  7. thewhitehart macrumors 6502a

    thewhitehart

    Joined:
    Jul 9, 2005
    Location:
    The town without George Bailey
    #7
    Me too. Doesn't hurt to be safe! The only exceptions I have are bonjour services, network time services, apple file share, and iTunes sharing, in order to stream to my airport express.
     
  8. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #8
    Yeah, on my iBook, firewall up, no ports open, stealth, deny UDP, I think (it travels both on the home network and on school networks about whose firewalls I'm not so sure). On my iMac, which is always behind the NAT firewall of my AEBS, the same, except a handful of intranet ports like iTunes, iPhoto, etc sharing are opened.
     
  9. eluk macrumors 6502a

    eluk

    Joined:
    Dec 14, 2006
    Location:
    East London, UK
    #9
    Definitely on. Mostly behind NAT but as a laptop it does go out in the wild.
     
  10. FrankBlack macrumors 6502

    FrankBlack

    Joined:
    Dec 28, 2005
    Location:
    Looking for Lucy Butler
    #10
    First, welcome to the Mac Platform.

    Yes, turn your firewall on, block UDP, and enable Stealth mode. You may enable logging if you prefer. The firewall logs (who's hitting on you, for lack of a better way to put it. ) may be viewed by launching the console.app, found in the utilities folder. It's under var/log ipfw.log.

    It's not too fancy, just a plain text style log.

    As others have suggested, you can always invest in a firewall/router, for extra security if you feel it's necessary.
     
  11. Xavier macrumors 68020

    Joined:
    Mar 23, 2006
    Location:
    Columbus
    #11
    Just think of it this way. If the perp gets through one wall of fire, and it doesn't kill him, then hes got to run through another! LOL
     
  12. OldCorpse macrumors 65816

    OldCorpse

    Joined:
    Dec 7, 2005
    Location:
    compost heap
    #12
    You have to balance your needs versus the added bit of security a firewall provides. The firewall included in OS X is a pretty feeble affair - not worthless, but close to it.

    The OS X firewall (at least up until OS X 10.4.9) only tries to control incoming traffic. It does nothing for outgoing traffic - which puts it behind the most recent stuff from the Windows world :( This is one reason why you may want to spring for Little Snitch, which essentially provides the other side: control of outgoing traffic. The other thing, is that the OS X firewall has very little in the way of controls and a subpar GUI. Overall, again, as firewalls go, it's one of the least impressive out there.

    Having a firewall can't hurt, but frankly if you are behing a router, the additional protection offered by OS X firewall is not much at all. Meanwhile, it can cause problems if you run bittorrent and the like.

    If you are out and about with a laptop, sure turn it on - won't hurt. If you're at home behind a router and running bittorrent and such applications, I wouldn't bother.
     
  13. BilltheCat macrumors regular

    BilltheCat

    Joined:
    Jan 14, 2007
    Location:
    Sanford FL
    #13
    yes

    firewall is on every day, deny udp, stealth mode! I also have a hardware firewall router by linksys and 128 bit encryption. Wife is using a windoze box so I can never be too careful. (darned company laptop dell)
     
  14. wrldwzrd89 macrumors G5

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #14
    The problem with the Mac OS X firewall isn't lack of power - it's lack of GUI configuration tools for outbound connections that are built-in. The firewall built into Mac OS X can filter outbound connections just as easily as it can inbound - there's just no GUI for configuring it.
     
  15. wanda macrumors member

    Joined:
    Aug 19, 2006
    Location:
    In a van down by the river
    #15

    May be a dumb question but how do i block UDP and where to I enable "stealth mode". Firewall's already on.
     
  16. Airforce macrumors 6502a

    Airforce

    Joined:
    Jan 12, 2006
    #16
    On my AMD desktop running OS X, I leave it on. It's always connected though..doesn't hurt to leave it on anyways. Same with my macbook
     
  17. FrankBlack macrumors 6502

    FrankBlack

    Joined:
    Dec 28, 2005
    Location:
    Looking for Lucy Butler
    #17
    Not dumb at all. Here's how: (You are running 10.4?)

    Under the Apple menu, open System Preferences.

    CLick on Sharing.

    You should see three tab buttons, Services, Firewall, and Internet. CLick on Firewall.

    There's a list of services. Best security is to have all un-checked. You may leave Network Time checked, if you need to sync to a network time server such as Apple's time server.

    Lower right of window, you'll see a button marked "Advanced". Click the advanced button. a drop-menu appears.

    There are three things to check, "Block UDP Traffic", "Enable Firewall Logging", and "Enable Stealth Mode". Check stealth mode, and Block UDP traffic. Firewall logging is optional. Still, it's fun to trace some of the hits back. If you choose logging, remember to clear the log at least once per week. it can get long rather quickly. Click on OK and you should be all set.

    You've read some different opinions on how effective the OS X Firewall, in its standard configuration, is. Here is a brief article from Macworld, July '06.

    Apple provides pretty good information in the help menu. In the finder, just pull down Help, on the tool bar.
     
  18. wanda macrumors member

    Joined:
    Aug 19, 2006
    Location:
    In a van down by the river
    #18
    Appreciate the info FrankBlack. Followed your well written instructions and guess what...UDP was already blocked and I was in stealth mode. also logging was on and i cleared the log. looked like there were lots of options on the left side of the log after clicking on the top left icon labled "logs". should i be clearing all of them or just the one that automatically comes up.
    thanks again for the help.

    wanda.
     
  19. Objectivist-C macrumors 6502

    Joined:
    Jul 1, 2006
  20. SmurfBoxMasta macrumors 65816

    SmurfBoxMasta

    Joined:
    Nov 24, 2005
    Location:
    I'm only really here at night.
    #20
    because momma said so, hehehehe :D :) :p
     
  21. FrankBlack macrumors 6502

    FrankBlack

    Joined:
    Dec 28, 2005
    Location:
    Looking for Lucy Butler
    #21
    You don't have to be too concerned about clearling the logs. As you've noticed, the system log is handy, and has quite a bit of information. The Crash reporter is frequently used by techs for troubleshooting purposes. In a lot of companies, these logs are retained for security purposes.

    One thing you can do, and it's very simple: Use a freeware app called Macjanitor, to run three maintenance scripts once in awhile.

    Problem: Unix was originally built to run on huge systems, running 24/7. These maintenance scrpits, called "cron jobs" by the Guru's, would normally run in the middle of the night. So, since most people either shut down their machines, or let them sleep when done for the day, the scripts never get run.

    These scripts may be run through the terminal, but macjanitor puts a nice GUI on it. Again, it's freeware. You can read more about it at version tracker and find a link to download the latest version.

    Here is a link to an Apple Tech info article on the maintenance scripts.

    Running these only takes a few seconds for the "daily" and "monthly" portions. The "weekly" one may run for several minutes. Your mac may look like it's doing nothing, but the script is indeed running.
     
  22. wrldwzrd89 macrumors G5

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #22
    Mac OS X Panther and earilier did indeed have the problem you mentioned. However, in Tiger (and later), Apple added launchd, which has the clever ability to reschedule things that were supposed to run while the computer was off or asleep to run when it's next awakened or turned on. Macjanitor is still useful on these systems for running the scripts manually.
     
  23. thewhitehart macrumors 6502a

    thewhitehart

    Joined:
    Jul 9, 2005
    Location:
    The town without George Bailey
    #23
    If you use certain services, some ports blocked by the firewall should be left open. If you click any of the services in the "Services" pane of "Sharing", the appropriate firewall tick box will be unchecked too automatically.

    It doesn't hurt to leave it on, but the safest thing you can do is get a router, even if you have only one mac. A router provides network address translation, which is like a firewall in and of itself. Again, it's not a foolproof answer for total security. There is no such thing. But the worst you can do is hook your mac right up to the ethernet cable running straight to your cable / DSL modem. Even worse is having a Windows box hooked straight to the cable modem with no firewall; that's like sleeping with a $2 Thai hooker without a condom :eek: Having your mac directly hooked is more like sleeping with Margaret Thatcher.

    I sometimes unblock Remote Login via SSH - this way I can bypass my employer's totalitarian web filter. :)
     
  24. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #24
    I've just downloaded the SXSW showcase 2007 via bittorrent with Transmission with the OS X Firewall on, no special ports open and the port (9090) forwarded to the wrong IP address so if you have a decent client you should be fine. (I ended up with a ratio of about 0.5, not great, but I did upload too)
     
  25. Nightkrawler macrumors regular

    Joined:
    Sep 4, 2006
    Location:
    Vienna, Austria
    #25
    No, why do i have to use a personal firewall when there is no service/daemon that has to be blocked? The firewall itself would just be another possible exploitable part.
    Let me explain: Why do you want a firewall?
    If you want to block some "evil" apps "phoning home", the osx firewall is useless ATM, in leopard you have this option but what if the "evil app" just clicks "allow" without you noticing it or simply deactivate the firewall?

    If you want to be secure "from the evil internet side", why you just turn off the services/daemons that are listening in the internet, instead of using a personal firewall?

    I know this is a bit hard to explain/understand but maybe i can tell you some things about personal firewalls.
    more infomation http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.en.html -really interesting if you are a bit in computer security/networking/firewalls
     

Share This Page