I'm going to have to agree with you, AppleMatt, for exactly the reason that you stated. And there's the bonus of catching the "attacking" computer in a small (very small) bit of quicksand while it waits for your ports to respond.
You may laugh at me for saying this, but it would be nice for us Non *nix folks to have a GUI to admin or set the state of ipfw.... Anyone?Originally posted by BrandonRP0123
I've got a Netscreen 5XP here at home protecting my Power Mac, my girlfriend's Dell Inspiron, and whatever else I choose to connect to it (including my base station). NAT on, DHCP on, using 172.16 for addressing. Permanent DHCP lease for the power mac and PowerBook (see below).
The OS X firewall is that of FreeBSD - ipfw with an implicit permit as the last rule. Turn ``On'' the OS X firewall and try a ``sudo ipfw list'' in your Terminal. Given the fact that ipfw is supported under OS X it should be very easy from those converting from FreeBSD, or any similar *nix to tweak to perfection.
I've got a /29 with my DSL so I one-to-one map my power mac (iTunes sharing for me at work, httpd for testing, etc), and my Powerbook (if anyone has found a better way to use battle.net I'm all ears - but doing a one-to-one NAT was the only way it seemed to work with custom games).
I'm a strong believer in an implicit deny firewall setup. That is to say; only allow incoming connections that you absolutely *have* to and deny all the rest.
Originally posted by pgwalsh
You may laugh at me for saying this, but it would be nice for us Non *nix folks to have a GUI to admin or set the state of ipfw.... Anyone?
I didn't realize that Brickhouse was the graphical editor. Here everyone is mentioning it, but with little description. Anyway, I just downloaded it and it seems to work well. I wish I could add it to my system preferences pane... Anyone?Originally posted by BrandonRP0123
No laughing required - really. I completely agree with you. For that very reason I haven't modified the ipfw setup on any of my macs as of yet (and Jaguar has been out a year).
There might be something in the FreeBSD ports that is graphical that'll work with X11. I'll check it out. E-mail me offline if you're interested in my findings.
Originally posted by SLJ
I am new to Mac, and I certainly does not know anything about UNIX... with all these talks about secuirty, I don't even know what I should be doing. Now, where should I start? Someone advise that Apple doesn't have any virus and i don't need to bother with Anti-Virus program.. now you guys talking about firewall... so am I back to square one and I need to get something to protect myself?
Originally posted by Daveman Deluxe
"The password is... one!"
"One!"
"One!"
"Two!"
"Two!"
"Two!"
"Three."
"Three!"
"Three!"
...and so on. Bonus points to those that can place THAT quote.
Originally posted by MacBoyX
SLJ,
My advice to people Mac or PC is to buy a Router no matter if you have a need for it or not. It enables you take advantage of a NAT'd firewall. NAT is Network Address Translation which basically takes the internal non public IP address that is assigned to you by the router and translates it to the PUBLIC known IP address of your broadband. This pretty much is the safest way to live on a broadband connnection.
Security is something you need to be aware of as a Computer User in the High-Speed Internet age.
I wouldn't sweat it but just be aware, it might be time for a Google search on firewalls and security
Hope that helped...
MacBoyX
I have my OSX firewall on and recently downloaded the 7B28 Panther beta at the full speed of my DSL connection, so I wouldn't worry about performance.Originally posted by billyboy
Can you share with us the make of router you use? What do we look for when looking through specs for routers that take us the next stage beyond Jaguar´s Firewall on with nothing ticked in "sharing" preferences - but not into FBI paranoia land.
I´ve got nothing I dont want nicking but if its a matter of a few spondooleys and a plug and play gadget to add that extra unbreakable lock on the door, it is probably worth considering.
My brother is a PC head, poor lad, and says it is going to be quite tricky for him setting up a firewall and not completely dogging the speed of his connection. Is that a Windows thing or does it apply to external devices used on Macs too?
Thanks
Originally posted by daveL
Linksys is a pretty good home router. Cisco owns them, although they don't advertise the fact.
Originally posted by Schiffi
Secure? bah, who has time for security. I'm on a modem so if I feel more laggish than normal I just yank the telephone line from my computer.
Partly because it's a relatively new aquisition.Originally posted by daveL
Linksys is a pretty good home router. Cisco owns them, although they don't advertise the fact.