Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Do most of you enable firewall?
- Thread starter markw10
- Start date
- Sort by reaction score
turn it on. be happy. really easy to change stuff.
Well i say this coming from a traveling laptop. If you be at home with a router between you and da intertubes then no need to worry about it.
Well i say this coming from a traveling laptop. If you be at home with a router between you and da intertubes then no need to worry about it.
yep I got a firewall turned on. Maybe thats just because I was use to having a firewall on in the windows days that its carried over to the mac....
I have the OSX firewall enabled on both my Macs, even though I'm behind a router with a firewall. I feel safer that way 
Me too. Doesn't hurt to be safe! The only exceptions I have are bonjour services, network time services, apple file share, and iTunes sharing, in order to stream to my airport express.
Yeah, on my iBook, firewall up, no ports open, stealth, deny UDP, I think (it travels both on the home network and on school networks about whose firewalls I'm not so sure). On my iMac, which is always behind the NAT firewall of my AEBS, the same, except a handful of intranet ports like iTunes, iPhoto, etc sharing are opened.
First, welcome to the Mac Platform.
Yes, turn your firewall on, block UDP, and enable Stealth mode. You may enable logging if you prefer. The firewall logs (who's hitting on you, for lack of a better way to put it. ) may be viewed by launching the console.app, found in the utilities folder. It's under var/log ipfw.log.
It's not too fancy, just a plain text style log.
As others have suggested, you can always invest in a firewall/router, for extra security if you feel it's necessary.
Yes, turn your firewall on, block UDP, and enable Stealth mode. You may enable logging if you prefer. The firewall logs (who's hitting on you, for lack of a better way to put it. ) may be viewed by launching the console.app, found in the utilities folder. It's under var/log ipfw.log.
It's not too fancy, just a plain text style log.
As others have suggested, you can always invest in a firewall/router, for extra security if you feel it's necessary.
You have to balance your needs versus the added bit of security a firewall provides. The firewall included in OS X is a pretty feeble affair - not worthless, but close to it.
The OS X firewall (at least up until OS X 10.4.9) only tries to control incoming traffic. It does nothing for outgoing traffic - which puts it behind the most recent stuff from the Windows world This is one reason why you may want to spring for Little Snitch, which essentially provides the other side: control of outgoing traffic. The other thing, is that the OS X firewall has very little in the way of controls and a subpar GUI. Overall, again, as firewalls go, it's one of the least impressive out there.
Having a firewall can't hurt, but frankly if you are behing a router, the additional protection offered by OS X firewall is not much at all. Meanwhile, it can cause problems if you run bittorrent and the like.
If you are out and about with a laptop, sure turn it on - won't hurt. If you're at home behind a router and running bittorrent and such applications, I wouldn't bother.
The OS X firewall (at least up until OS X 10.4.9) only tries to control incoming traffic. It does nothing for outgoing traffic - which puts it behind the most recent stuff from the Windows world
This is one reason why you may want to spring for Little Snitch, which essentially provides the other side: control of outgoing traffic. The other thing, is that the OS X firewall has very little in the way of controls and a subpar GUI. Overall, again, as firewalls go, it's one of the least impressive out there.Having a firewall can't hurt, but frankly if you are behing a router, the additional protection offered by OS X firewall is not much at all. Meanwhile, it can cause problems if you run bittorrent and the like.
If you are out and about with a laptop, sure turn it on - won't hurt. If you're at home behind a router and running bittorrent and such applications, I wouldn't bother.
yes
firewall is on every day, deny udp, stealth mode! I also have a hardware firewall router by linksys and 128 bit encryption. Wife is using a windoze box so I can never be too careful. (darned company laptop dell)
firewall is on every day, deny udp, stealth mode! I also have a hardware firewall router by linksys and 128 bit encryption. Wife is using a windoze box so I can never be too careful. (darned company laptop dell)
The problem with the Mac OS X firewall isn't lack of power - it's lack of GUI configuration tools for outbound connections that are built-in. The firewall built into Mac OS X can filter outbound connections just as easily as it can inbound - there's just no GUI for configuring it.You have to balance your needs versus the added bit of security a firewall provides. The firewall included in OS X is a pretty feeble affair - not worthless, but close to it.
The OS X firewall (at least up until OS X 10.4.9) only tries to control incoming traffic. It does nothing for outgoing traffic - which puts it behind the most recent stuff from the Windows world
Having a firewall can't hurt, but frankly if you are behing a router, the additional protection offered by OS X firewall is not much at all. Meanwhile, it can cause problems if you run bittorrent and the like.
If you are out and about with a laptop, sure turn it on - won't hurt. If you're at home behind a router and running bittorrent and such applications, I wouldn't bother.
May be a dumb question but how do i block UDP and where to I enable "stealth mode". Firewall's already on.
Not dumb at all. Here's how: (You are running 10.4?)
Under the Apple menu, open System Preferences.
CLick on Sharing.
You should see three tab buttons, Services, Firewall, and Internet. CLick on Firewall.
There's a list of services. Best security is to have all un-checked. You may leave Network Time checked, if you need to sync to a network time server such as Apple's time server.
Lower right of window, you'll see a button marked "Advanced". Click the advanced button. a drop-menu appears.
There are three things to check, "Block UDP Traffic", "Enable Firewall Logging", and "Enable Stealth Mode". Check stealth mode, and Block UDP traffic. Firewall logging is optional. Still, it's fun to trace some of the hits back. If you choose logging, remember to clear the log at least once per week. it can get long rather quickly. Click on OK and you should be all set.
You've read some different opinions on how effective the OS X Firewall, in its standard configuration, is. Here is a brief article from Macworld, July '06.
Apple provides pretty good information in the help menu. In the finder, just pull down Help, on the tool bar.
Appreciate the info FrankBlack. Followed your well written instructions and guess what...UDP was already blocked and I was in stealth mode. also logging was on and i cleared the log. looked like there were lots of options on the left side of the log after clicking on the top left icon labled "logs". should i be clearing all of them or just the one that automatically comes up.
thanks again for the help.
wanda.
thanks again for the help.
wanda.
You don't have to be too concerned about clearling the logs. As you've noticed, the system log is handy, and has quite a bit of information. The Crash reporter is frequently used by techs for troubleshooting purposes. In a lot of companies, these logs are retained for security purposes.
One thing you can do, and it's very simple: Use a freeware app called Macjanitor, to run three maintenance scripts once in awhile.
Problem: Unix was originally built to run on huge systems, running 24/7. These maintenance scrpits, called "cron jobs" by the Guru's, would normally run in the middle of the night. So, since most people either shut down their machines, or let them sleep when done for the day, the scripts never get run.
These scripts may be run through the terminal, but macjanitor puts a nice GUI on it. Again, it's freeware. You can read more about it at version tracker and find a link to download the latest version.
Here is a link to an Apple Tech info article on the maintenance scripts.
Running these only takes a few seconds for the "daily" and "monthly" portions. The "weekly" one may run for several minutes. Your mac may look like it's doing nothing, but the script is indeed running.
Mac OS X Panther and earilier did indeed have the problem you mentioned. However, in Tiger (and later), Apple added launchd, which has the clever ability to reschedule things that were supposed to run while the computer was off or asleep to run when it's next awakened or turned on. Macjanitor is still useful on these systems for running the scripts manually.
If you use certain services, some ports blocked by the firewall should be left open. If you click any of the services in the "Services" pane of "Sharing", the appropriate firewall tick box will be unchecked too automatically.
It doesn't hurt to leave it on, but the safest thing you can do is get a router, even if you have only one mac. A router provides network address translation, which is like a firewall in and of itself. Again, it's not a foolproof answer for total security. There is no such thing. But the worst you can do is hook your mac right up to the ethernet cable running straight to your cable / DSL modem. Even worse is having a Windows box hooked straight to the cable modem with no firewall; that's like sleeping with a $2 Thai hooker without a condom Having your mac directly hooked is more like sleeping with Margaret Thatcher.
I sometimes unblock Remote Login via SSH - this way I can bypass my employer's totalitarian web filter.
It doesn't hurt to leave it on, but the safest thing you can do is get a router, even if you have only one mac. A router provides network address translation, which is like a firewall in and of itself. Again, it's not a foolproof answer for total security. There is no such thing. But the worst you can do is hook your mac right up to the ethernet cable running straight to your cable / DSL modem. Even worse is having a Windows box hooked straight to the cable modem with no firewall; that's like sleeping with a $2 Thai hooker without a condom
Having your mac directly hooked is more like sleeping with Margaret Thatcher.I sometimes unblock Remote Login via SSH - this way I can bypass my employer's totalitarian web filter.
I've just downloaded the SXSW showcase 2007 via bittorrent with Transmission with the OS X Firewall on, no special ports open and the port (9090) forwarded to the wrong IP address so if you have a decent client you should be fine. (I ended up with a ratio of about 0.5, not great, but I did upload too)
No, why do i have to use a personal firewall when there is no service/daemon that has to be blocked? The firewall itself would just be another possible exploitable part.
Let me explain: Why do you want a firewall?
If you want to block some "evil" apps "phoning home", the osx firewall is useless ATM, in leopard you have this option but what if the "evil app" just clicks "allow" without you noticing it or simply deactivate the firewall?
If you want to be secure "from the evil internet side", why you just turn off the services/daemons that are listening in the internet, instead of using a personal firewall?
I know this is a bit hard to explain/understand but maybe i can tell you some things about personal firewalls.
more infomation http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.en.html -really interesting if you are a bit in computer security/networking/firewalls
Let me explain: Why do you want a firewall?
If you want to block some "evil" apps "phoning home", the osx firewall is useless ATM, in leopard you have this option but what if the "evil app" just clicks "allow" without you noticing it or simply deactivate the firewall?
If you want to be secure "from the evil internet side", why you just turn off the services/daemons that are listening in the internet, instead of using a personal firewall?
I know this is a bit hard to explain/understand but maybe i can tell you some things about personal firewalls.
more infomation http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.en.html -really interesting if you are a bit in computer security/networking/firewalls