How do I install this firewall?

Discussion in 'Mac Basics and Help' started by Detlev, Nov 19, 2008.

  1. Detlev macrumors 6502a

    Sep 16, 2003
    Before someone says "You don't need to..." Yes, I do. I need to at least try to prove that it would not matter.

    OK, here we go...

    I need to filter and or block outside access to UDP port 192. What I have is four or five clients (machines) that use an AirPort base station. A contracted security firm has scanned our IP address and found they can gain information from UDP port 192 and they feel this is a security risk. They sent me the information and it was correct so I know they were able to access it somehow. They say it amy only need a firewall or filter. I already have a closed network, use MAC address control, WiFi Protected Access, etc. Can someone help me set this up to see if in fact it will do as they say?

    Another thing I am confused about is that I don't know where these firewalls are. Are they on the base station or the individual clients (machines)? It seems they get as far as the base station, as they have never mentioned what computers we are using. So, am I trying to turn on firewalls and/or filters on the base station only?
  2. Dark Dragoon macrumors 6502a

    Dark Dragoon

    Jul 28, 2006
    On Apple's "Well Known" TCP and UDP ports used by Apple software products page it lists port 192 as:-

    Was the security company scanning from within the network or from outside (internet)?

    If it was from inside then blocking that port might stop you from accessing the Airports configuration/settings.

    Not sure if this is it, however check that you don't have SNMP allowed for the WAN. In the Airport config under Advanced > Logging and SNMP, make sure Allow SNMP Access is unchecked. I would back up your configuration first, I can't test this at the moment as I don't have my Airports with me.

    EDIT: As far as I can tell it's the Airport which is most likely the problem, it will already be running a firewall however. Hopefully it is something like SNMP or remote configuration which can be disabled for the WAN.

Share This Page