Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

newbie ..do i want firewall on or off?

If you're behind a router at home, then you don't need it on. if you're using a public wifi like many laptops, then its better to have it on.

Its not needed imo, because a router's own built in security.
 
hacking into a home wifi is pretty trivial, perhaps if you live in the boonies, it may be less of a concern but I'd recommend putting your firewall on.
 
leenak said:
hacking into a home wifi is pretty trivial, perhaps if you live in the boonies, it may be less of a concern but I'd recommend putting your firewall on.
Click to expand...

You find defeating current standard security of modern routers trivial but not Apples built in firewall?
 
cynics said:
You find defeating current standard security of modern routers trivial but not Apples built in firewall?
Click to expand...

well it is a second layer that you can break through and since there are simple programs you can download to defeat modern wifi APs, it is best to have your firewall on. And besides, there are many people that will use the standard wifi out of the box which doesn't even need a program to defeat.
 
thank you very much

it is tough learning this stuff on my own. sorry to bother you all
 
chabig said:
The firewall ships off because by default, OS X has no open ports.
Click to expand...

I don't know where you got the idea that there are no open ports by default. OS X has a number of open ports by default, and even more depending on what you have installed. On my system for example there are more than 20 open.

Whether or not they can be reached and exploited from the outside world is a function of your router/firewall and the expertise of the one trying to hack in.
 
phpmaven said:
I don't know where you got the idea that there are no open ports by default. OS X has a number of open ports by default, and even more depending on what you have installed. On my system for example there are more than 20 open.
Click to expand...

A fresh installation of OS X has no open services to the outside.
Every of the 20 open ports on your system you've opened yourself f.e. by starting file sharing, screen sharing, remote login and stuff like that.
 
cathul said:
A fresh installation of OS X has no open services to the outside.
Every of the 20 open ports on your system you've opened yourself f.e. by starting file sharing, screen sharing, remote login and stuff like that.
Click to expand...

Well... that's just plain inaccurate. By default there are a number of ports open for services used by iTunes and mail and web browsing etc.... If you didn't have any open ports, you wouldn't be able surf the Internet, get email, get app updates and so forth.

Whether or not there are any services listening on a specific port is another matter.

Having said that, the average user doesn't need to worry about enabling the firewall as OS X by default doesn't have any services listening that could be easily exploited.
 
Last edited:
phpmaven said:
Well... that's just plain inaccurate. By default there are a number of ports open for services used by iTunes and mail and web browsing etc.... If you didn't have any open ports, you wouldn't be able surf the Internet, get email, get app updates and so forth.

Whether or not there are any services listening on a specific port is another matter.

Having said that, the average user doesn't need to worry about enabling the firewall as OS X by default doesn't have any services listening that could be easily exploited.
Click to expand...

Well, most of these services are listening on localhost only, so that is not a real problem.

See my list of open ports f.e.:

Code: 
MacbookRetina:~ root# lsof -i -P |grep -i listen
launchd      1           root   39u  IPv6 0xd22aa9a1fc598a09      0t0    TCP localhost:631 (LISTEN)
launchd      1           root   42u  IPv4 0xd22aa9a1fc5a1959      0t0    TCP localhost:631 (LISTEN)
launchd      1           root   46u  IPv4 0xd22aa9a1fc5a1959      0t0    TCP localhost:631 (LISTEN)
launchd      1           root   47u  IPv6 0xd22aa9a1fc598a09      0t0    TCP localhost:631 (LISTEN)
2BUA8C4S2  370          peter   24u  IPv4 0xd22aa9a209bfb959      0t0    TCP localhost:6258 (LISTEN)
2BUA8C4S2  370          peter   25u  IPv6 0xd22aa9a1fc597609      0t0    TCP localhost:6258 (LISTEN)
2BUA8C4S2  370          peter   26u  IPv4 0xd22aa9a1fc59d2d9      0t0    TCP localhost:6263 (LISTEN)
2BUA8C4S2  370          peter   27u  IPv6 0xd22aa9a1fc598509      0t0    TCP localhost:6263 (LISTEN)
Dropbox10  394          peter   40u  IPv4 0xd22aa9a2106dfd49      0t0    TCP *:17500 (LISTEN)
openvpn    469           root    4u  IPv4 0xd22aa9a1fc59ed49      0t0    TCP localhost:49183 (LISTEN)
eclipse    487          peter  233u  IPv6 0xd22aa9a1fc595809      0t0    TCP localhost:62808 (LISTEN)
named     2214          named   21u  IPv6 0xd22aa9a1fc595d09      0t0    TCP *:53 (LISTEN)
named     2214          named   22u  IPv4 0xd22aa9a20dc9eee9      0t0    TCP localhost:53 (LISTEN)
named     2214          named   23u  IPv4 0xd22aa9a2076b9089      0t0    TCP localhost:953 (LISTEN)
named     2214          named   24u  IPv6 0xd22aa9a1fc598009      0t0    TCP localhost:953 (LISTEN)
MacbookRetina:~ root#

The only services that are listening on my real network interface are enabled by myself by installing dropbox and bind as my locale name server.

If it wasn't for this no one outside of my computer could open a connection to it as all other services are listening on the localhost interface only.

And this is the default behavior of Mac OS X Yosemite when not enabling any sharing services at all.

So if you don't use any sharing services, i.e. remote desktop to your local computer et. al. you technically have no open ports on your outside facing network interface.

And there is only one port open for emails, which is the eclipse client in my case (IBM notes), but no ports are open for my opened mail.app for imap access to iCloud, nor are there any services listening for web browsing.

So i was technically totally correct when claiming that there are no open ports on a default installation of OS X that are reachable from outside of your computer, and therefor you technically don't need any firewall on your local computer if you don't change that.
 
cathul said:
Well, most of these services are listening on localhost only, so that is not a real problem.

See my list of open ports f.e.:

Code: 
MacbookRetina:~ root# lsof -i -P |grep -i listen
launchd      1           root   39u  IPv6 0xd22aa9a1fc598a09      0t0    TCP localhost:631 (LISTEN)
launchd      1           root   42u  IPv4 0xd22aa9a1fc5a1959      0t0    TCP localhost:631 (LISTEN)
launchd      1           root   46u  IPv4 0xd22aa9a1fc5a1959      0t0    TCP localhost:631 (LISTEN)
launchd      1           root   47u  IPv6 0xd22aa9a1fc598a09      0t0    TCP localhost:631 (LISTEN)
2BUA8C4S2  370          peter   24u  IPv4 0xd22aa9a209bfb959      0t0    TCP localhost:6258 (LISTEN)
2BUA8C4S2  370          peter   25u  IPv6 0xd22aa9a1fc597609      0t0    TCP localhost:6258 (LISTEN)
2BUA8C4S2  370          peter   26u  IPv4 0xd22aa9a1fc59d2d9      0t0    TCP localhost:6263 (LISTEN)
2BUA8C4S2  370          peter   27u  IPv6 0xd22aa9a1fc598509      0t0    TCP localhost:6263 (LISTEN)
Dropbox10  394          peter   40u  IPv4 0xd22aa9a2106dfd49      0t0    TCP *:17500 (LISTEN)
openvpn    469           root    4u  IPv4 0xd22aa9a1fc59ed49      0t0    TCP localhost:49183 (LISTEN)
eclipse    487          peter  233u  IPv6 0xd22aa9a1fc595809      0t0    TCP localhost:62808 (LISTEN)
named     2214          named   21u  IPv6 0xd22aa9a1fc595d09      0t0    TCP *:53 (LISTEN)
named     2214          named   22u  IPv4 0xd22aa9a20dc9eee9      0t0    TCP localhost:53 (LISTEN)
named     2214          named   23u  IPv4 0xd22aa9a2076b9089      0t0    TCP localhost:953 (LISTEN)
named     2214          named   24u  IPv6 0xd22aa9a1fc598009      0t0    TCP localhost:953 (LISTEN)
MacbookRetina:~ root#

The only services that are listening on my real network interface are enabled by myself by installing dropbox and bind as my locale name server.

If it wasn't for this no one outside of my computer could open a connection to it as all other services are listening on the localhost interface only.

And this is the default behavior of Mac OS X Yosemite when not enabling any sharing services at all.

So if you don't use any sharing services, i.e. remote desktop to your local computer et. al. you technically have no open ports on your outside facing network interface.

And there is only one port open for emails, which is the eclipse client in my case (IBM notes), but no ports are open for my opened mail.app for imap access to iCloud, nor are there any services listening for web browsing.

So i was technically totally correct when claiming that there are no open ports on a default installation of OS X that are reachable from outside of your computer, and therefor you technically don't need any firewall on your local computer if you don't change that.
Click to expand...

I was just responding to your assertion that there are no open ports at all. That is clearly not accurate. Whether or not they are reachable by the outside world or not is another issue. However, I do agree that the average user doesn't need to worry about having the firewall enabled.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back