What firewall software do you use on your Mac?

Bubble99

macrumors 6502
Original poster
Mar 15, 2015
290
43
what firewall software do you recommend?

Any type of firewall you use and recommend? What are some of the good firewall?
 

Fishrrman

macrumors P6
Feb 20, 2009
17,194
5,543
None, actually.
I just use the router's NAT as "the firewall".

I've never had any problems that way...
 

komatsu

macrumors 6502
Sep 19, 2010
472
34
none.

Somebody is going to inevitably mention "Little Snitch" (which is good) but might prove annoying as it
needs a fair amount of human intervention.
 

chabig

macrumors 603
Sep 6, 2002
5,889
3,142
None. Remember that macOS has a built-in firewall, and Apple ships it turned off by default for a reason.
 
Last edited:

MacForScience

macrumors 6502
Sep 7, 2010
481
5
USA
OS X's Application Firewall combined with a SonicWALL UTM running Deep Packet Inspection, IDS/IPS, AV and Anti-Malware, Application Filtering, and Wireless Intrusion Detection with a SonicPoint. All tied together with managed switches and a dedicated network monitoring machine using tools like TShark, tcpdump, and other open source packet capture tools for proxying connections and VPN tunneling. Everyone should run a firewall–it is silly to think that in this day and age you can run with no firewall and be safe.
 

Bubble99

macrumors 6502
Original poster
Mar 15, 2015
290
43
none.

Somebody is going to inevitably mention "Little Snitch" (which is good) but might prove annoying as it
needs a fair amount of human intervention.
Is little smitch like zone alarm for Windows?
 

BigMcGuire

Contributor
Jan 10, 2012
4,623
5,669
California
None. The person behind the computer will be a lot more powerful than any software firewall. Don't go to bad sites, don't download free things that aren't from verified or secure sources (free wallpapers = bad!) etc...

I've worked IT at several companies (private - under 20 employees) and no matter how many firewalls you have (we bought a cisco firewall vpn) and no matter how great your antivirus is (Eset Nod32) - employees will always manage to get viruses. So running them on user accounts so when the virus does hit, it only affects their profile (windows) is very important. Yes, I realize I'm talking about Windows... but... same concept.

It is going to be the user behind the computer that determines the computer's safety.
 

Bubble99

macrumors 6502
Original poster
Mar 15, 2015
290
43
Everyone should run a firewall–it is silly to think that in this day and age you can run with no firewall and be safe.[/QUOTE]
If you have no services listening to the network then it’s kind of redundant. Yes?


Not sure what you mean. A good firewall is to stop out going and incoming.

And also to stop hackers.
[/doublepost]="artfossil, post: 25310541, member]None. Besides me

You may want to put anti- virus on Mac and or Linux not so much they may get infected as you can spread infection to Windows computers.

In 10 years using Mac I have yet to have home page change, browser hijacking, strange programs installed, wallpaper changed, ads and pops ups every where, pops ups that do not close, strange toolbare, slow OS , freezes so on.

But was very common in Windows days before I seen.

Windows malware on Mac could spread to other Windows computer on the network.

Now ransomware seem be big thing going on now days than typical malware everyone all to common to see in the past.
 
Last edited:

556fmjoe

macrumors 68000
Apr 19, 2014
1,607
910
If you have no services listening to the network then it’s kind of redundant. Yes?
No, it still can prevent attackers who have achieved code execution from setting up a bind shell. If it is properly configured to filter outgoing connections, it can sometimes prevent them from using a reverse shell too.

Consider an attacker who has exploited a Safari vulnerability (for example) and can execute arbitrary code. The first thing he will want to do is set up a method of persistent access. If he is on the local network and there are no firewalls in between, he could do this with a bind shell, where he sets up netcat to listen on a port on the victim machine.

The classic method is to run something like
Code:
nc -lvp 4444 -e /bin/sh
on the victim. This will set up netcat to listen on port 4444 for incoming connections and execute /bin/sh, giving the remote attacker the ability to simply connect to the netcat service at will and obtain a shell. On most Unix systems, netcat no longer contains the -e option because of this, but it is still possible to use it as a bind shell using named pipes.

A reverse shell would be similar, but the netcat listener is set up on the attacker's machine and the victim is used to connect to it. This often evades firewalls because the netcat connection is outbound from the victim machine and most people allow all outbound connections through the firewall.

Still a firewall would stop the first attack which is simpler to execute than a reverse shell.
 

dogslobber

macrumors 68040
Oct 19, 2014
3,476
4,671
Apple Campus, Cupertino CA
[doublepost=1509287360][/doublepost]
No, it still can prevent attackers who have achieved code execution from setting up a bind shell. If it is properly configured to filter outgoing connections, it can sometimes prevent them from using a reverse shell too.
But if the attacker can execute code on your local system them the war is lost...
[doublepost=1509287421][/doublepost]
Not sure what you mean. A good firewall is to stop out going and incoming.

And also to stop hackers.
Then the Apple firewall plain sucks then? If no service is listening externally then what is being stopped from incoming?
 

556fmjoe

macrumors 68000
Apr 19, 2014
1,607
910
[doublepost=1509287360][/doublepost]
But if the attacker can execute code on your local system them the war is lost...
[doublepost=1509287421][/doublepost]
Then the Apple firewall plain sucks then? If no service is listening externally then what is being stopped from incoming?
Not necessarily. Often you only get a brief window to execute code via exploit. If you can't set up a persistent backdoor right away, you have little opportunity to take advantage of the exploited system. The target user may stop running the vulnerable software, or update it (possibly fixing the vulnerability), or log off the network, etc. A firewall is a low resource way to make this more difficult.
 

dogslobber

macrumors 68040
Oct 19, 2014
3,476
4,671
Apple Campus, Cupertino CA
Not necessarily. Often you only get a brief window to execute code via exploit. If you can't set up a persistent backdoor right away, you have little opportunity to take advantage of the exploited system. The target user may stop running the vulnerable software, or update it (possibly fixing the vulnerability), or log off the network, etc. A firewall is a low resource way to make this more difficult.
Maybe. But an exploit phoning home from an Apple computer still isn't going to be stopped by the current Apple firewall. It would only give itself away if an external client was trying to initiate a new connection (TCP SYN) with it. I don't think that's how these exploits typically work.
 

HenryAZ

macrumors 6502a
Jan 9, 2010
605
97
South Congress AZ
none.

Somebody is going to inevitably mention "Little Snitch" (which is good) but might prove annoying as it
needs a fair amount of human intervention.
Once configured (and I have carried my configurations across several generations of OS-X/MacOS), it requires little attention. Once in a while, with a new app, or an upgrade to an app, there needs to be a change made, but otherwise Little Snitch runs in the background for me, and does its job quite well. A great app. A basic understanding of ports and protocols helps a lot.
 
  • Like
Reactions: splifingate

Michael MP2

macrumors member
Nov 2, 2017
31
2
Little Snitch since I don't want software calling back to ad servers, sending my location, analytic information I haven't given permission to send... then Icefloor to plug any holes as required (it's a front in for the hidden PF firewall built into the system (not the firewall in system preferences.))
 

Rigby

macrumors 601
Aug 5, 2008
4,741
3,689
San Jose, CA
I'd recommend not to use any 3rd party firewalls. They can do more harm than good. For example, Little Snitch had a bug that made the system more, not less, vulnerable:

https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one

This particular vulnerability has been fixed in the meantime, but who knows how many more there are. Any additional software that runs in privileged mode and/or handles network traffic potentially increases your attack surface. It is also often trivially easy for an app running on your computer to circumvent a software firewall to establish outgoing connections. If you have untrusted software running on your machine, the battle is already lost.
 
Last edited: