 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / Applications / Mac Applications / April 20082 software firewalls simultaneously?
Would there be any good reason to run a second firewall alongside Apple's default firewall? As in using ipfw via Water Roof for instance? I don't want to be overly paranoid, but the 10.5 firewall just doesn't leave me particularly comfortable due to its lack of configuration options. And no, I'm not sure why that bothers me, maybe I just like buttons and menus. I have it set to allow only essential services which doesn't interfere with anything I do and the system logs tell me it is keeping the frequent door knockers out. So the default firewall is doing its job and I should just leave well enough alone, right? MLL > Would there be any good reason to run a second firewall alongside > Apple's default firewall? As in using ipfw via Water Roof for instance? WaterRoof is simply a front end to Apple's firewall, ipfw. > I don't want to be overly paranoid, but the 10.5 firewall just doesn't > leave me particularly comfortable due to its lack of configuration [quoted text clipped - 7 lines] > So the default firewall is doing its job and I should just leave well > enough alone, right? Correct.  SignaturePlease send all responses to the relevant news group. E-mail sent to this address may be devoured by my very hungry SPAM filter. I do not read posts from Google Groups. Use a real news reader if you want me to see your posts. JR >> Would there be any good reason to run a second firewall alongside >> Apple's default firewall? As in using ipfw via Water Roof for instance? > > WaterRoof is simply a front end to Apple's firewall, ipfw. So the question he's asking is, is there any reason to use both the application-based firewall (ie, the one with the Apple-supplied gui) and the port-based firewall (ie, ipfw). The general answer to that is, yes, there's a good reason: these are fundamentally different approaches to firewalling that protect against different kinds of security breaches. On the other hand, if the OP is really just looking for "buttons and menus", as he says, there's probably no point. Making effective use of ipfw as another layer of firewall requires some understanding of how it works. If he doesn't feel comfortable writing his own rules, he's not likely to add much security to what the application-based firewall is already providing. > On the other hand, if the OP is really just looking for "buttons and > menus", as he says, there's probably no point. Making effective use > of ipfw as another layer of firewall requires some understanding of > how it works. If he doesn't feel comfortable writing his own rules, > he's not likely to add much security to what the application-based > firewall is already providing. "Not likely to add much" would to me mean "will add something". Given that there is the simpler Noobproof, by the author of Waterroof, which has default rules, it might be worth doing. Even adding a tiny something seems worthwhile if it can be done with a small enough effort. I agree that adding more than a tiny amount would require proper understanding of how to write rules. Signaturehttp://www.decohen.com Send e-mail to the Reply-To address; mail to the From address is never read In article <jollyroger-85EB88.22093227042008@individual.net>, Jolly Roger <jollyroger@pobox.com> wrote: > In article <lightoflife-2227E8.21553927042008@news.west.cox.net>, > Mike <lightoflife@hookah.net> wrote: > > As in using ipfw via Water Roof for instance? > > WaterRoof is simply a front end to Apple's firewall, ipfw. Yes, my preceding sentence indicated that, I believe. > > I don't want to be overly paranoid, but the 10.5 firewall just doesn't > > leave me particularly comfortable due to its lack of configuration > > options. And no, I'm not sure why that bothers me, maybe I just like > > buttons and menus. Maybe saying that I like buttons and menus was too flip. Hey, Apple shipped 10.5 with the firewall OFF by default, for crying out loud! Then there's not a lot of visual feedback to tell me what's going on with the few options that are there. I don't mind delving into the inner workings of either solution. Will one get in the way of the other? I'm sure things are working, however is there any gain to be had by using both? > In article <jollyroger-85EB88.22093227042008@individual.net>, > Jolly Roger <jollyroger@pobox.com> wrote: [quoted text clipped - 12 lines] > Maybe saying that I like buttons and menus was too flip. Hey, Apple > shipped 10.5 with the firewall OFF by default, for crying out loud! As it should be. Such firewalls are only truly useful in select situations, and are not appropriate for all users, especially for systems that are just supposed to work. We've had nothing but problems with the Windows firewall being on by default. > I don't mind delving into the inner workings of either solution. Will > one get in the way of the other? I'm sure things are working, however is > there any gain to be had by using both? Depends on your needs. See the comment else-thread regarding app- vs. port-based filtering. You may not even need this to be on at all if you already have a firewall between this host and the internet (i.e., you have an edge box that is already routing traffic, passing packets based on a ruleset). Signatureclvrmnky <mailto:spamtrap@clevermonkey.org> Direct replies to this address will be blacklisted. Replace "spamtrap" with my name to contact me directly. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.