Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
GeneralPortable MacsHardwareNetworking
Applications
Mac ApplicationsEudoraFirefox / MozillaInternet ExplorerOutlook ExpressMS OfficeEntourageExcelPowerPointWordVirtual PCMedia PlayerOther MS Products
Programming
Mac ProgrammingCodeWarriorPerl
Country Specific
Australian Mac GroupUK Mac Group

Mac Forum / General / Portable Macs / October 2005


Tip: Looking for answers? Try searching our database.

Advise on good firewall for Mac OS X 10.3.9

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
ThufirHawat - 21 Oct 2005 16:29 GMT
I understand that Firewall X 2 is no longer maintained.
Would anybody then please recommend, possibly having used it, a good
firewall, easy to configure (the one included in OS X is out,
therefore) or already with a std set of rules, to be used in a network
behind an AirPort Extreme base station, connected to the Internet via a
cable modem, not requiring OS X 10.4?
I already use Little Snitch, but Little Snitch cannot replace a full
fledged firewall, as it implements, very well, only a subset of the
usual firewall functions.

Thanks a lot!

ThufirHawat

--
Reply to this Message
John Johnson - 21 Oct 2005 18:09 GMT
> I understand that Firewall X 2 is no longer maintained.
> Would anybody then please recommend, possibly having used it, a good
[quoted text clipped - 11 lines]
>
> --

What do you wish to do that makes the OS X firewall difficult to
configure?

Signature

Later,
John

johajohn@indianahoosiers.edu

'indiana' is a 'nolnn' and 'hoosier' is a 'solkk'. Indiana doesn't solkk.

Reply to this Message
ThufirHawat - 22 Oct 2005 00:14 GMT
> > I understand that Firewall X 2 is no longer maintained.
> > Would anybody then please recommend, possibly having used it, a good
[quoted text clipped - 14 lines]
> What do you wish to do that makes the OS X firewall difficult to
> configure?

Not much, but I have a totally idiot ISP who changes continuously his
DNS, as they get regularly hacked by some script kiddie, and I also
wish to be alerted by port scans and UDP probings. From what I have
read you cannot do all this with the OS X firewall (alert capability
zero) while using NAT, as I do.
Reply to this Message
Aawara Chowdhury - 23 Oct 2005 21:19 GMT
>> What do you wish to do that makes the OS X firewall difficult to
>> configure?
[quoted text clipped - 4 lines]
> read you cannot do all this with the OS X firewall (alert capability
> zero) while using NAT, as I do.

If you're using NAT, your Mac should not see port scans or UDP probes
from the world.  Only from within your NATed network.  This means you
will not use the capabilities that you're seeking in a FW.

AC
Signature

Aawara Chowdhury, Shelter 5329, Champaign, IL.

Reply to this Message
ThufirHawat - 24 Oct 2005 00:54 GMT
> >> What do you wish to do that makes the OS X firewall difficult to
> >> configure?
[quoted text clipped - 8 lines]
> from the world.  Only from within your NATed network.  This means you
> will not use the capabilities that you're seeking in a FW.

What you say is logical, but then how come I have in my Firewalk log
entries like this:

21/10/2005 18:22:43 denied(stealth) TCP 140.211.166.198:80 to
10.0.1.2:56862 via en1 [this looks like an idiot trying to hit a port
on my NAT'ified AlBook, in spite of the NAT done by my Airport Extreme
Base Station]

or this:

23/10/2005 18:09:27 denied(stealth) UDP 10.0.1.2:58079 to
239.255.255.253:427 via en1 [this seems me sending a UDP message to an
address, perhaps broadcast?]
Reply to this Message
D P Schreber - 24 Oct 2005 13:00 GMT
> What you say is logical, but then how come I have in my Firewalk log
> entries like this:
[quoted text clipped - 3 lines]
> on my NAT'ified AlBook, in spite of the NAT done by my Airport Extreme
> Base Station]

This is part of an http conversation between your AiBook and one of the
www.mozilla.org mirrors.

> 23/10/2005 18:09:27 denied(stealth) UDP 10.0.1.2:58079 to
> 239.255.255.253:427 via en1 [this seems me sending a UDP message to an
> address, perhaps broadcast?]

Yes, it's a broadcast address.  OSX sends out these service discovery
broadcasts regularly.

These logs are alarming you over nothing.
Reply to this Message
D P Schreber - 24 Oct 2005 13:19 GMT
>> 21/10/2005 18:22:43 denied(stealth) TCP 140.211.166.198:80 to
>> 10.0.1.2:56862 via en1
[quoted text clipped - 7 lines]
> Yes, it's a broadcast address.  OSX sends out these service discovery
> broadcasts regularly.

Slight correction: this is multicast, not broadcast.  It's osx looking
for file servers (samba, nfs, ftp, apple afp).

In both cases, perfectly normal ip traffic.
Reply to this Message
ThufirHawat - 24 Oct 2005 16:46 GMT
> >> 21/10/2005 18:22:43 denied(stealth) TCP 140.211.166.198:80 to
> >> 10.0.1.2:56862 via en1
[quoted text clipped - 12 lines]
>
> In both cases, perfectly normal ip traffic.

Thank you very much for decrypting these mysterious entries.
I probably should then authorise these conversations by creating new
rules, were it only to reduce my firewall log to the real ones.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.