Professional Web Applications Themes

What do Firewall settings do under the hood? - Mac Networking

When I turn on the built-in firewall, my Webserver magically becomes unavailable to other hosts on my network. But whether the firewall is on or not, the routing tables ('netstat -r' from Terminal.app) don't change. I was wondering where one can see the firewall rules in Terminal.app. If the answer is to read the ipfw man page, I'm going to go do that now....

  1. #1

    Default What do Firewall settings do under the hood?

    When I turn on the built-in firewall, my Webserver magically becomes
    unavailable to other hosts on my network. But whether the firewall is
    on or not, the routing tables ('netstat -r' from Terminal.app) don't
    change.

    I was wondering where one can see the firewall rules in Terminal.app.
    If the answer is to read the ipfw man page, I'm going to go do that now.
    Steve Guest

  2. #2

    Default Re: What do Firewall settings do under the hood?

    On Wed, 17 Dec 2003 01:34:28 GMT, 

    Well, the answer is to read the ipfw man page. But the short answer is
    `ipfw list`. You need a rule to "allow tcp from any to any 80 in",
    unless you want your webserver access to be more finegrained than that.
    --
    Bev A. Kupf
    "The lyfe so short, the craft so long to lerne" -- Chaucer
    Bev Guest

  3. #3

    Default Re: What do Firewall settings do under the hood?

    In comp.sys.mac.system Steve Leibel <com> wrote: 
     

    The firewall settings (at least for OS 10.3) are easily found simply
    by opening up the sharing preferences panel.

    stan@temple.edu Guest

  4. #4

    Default Re: What do Firewall settings do under the hood?

    In article <brodtd$hfq$temple.edu>, edu wrote:
     

    >
    > The firewall settings (at least for OS 10.3) are easily found simply
    > by opening up the sharing preferences panel.[/ref]

    Well, sort of. The problem with OS X's firewall is that by default it
    applies to both NIC's! Under what scenario would I want to deny HTTP
    port 80 requests into the Internet connection sharing machine from my
    *local* network, as the default setting?

    I have tried twice now to use my OS X machine as my cable modem sharing
    machine/firewall. The first time was using 10.2.something, and I just
    tried it again using 10.3.1. In both cases the result is a useless
    network without mucking around in a text configuration file using vi.

    No thanks. I'll keep using my Windows XP box as my connection
    sharing/firewall. It's secure and it's easy to setup because you tell
    it which NIC to apply to! Through the GUI - no text files needed!
    Why can't OS X do this?

    "World's Most Advanced OS" indeed!

    Dan
    Dan Guest

  5. #5

    Default Re: What do Firewall settings do under the hood?

    In article <newscene.com>,
    Dan <net> wrote: 
    >> 
    >>
    >> The firewall settings (at least for OS 10.3) are easily found simply
    >> by opening up the sharing preferences panel.[/ref]
    >
    >Well, sort of. The problem with OS X's firewall is that by default it
    >applies to both NIC's! Under what scenario would I want to deny HTTP
    >port 80 requests into the Internet connection sharing machine from my
    >*local* network, as the default setting?
    >
    >I have tried twice now to use my OS X machine as my cable modem sharing
    >machine/firewall. The first time was using 10.2.something, and I just
    >tried it again using 10.3.1. In both cases the result is a useless
    >network without mucking around in a text configuration file using vi.
    >
    >No thanks. I'll keep using my Windows XP box as my connection
    >sharing/firewall. It's secure and it's easy to setup because you tell
    >it which NIC to apply to! Through the GUI - no text files needed!
    >Why can't OS X do this?
    >
    >"World's Most Advanced OS" indeed!
    >
    >Dan[/ref]

    Hi

    I posted my little OS X firewall rant in another
    thread. The built in ipfw is a nice little packet filter
    but it requires a bit of study to correctly configure and
    use that can be more than one wishes to invest.

    There is a page at

    http://www.macosxhints.com/article.php?story=20021206055445944

    that describes the process, but it is non-trivial and requires
    "mucking around in a text configuration file using vi"

    Good Luck

    Claude

    claudel Guest

  6. #6

    Default Re: What do Firewall settings do under the hood?

    In article <newscene.com>,
    Dan <net> wrote:
     

    Apple's got a long history-- a reputation, even-- of providing GUI
    applications that only give a simplified interface to the underlying
    code. Surely you must realize that. However more-advanced GUI tools
    have long been available for those who perfer them. In your case, a
    quick search for a free tool called "Brickhouse" would give you a tool
    to do more complex firewall setup than the Apple-provided option, whilst
    avoiding the dread horror of editing a text file. And if you had never
    heard of Brickhouse, a quick search at www.versiontracker.com on the
    word "firewall" would have revealed its existence.

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 1.4: Best cleanup yet, gets files other tools miss.
    See http://www.atomicbird.com/
    Tom Guest

  7. #7

    Default Re: What do Firewall settings do under the hood?

    Dan wrote:
     
    >> 
    >>
    >>The firewall settings (at least for OS 10.3) are easily found simply
    >>by opening up the sharing preferences panel.[/ref]
    >
    >
    > Well, sort of. The problem with OS X's firewall is that by default it
    > applies to both NIC's! Under what scenario would I want to deny HTTP
    > port 80 requests into the Internet connection sharing machine from my
    > *local* network, as the default setting?
    >
    > I have tried twice now to use my OS X machine as my cable modem sharing
    > machine/firewall. The first time was using 10.2.something, and I just
    > tried it again using 10.3.1. In both cases the result is a useless
    > network without mucking around in a text configuration file using vi.
    >
    > No thanks. I'll keep using my Windows XP box as my connection
    > sharing/firewall. It's secure and it's easy to setup because you tell
    > it which NIC to apply to! Through the GUI - no text files needed!
    > Why can't OS X do this?
    >
    > "World's Most Advanced OS" indeed!
    >
    > Dan[/ref]

    I would suggest that since you are on a high speed always on connection
    that you use a router. Particularly since one of your systems is a
    Windows machine. That way you won't have to deal with connection sharing
    on your computer and you can set each firewall the way you want it.


    Bill Guest

  8. #8

    Default Re: What do Firewall settings do under the hood?

    In article <tph-07FF93.12162818122003localhost>,
    Tom Harrington <no.spam.dammit.net> wrote:

     

    Except that Brickhouse is not "free", and the last time I checked it
    didn't work with 10.3 yet.

    According to http://personalpages.tds.net/~brian_hill/brickhouse.html
    the most recent version is a beta from 2 years ago. No thanks.

    Dan
    Dan Guest

  9. #9

    Default Re: What do Firewall settings do under the hood?

    In article <supernews.com>,
    Bill Leeper <net> wrote:
     

    I have a router - it's my Windows XP machine. It's always on anyways,
    so my entire network here is always connected to the net. I currently
    have 2 OS X machines, a Quadra 950 running 8.1, and several Windows
    XP/Longhorn laptops all connected thru my Windows XP "server". It
    works well and is easy to configure. I just wanted to try OS X's
    sharing and firewall to see if it made any difference. It did. OS
    X's firewall is still brain dead!

    XP's built-in firewall is actually very good, *and* it's easy to set up.
    Why would I want to spend more money on another piece of hardware when
    what I have already works fine?

    Dan
    Dan Guest

  10. #10

    Default Re: What do Firewall settings do under the hood?

    In article <brsu6b$8ia$sonic.net>,
    sonic.net (claudel) wrote:
     

    Yeah, I've seen all that. It's *way* too much effort for something
    that is so simple (like 5 mouse clicks) under Windows XP. I just
    wanted to try it out anyways, it's not like a *need* a firewall - I
    already have a good one.

    Dan
    Dan Guest

  11. #11

    Default Re: What do Firewall settings do under the hood?

    On 20 Dec 2003, Dan wrote:
     
    >
    > Yeah, I've seen all that. It's *way* too much effort for something
    > that is so simple (like 5 mouse clicks) under Windows XP. I just
    > wanted to try it out anyways, it's not like a *need* a firewall - I
    > already have a good one.
    >[/ref]
    Then just use apple's graphical interface. Editing the rules by hand does
    however allow way more sophiscated rule sets.

    Fred

    Frederick Guest

  12. #12

    Default Re: What do Firewall settings do under the hood?

    Dan <net> writes:
     
    >
    > Except that Brickhouse is not "free", and the last time I checked it
    > didn't work with 10.3 yet.[/ref]

    It *seems* to work with 10.3 for me, but I haven't subjected it to a
    bunch o' testing either. However, it doesn't play well with
    Panther's frontend for the firewall- Panther complains that "other
    firewall software is running" or some such.
    Tim Guest

  13. #13

    Default Re: What do Firewall settings do under the hood?

    ["Followup-To:" header set to comp.sys.mac.comm.]
    On 2003-12-20, Dan <net> wrote: 

    The bsd kernel firewall code is highly sophisticated and powerful
    enough to do anything you want. It's also straightforward to
    configure if you're willing to learn the basic concepts of how
    firewalls work in general. Oh yeah, you can look at the sources if
    you want to.

    The System Preference firewall gui is, by contrast, much less flexible
    but also extremely simple to use and for the overwhelming majority of
    osx users, completely adequate.

    In short, Apple made exactly the right trade-off: the typical case has
    been made simple enough for the typical user, while the atypical cases
    can be handled with no difficulty by anyone who has any real reason to
    need the extra power (ie, by sophisticated users who might otherwise
    be running linux or *bsd).

    You, on the other hand, want something in the muddled middle,
    apparently because it's what you happen to be used to. Habit is no
    better an argument coming from an xp user than it is coming from a
    "classic" macos user.

    As for trusting an xp machine to act as your primary network security
    interface, that's a fairly breathtaking example of blind faith.



    Hugh Guest

  14. #14

    Default Re: What do Firewall settings do under the hood?

    Entity Hugh Wolf spoke thus:
     
    That's for sure. Is there any way to specify a range of ports in the GUI?

    --
    There are two kinds of people in the world, those who see the world as a
    dichotomy, and those who don't -- Gnarlodious


    Gnarlodious Guest

  15. #15

    Default Re: What do Firewall settings do under the hood?

    In article <BC09E3EE.2F66C%invalid.>,
    Gnarlodious <invalid.> wrote:
     
    > That's for sure. Is there any way to specify a range of ports in the
    > GUI?[/ref]

    Yes, at least in Panther.

    Sharing control panel.
    Firewall tab
    Click New or Edit (after selecting the item to edit), depending on your
    needs.
    There is a text edit field that is labeled "Port Number, Range, or
    Series:"

    -- Michelle

    --
    Never play strip tarot.
    Michelle Guest

  16. #16

    Default Re: What do Firewall settings do under the hood?

    In article
    <srcf.societies.cam.ac.uk>
     

    But it doesn't *work*! It applies to firewall to both network cards -
    the one I am sharing the cable modem on, and the local one. It ends up
    as a useless network.

    Dan
    Dan Guest

  17. #17

    Default Re: What do Firewall settings do under the hood?

    In article <attbi.com>,
    Steve Leibel <com> wrote:
     

    That's because firewall rule sets don't have anything to do with routing
    tables. Firewalls determine whether specific packets should be accepted
    or forwarded. Routing tables determine where to forward outgoing
    packets.

    KeS
    Kevin Guest

  18. #18

    Default Re: What do Firewall settings do under the hood?

    Dan wrote:
     
    >
    > Except that Brickhouse is not "free", and the last time I checked it
    > didn't work with 10.3 yet.[/ref]

    Also, BrickHouse IS a "simplified interface to the
    underlying" ipfw. I used it--and liked it--until
    I learned enough about ipfw to use its full power
    via Terminal.

    --
    Wes Groleau

    A pessimist says the glass is half empty.

    An optimist says the glass is half full.

    An engineer says somebody made the glass
    twice as big as it needed to be.

    Wes Guest

  19. #19

    Default Re: What do Firewall settings do under the hood?

    In article <newscene.com>,
    Dan <net> wrote:
     
    >
    > Except that Brickhouse is not "free", and the last time I checked it
    > didn't work with 10.3 yet.[/ref]

    My mistake, I thought it was free.

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 1.4: Best cleanup yet, gets files other tools miss.
    See http://www.atomicbird.com/
    Tom Guest

  20. #20

    Default Re: What do Firewall settings do under the hood?

    In article <newscene.com>,
    Dan <net> wrote:
     

    Well, if you really want suggestions (which I'm not sure about), here
    are a few:

    1) For some reason the Brickhouse website doesn't show that a newer
    version is available (go through versiontracker.com). It's still
    shareware however.

    2) There are other options listed in versiontracker if you do a search
    using the keyword "firewall". Some (at least) are freeware. Example:
    sunShield (which looks like it would do what you want).

    3) Something like Qtfw, available via freshmeat.net. For that, however,
    you'd need to install X11 and Qt (both easy, Apple's X11, Qt via fink).

    4) Simply jump in and use the standard ipfw configuration methods.

    I haven't used any of these, since Apple's tools do what I need.

    Mike

    --
    Mike Zulauf
    utah.edu
    Mike Guest

Similar Threads

  1. Settings wont stay changed in Settings manager
    By jfeits85 in forum Macromedia Flash Player
    Replies: 3
    Last Post: October 27th, 06:50 PM
  2. WIN XP Firewall Settings
    By Miha in forum Windows Setup, Administration & Security
    Replies: 4
    Last Post: July 28th, 12:53 AM
  3. cannot ping default gateway, firewall settings already checked
    By Alexander in forum Windows Networking
    Replies: 5
    Last Post: July 22nd, 06:03 PM
  4. Lens Hood Question
    By Victor Bazarov in forum Photography
    Replies: 2
    Last Post: July 17th, 07:32 AM
  5. What's under the hood
    By johnny bobby bee in forum Mac Applications & Software
    Replies: 7
    Last Post: July 8th, 11:55 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139