OS X 10.3.3: built-in firewall quality


I have been trying to find info has to how secure the Panther built-in firewall is.

Is it true that the fiewall won't block outgoing traffic, such as programs checking with thier homebase for updates, etc?

Would an ADSL modem/router with NAT + OS X built-in firewall? Provide adequate security for a home-user with no servers being used?

If not, what software and/or command line lockdowns would be suggested?



Who is Participating?
weedConnect With a Mentor Commented:
It's a perfectly good firewall. They're really not that complicated. They just block incoming traffic on certain ports.

Firewalls only block inbound traffic, not outbound. If you need to block outbound traffic use LittleSnitch from versiontracker.com.

Most routers provide their own firewall so you dont need OS X's firewall at that point. For a home user, using a Mac and a router, there is really no reason for a firewall. The latest test showed that while Linux and Windows were more than hackable, OS X and BSD was as secure as you can get and in that particular test remained unhacked. Using OS X isnt like using Windows. You dont need to be super paranoid about someone breaking in.
heteronymousConnect With a Mentor Commented:
Sure, the built-in firewall can provide adequate security. The GUI (Sharing panel) doesn't lend itself to filtering out-going packets, but the built-in Unix-level firewall daemon ipfw does allow for this.

You can work with it (ipfw) in the command-line if you feel courageous. I would say do NOT start there if you're completely new to Unix command-line work.

What it comes down to is how paranoid you want to be about it.

For starters, with OS X, things are shut off that you want off. Don't run FTP, and if you don't need it, don't startup/run Windows sharing. Remote login is off by default on 10.3 client (but it's SSH not Telnet which is a good thing)

You can use the Shareware products Brickhouse or FirewalkX ...

but your best bet is a Router with Firewall features. Asante has a nice affordable one (FR1000-series), with incoming and outgoing packet filtering. I've not used other products at home -  many people swear by Linksys, and many models are fine but keep in mind some of them require Windows software for the initial setup. Make sure it has built-in web-based configuration (the Asante does).

Looking at my Asante Router/Firewall log, would-be h@xxor kiddies scan my system all the time, but by-and-large they're looking for ports used by Microsoft products.

benomoroAuthor Commented:

thanks for the prompt response. You both provided the information I was after + reassurance that the Os X world is safer...

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.