Apply different firewall controls against different adapters on Mountain Lion

hi Mac folks

my Mac Pro got three network adapters (2 x Gigabit Ethernet + 1 x Wi-Fi), and i prefer using the wireless connection to access the Internet and leaving the two wired connections for private file sharing and VM communication.

therefore, for the wireless connection, the firewall policy should be to disable all incoming traffic and allowing all outgoing access, while the wired connections should be firewall free or allowing specific application protocols. but it seems the Firewall options under System Preferences have no such a detailed control.

is it possible to apply different firewall controls on different adapters?

furthermore, what's behind the built-in firewall of Mountain Lion? PF or IPFW? is there any command line that may allow me to enable such particular firewall control?

any comments are welcome.

thanks heaps,
LVL 37
bbaoIT ConsultantAsked:
Who is Participating?
Eoin OSullivanConnect With a Mentor ConsultantCommented:
PF is the default firewall in OSX however the code for IPFW is still included in OSX and therefore you could choose to use IPFW if you prefer.  I think apple left IPFW code in OSX 10.8 to support users upgrading from earlier OSX versions who had complex IPFW rules setup.

When you enable the Firewall in the system preferences it is PF that is enabled.

PF = Packet Filter was added to OSX10.7

For more information on it you can see the developers website

You can also open Terminal app and enter
 man pfctl

Open in new window

Eoin OSullivanConsultantCommented:
There is a nice GUI for the OSX Firewall (IPFW) called WaterRoof - which makes it easy to manage all the settings

You can set different firewall settings per adapter.

OSX now has 2 firewall programs IPFW and PF (introduced in 10.7+) and there is a new tool from the makers of WaterRoof called IceFloor to configure PF.  PF is now the primary firewall on OSX
bbaoIT ConsultantAuthor Commented:
thanks for your prompt reply.

> OSX now has 2 firewall programs IPFW and PF

when you say "yes", do you mean there are two firewalls running simultaneously? if so, what's the point for OSX to run two firewall engines at the same time?

or, do you mean IPFW and PF are just two front-ends?

> PF is now the primary firewall on OSX

if PF is the primary, is IPFW still running at the same time?
bbaoIT ConsultantAuthor Commented:
that just seems to be the stuff i am looking for. thanks a lot.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.