Apply different firewall controls against different adapters on Mountain Lion

hi Mac folks

my Mac Pro got three network adapters (2 x Gigabit Ethernet + 1 x Wi-Fi), and i prefer using the wireless connection to access the Internet and leaving the two wired connections for private file sharing and VM communication.

therefore, for the wireless connection, the firewall policy should be to disable all incoming traffic and allowing all outgoing access, while the wired connections should be firewall free or allowing specific application protocols. but it seems the Firewall options under System Preferences have no such a detailed control.

is it possible to apply different firewall controls on different adapters?

furthermore, what's behind the built-in firewall of Mountain Lion? PF or IPFW? is there any command line that may allow me to enable such particular firewall control?

any comments are welcome.

thanks heaps,
LVL 37
bbaoIT ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Eoin OSullivanConsultantCommented:
There is a nice GUI for the OSX Firewall (IPFW) called WaterRoof - which makes it easy to manage all the settings

You can set different firewall settings per adapter.

OSX now has 2 firewall programs IPFW and PF (introduced in 10.7+) and there is a new tool from the makers of WaterRoof called IceFloor to configure PF.  PF is now the primary firewall on OSX
bbaoIT ConsultantAuthor Commented:
thanks for your prompt reply.

> OSX now has 2 firewall programs IPFW and PF

when you say "yes", do you mean there are two firewalls running simultaneously? if so, what's the point for OSX to run two firewall engines at the same time?

or, do you mean IPFW and PF are just two front-ends?

> PF is now the primary firewall on OSX

if PF is the primary, is IPFW still running at the same time?
Eoin OSullivanConsultantCommented:
PF is the default firewall in OSX however the code for IPFW is still included in OSX and therefore you could choose to use IPFW if you prefer.  I think apple left IPFW code in OSX 10.8 to support users upgrading from earlier OSX versions who had complex IPFW rules setup.

When you enable the Firewall in the system preferences it is PF that is enabled.

PF = Packet Filter was added to OSX10.7

For more information on it you can see the developers website

You can also open Terminal app and enter
 man pfctl

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bbaoIT ConsultantAuthor Commented:
that just seems to be the stuff i am looking for. thanks a lot.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Mac OS X

From novice to tech pro — start learning today.