Mac OS X 10.8.2's firewall not enabled by default?

Hello.
Is it me or is Mountain Lion's firewall not enabled by default? I didn't check in the preinstalled 10.7.x before I upgraded to it. I find that weird and puzzled why Apple did that if that was by design.
Thank you in advance.

fowlerryan wrote:
Apple's firewall is disabled by default in mountain lion. I think this might be because of its new appl protection thing. Once the firewall is activated it will only open apps which are downloaded from the app store without questioning you. If you download an app from the web and have the firewall on, you will have to right click on the app and click open (for first time use only) to let the firewall know this is a safe app that you chose to download.
It may seem not having firewall on by default is silly but I think there would be far more complaints by people on here that they cant open their apps that they downlaoded from the web.
Hope it helps!
Ryan
Sheesh, and Apple is trying to make our newer Mac OS X systems more vulnerable like Windows before it came with firewalls enabled.

Similar Messages

  • Firewall - Configuration/GUI of the Mac OS X 10.6 / 10.7 Firewall

    First I would like to thank Apple
    for making the Mac OS X operating system.
    And thank you for the Lion update coming soon.
    We properbly all are waiting to get the
    Mac OS X 10.7 Lion update.
    I have seen the full feature list of Lion:
    http://www.apple.com/macosx/whats-new/features.html
    All the great new innovation and apps is great stuff.
    But I came to wonder about one thing though.
    The internet apps like:
    FaceTime, iCloud, iChat, AirDrop etc.
    They more or less all requires custom ports on different
    protocols to be opened and configurated.
    Even the SIP for Facetime has to be enabled etc.
    Like the FaceTime Firewall ports here:
    http://support.apple.com/kb/HT4245
    In the full feature list page of Mac OS X Lion
    there is not listed anything about the Mac OS X Lion Firewall!
    In Snow Leopard we can't configurate the Firewall with
    custom ports and protocols etc.
    Everybody refer to the Hanynet NoobProof and WaterRoof
    firewall apps. I'm using the NoobProof my self right now.
    http://www.hanynet.com
    But I think the Mac OS X Snow Leopard and Lion could do with a
    much better and way more easier firewall GUI to be able to
    configurate ports and protocols and firewall rules and even NAT.
    Isn't the Mac OS X about doing it the easy way!
    I think a Firewall in Mac OS X with only a On and Off button (more or less)
    wont cut it any longer!
    For people not knowing about Firewall its OK to have an On/Off button,
    but for the user that know about firewall, ports and protocols
    it would be great to have a button to go in an be able to configurate
    making rules and opening ports on specific protocols and doing NAT etc.
    The Mac OS X Firewall GUI created by Bryan Hill called
    "Brickhouse" and now called "Flying Buttress"
    updated last in 2005!
    (Which I could NOT get to work in Snow Leopard)
    it had a very good and easy
    to use Graphical User Interface. (GUI).
    See it here:
    http://www.securemac.com/firewallsecurityshareware.php
    Why isn't there any like that for the present Mac OS X????
    Anybody know anything that will help in that direction???
    Anybody know a nicer firewall GUI or App for
    Snow Leopard / Lion ???
    Please comment here.
    Best regards
    Jesper
    from Denmark.

    Thank you very much for responding to my thread Thomas and roam.
    Wheter it is a question to run a firewall on Mac OS X or not,
    is not my question. And thank you, but I do know the difference between a
    GUI for the Mac OS X built in firewall and a 3rd party stand alone firewall.
    If I and properbly many other Mac OS X users choose to run with a firewall,
    many of us would like to be able to configurate as WE want it to be.
    Many users have special needs that require speciel configuration of the firewall.
    There are other things than Apple network technologies you know!
    Running a firewall or not. There is Pro's and Con's on both. It's a free choise right. I respect both.
    I have 8 CPU cores and 16 threads on my Mac Pro, so I think my Mac can handle a running firewall!
    "Better safe, than sorry!" As they say "Over there".
    ;o)
    Apple has chosen to make a firewall in
    Mac OS X, then there must be a reason why it is there.
    And besides that.
    I would bet that, the more popular the
    Mac computers gets in the future and the more marketshare
    the Mac computers get over the hopeless Windows platform.
    The more hackers will be interesting in hacking the Mac OS X.
    So a firewall would be something to consider the more Apple has success.
    I think that is quite logical.
    I'm sure there is almost as many undiscovered security holes in UNIX
    as there is on the Windows platform. It is just a question of time
    before the hackers will point their weapons against the Mac OS X.
    So let me explain a bit more precise what I need…
    I'm used to configurate lots of hardware Routers with Firewalls. Doing things like creating firewall rules, opening ports on specific protocols, WAN-to-LAN and LAN-to-WAN, NAT IP redirection, enabling SIP, content filtering, wireless accesspoints with encryption and MAC Address filtering, creating VPN tunnels, setting up Remote Desktop on Windows and Mac computers for Terminal Servers etc.
    I'm also administrating FTP servers and NAS harddisks.
    All that is always being configurated in a nice intuitive user interface via my web browser. Wheter it is a Router, NAS disk etc. THATS WHAT I WANT with the Firewall in Mac OS X. An "intuitive graphical user inteface" where I easily can configurate the Mac OS X firewall or a stand-alone firewall for that matter.
    Yes I self use on my Mac Pro the Hanynet NoobProof firewall GUI right now.
    But both the Hanynet firewall GUI's are crap. Lets face it!
    They work yes! But the User Interface is NOT Mac OS X standard right!!!
    If you pair the user interfaces with standard unser interfaces of a normal end-user Gateway Router with Firewall. Like ZyXEL, NetGear etc.
    The Hanynet NoobProof don't have the feature to
    choose ports on specific protocols.
    With Apple FaceTime there are ports on both the
    TCP and UDP protocols that has to be open for communication.
    On the other side the Hanynet WaterRoof GUI
    I know that it has the features to configurate ports on specific protocols but!
    The User Interface is waaaaaaaay too complex and is anything else than intuitive!
    I can't find ether head or tale in WaterRoof GUI!!! Completely Lawsy Interface. It is SO non Mac like!
    (it needs a interface designer like myself)
    I mean, "The Mac" and Mac OS X is all about doing things the "EASY, Nice and Intuitive Way" right!
    I can't be that I'm the only one in the world that need a better and faster configuration of the Mac OS X firewall, can it?! There must be hundred thousands of other Mac OS X users with the same wish.
    I know I'm a "designer", not a "programmer".
    The only thing I program is HTML, CSS and DVD Video titles.
    So with all due respect.
    *** The question is…
    Does anybody know a Firewall GUI or stand alone firewall for Mac OS X Snow Leopard/Lion that are easier than Hanynets????????????????
    =========
    If I was an Apple employed that delt with Mac OS X security.
    I would make the Mac OS X firewall user interface different.
    Top level choise could be: ON, OFF and CUSTOM.
    So people with non knowledge of firewalls could just choose ON or OFF
    to their liking. And leaving the choise for people that would like
    to customize the firewall settings with the "Custom" button.
    And there after a nice intuitive graphical user interface
    to make all sorts of custom settings JUST like on a Gateway Router with built in firewall.
    A firewall like that could not hurt anybody could it???!!!
    It's MY Mac, I want to rule over MY firewall.
    I like the Mac OS X very much, I think it is absolutely brilliant,
    but the Firewall settings is NO GOOD for custom firewall configurations.
    Apple has to pay attention to it, the sooner the better.
    Please feel free to comment.
    Best regards
    Jesper
    Denmark.

  • ARD Access with enabled Firewall not possible  under Leopard

    I got a network and my clients are running mostly Mac OS X 10.5.8 Leopard. When the Firewall is on i am not able to connect with Apple Remote Desktop even though the Firewall automatically enables the ARD service. Does anyone know what to do? My 10.4.11 Tiger clients do not have the same issue.

    Try the ARD forum under Server Products.

  • ARD Access with enabled Firewall not possible

    I got a network and my clients are running mostly Mac OS X 10.5.8 Leopard. When the Firewall is on i am not able to connect with Apple Remote Desktop even though the Firewall automatically enables the ARD service. Does anyone know what to do? My 10.4.11 Tiger clients do not have the same issue.

    Try the ARD forum under Server Products.

  • Firewall Not working?

    Hi,
    I am trying to secure my powerbook using the inbuilt firewall. My firewall is enabled and using the GUI i have only opened ports 22 and 9000.
    However using nmap the following ports are open:
    PORT STATE SERVICE
    22/tcp open ssh
    631/tcp open ipp
    1033/tcp open netinfo
    3689/tcp open rendezvous
    6000/tcp open X11
    18101/tcp open unknown
    I copied down my ipfw list:-
    02000 allow ip from any to any via lo*
    02010 deny ip from 127.0.0.0/8 to any in
    02020 deny ip from any to 127.0.0.0/8 in
    02030 deny ip from 224.0.0.0/3 to any in
    02040 deny tcp from any to 224.0.0.0/3 in
    02050 allow tcp from any to any out
    02060 allow tcp from any to any established
    02065 allow tcp from any to any frag
    02070 allow tcp from any to any dst-port 22 in
    02080 allow tcp from any to any dst-port 9000 in
    12190 deny log tcp from any to any
    20000 deny log icmp from any to me in icmptypes 8
    65535 allow ip from any to any
    Why are all these ports open?

    You are running nmap on a computer different from the one whose ports you are sniffing, aren't you? If you are trying to look at your powerbook's ports, don't run nmap on the same computer. If you do, you are seeing internal "loopback" ports being used by internal processes on your mac that are not visible to other machines.
    So, if you are not running nmap on a different computer, do that and see what ports another computer's nmap says are open on the powerbook.
    Regarding an explanation of your ipfw list, you might want to check this out for a basic explanation. Also, google ipfw os x.
    (if you find that this solves your problem, or is actually helpful towards arriving at a solution to your problem, please consider clicking on either the "helpful" or "solved" buttons in the header of my post)

  • Apple FIrewall NOT logging

    The builtin firewall has quit logging on my mac - it used to log all types of attempts, as it should, but it has totally stopped.
    I've called apple. I've done an archive and install. I've done an erase and install.
    Yet... nothing will make this firewall log.
    The firewall is enabled. No sharing services are turned on. Under the advanced mode of the firewall tab, the option to enable firewall log is selected.
    Has anyone ever heard of this problem, or does anyone have any idea how to fix?
    The firewall used to log all the time, every few minutes, so I know the absence of any logs at all is not normal behavoir.

    Has the log limit been exceeded? From man ipfw
    <pre>
    log [logamount number]
    If the kernel was compiled with IPFIREWALL_VERBOSE, then when a
    packet matches a rule with the log keyword a message will be
    logged to syslogd(8) with a LOG_AUTHPRIV facility. Note: by
    default, they are appended to the /var/log/system.log file (see
    syslog.conf(5)). If the kernel was compiled with the
    IPFIREWALLVERBOSELIMIT option, then by default logging will
    cease after the number of packets specified by the option are
    received for that particular chain entry, and
    net.inet.ip.fw.verbose_limit will be set to that number. How-
    ever, if logamount number is used, that number will be the log-
    ging limit rather than net.inet.ip.fw.verbose_limit, where the
    value ``0'' removes the logging limit. Logging may then be re-
    enabled by clearing the logging counter or the packet counter for
    that entry.
    Console logging and the log limit are adjustable dynamically
    through the sysctl(8) interface in the MIB base of
    net.inet.ip.fw.
    </pre>
    So, what does sysctl -a net.inet.ip.fw show?
    G4/466, eMac 800, iBook 1.33   Mac OS X (10.4.5)  

  • In ical, there is supposed to be a on my mac menu on the left. Mine is not there, how do I get it back?

    In ical, there is supposed to be a on my mac menu on the left. Mine is not there, how do I get it back?

    There is that option in Mail > select the show option towards the top toolbar on the left.
    I have never seen that option in iCal.

  • Can we do a Secure FTP for an XML file from ABAP when firewall is enabled?

    Hi all,
    I have a requirement to send an XML file to an External FTP Server which is out of our corporate network and our firewall is enabled.
    I have to send an XML file with Purchase Order details. I completed that with the help of this blog https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/2657. [original link is broken] [original link is broken] [original link is broken]
    Now I need to FTP the XML file that is generated. How should I be doing this? Can some of help me with this?
    I need to do a Secure FTP to the external non SAP server which is out of our corporate network and our firewall is enabled. Can some one tell me if SFTP is possible in ABAP.
    This is not a web service. I am working on dropping an XML file in an external FTP serveru2026 I have searched the forums but still in a confusion if weather Secure FTP is possible in ABAP  or not when our company firewall is enabledu2026
    If some one encountered this situation earlier please help,,,..any help will be highly appreciated.
    Regards,
    Jessica Sam

    Thanks a lot for your valuable suggestions Richu2026
    I agree with you Rich that web services would be a better option. But I need to send this file to an external third party and they dont have web services.
    They are telling us that either we can send them an XML file or a CSV file in the format that they want. We decided to go with XML file format.
    I am done with formatting the Purchase Order details in the format that they want. Now the challenge is that I need to send this FTP file to them and it should be a Secure FTP when our fire wall is enabled,
    When you say
    1) Run an ABAP program to generate the XML file and put it on the local PC
    2) Log into the FTP site via some FTP client, could simply be windows as well.
    3) Manually cut/paste the file from the PC to the FTP site.
    For Step 1 running ABAP Program can I schedule a batch job?
    For Step 2 and Step 3 can I automate it in any other way..if not in ABAP?
    Can I advice my company to follow any alternate method in which they can automate this step 2 and step 3u2026if not in ABAP can it be possible in any other way as the third party does not have web services I now have no other alternative.
    Please Helpu2026
    Regards,
    Jessica Sam

  • Cisco ASA 5505 Firewall Not Allowing Incoming Traffic

    Hello,
    I am wondering if there is a very friendly cisco guru out there who can help me out.  I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall.  I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one.  Unfortunately, my script is not working with the 5505.  Can someone please let me know what I am doing wrong with the following script?  I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults.  I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network.
    access-list 100 permit icmp any any echo-reply
    access-list 100 permit icmp any any time-exceeded 
    access-list 100 permit icmp any any unreachable
    ip address outside xxx.xxx.xxx.94 255.255.255.224
    ip address inside 192.168.1.1 255.255.255.0
    global (outside) 1 xxx.xxx.xxx.106-xxx.xxx.xxx.116
    global (outside) 1 xxx.xxx.xxx.95
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0 0 xxx.xxx.xxx.93
    access-group 100 in interface outside
    nat (inside) 1 192.168.1.0 255.255.255.0
    nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.93 1 DHCP static
    static (inside,outside) xxx.xxx.xxx.95 192.168.1.95 netmask 255.255.255.255 0 0
    access-list 100 permit tcp any host xxx.xxx.xxx.95 eq www
    static (inside,outside) xxx.xxx.xxx.96 192.168.1.96 netmask 255.255.255.255 0 0
    access-list 100 permit tcp any host xxx.xxx.xxx.96 eq www

    Hey Craig,
    Based on your commands I think you were using 6.3 version on PIX and now you must be  moving to ASA ver 8.2.x.
    On 8.4 for interface defining use below mentioned example :
    int eth0/0
    ip add x.x.x.x y.y.y.y
    nameif outside
    no shut
    int eth0/1
    ip add x.x.x.x y.y.y.y
    nameif inside
    no shut
    nat (inside) 1 192.168.1.0 255.255.255.0
    global (outside) 1 xxx.xxx.xxx.106-xxx.xxx.xxx.116
    global (outside) 1 xxx.xxx.xxx.95
    access-list 100 permit icmp any any echo-reply
    access-list 100 permit icmp any any time-exceeded 
    access-list 100 permit icmp any any unreachable
    static (inside,outside) xxx.xxx.xxx.95 192.168.1.95 netmask 255.255.255.255 0 0
    access-list 100 permit tcp any host xxx.xxx.xxx.95 eq www
    static (inside,outside) xxx.xxx.xxx.96 192.168.1.96 netmask 255.255.255.255 0 0
    access-list 100 permit tcp any host xxx.xxx.xxx.96 eq www
    route outside 0 0 xxx.xxx.xxx.93
    access-group 100 in interface outside
    You can use two global statements as first statement would be used a dynamic NAT and second as PAT.
    If you're still not able to reach.Paste your entire config and version that you are using on ASA.

  • The MAC signature found in the HTTP request '***' is not the same as any computed signature. Server used following string to sign: 'POST

    Hi,
    When trying with Postman sending a REST call to Azure Storage Queues I get:
    The MAC signature found in the HTTP request '***' is not the same as any computed signature. Server used following string to sign: 'POST.
    The code I have for creating the Authorization Header:
    var accountName = "my_account";
    string key = ConfigurationManager.AppSettings["my_access_key"];
    DateTime dt = DateTime.Now;
    string formattedDate = String.Format("{0:r}", dt);
    var canonicalizedHeaders = "x-ms-date:" + formattedDate + "\n" + "x-ms-version:2009-09-19" + "\n" ;
    var canonicalizedResource = "/my_account/myqueue/messages";
    var stringToSign = String.Format("POST,\n\n\n\n\n\n\n\n\n\n\n{0}{1}", canonicalizedHeaders, canonicalizedResource);
    stringToSign = HttpUtility.UrlEncode(stringToSign);
    HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
    var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
    var authorizationHeader = String.Format(CultureInfo.InvariantCulture, "SharedKey {0}:{1}", accountName, signature);
    return authorizationHeader;
    Anyone any idea what I'm missing/doing wrong?
    Additional question: do i have to create for every message I want to send a new Authorization header? Or is there an option (as with Service Bus Topics) to create a header that can be used for a certain timeframe?
    Thanks.

    One issue is with this line of code:
    HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
    Please use the following:
    HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(key));
    and that should take care of the problem.
    Regarding your question, "do i have to create for every message I want to send a new Authorization header? Or is there an option (as with Service Bus Topics) to create a header that can be used for a certain timeframe?"
    With your current approach, the answer is yes. What you can do is create a Shared Access Signature on the queue which will be valid for certain duration and then use that for posting messages to a queue using simple HttpWebRequest/HttpWebResponse.
    Hope this helps.

  • My mac's launchpad is working but i am not able to use the apps that are provided in the launchpad

    my mac's launchpad is working but i am not able to use the apps that are provided in the launchpad

    Well, everything that you have bought with her Apple ID prior to getting your own Apple ID is forever hers. Apple will not transfer content from one ID to another. But in the case of the Mac, contact iTunes Customer Service and request that they send your issue to the Account Security Team and ask that the Mac be released form your mother's account so you may register it with your account. Then you can accept the iLife apps into your account for any future updates.
    iTunes Support -
    http://www.apple.com/support/itunes/

  • I am trying to download Photoshop CS6 onto my Mac from the Adobe website, but I do not have a serial number. I made an Adobe ID, but the serial number is not under "My Products" nor have I received an email including a serial number. I do not know how els

    I am trying to download Photoshop CS6 onto my Mac from the Adobe website, but I do not have a serial number. I made an Adobe ID, but the serial number is not under "My Products" nor have I received an email including a serial number. I do not know how else to find the serial number. Please help!

    You need to contact Adobe Support either by chat or via phone when you have serial number and activation issues.
    Here is a link to a page with options to help make contact:
    http://www.adobe.com/support/download-install/supportinfo/

  • TS3048 turned off my desktop mac, now both my mouse and keyboard are not connected. i am not logged in yet as well, dont know what to do ?

    turned off my desktop mac, now both my mouse and keyboard are not connected. i am not logged in yet as well, dont know what to do ?

    Try resetting the SMC (no peripherals required).
    Barry

  • My Mac Mail subfolders on my MacBook Air will not sync in alphabetical order. I am assuming it is a setting that I am not finding since my iMac based at my home office is fine, so is my iPad and iPhone. The core source is Exchange.

    My Mac Mail subfolders on my MacBook Air will not sync in alphabetical order. I am assuming it is a setting that I am not finding since my iMac based at my home office is fine, so is my iPad and iPhone. The core source is Exchange.

    If you have been using the mac.com Apple ID to make iTunes purchases recently, then there should be no issues continuing to use it with the new iPhone. I would abandon the new ID as you will never get Apple to merge the two IDs. I have had a mac.com ID for years and continue to use it with my iPhone 4S.
    Tell us the issues that you encounter trying to set up the iPhone with the mac.com account.

  • I just bought a new Mac and I want to transfer some data (not all) from my old Mac.  Basically, I want to move my itunes library, iphoto library, and a few documents.  I have not even turned on my new Mac yet.  Is the best way by an external hard drive?

    I just bought a new Mac and I want to transfer some data (not all) from my old Mac.  Basically, I want to move my itunes library, iphoto library, and a few documents.  I have not even turned on my new Mac yet.  Is the best way by an external hard drive?

    If both have Firewire ports then you can accomplish your goal by using Target Disk Mode. If this is not possible then you can do using an external drive or if you have a local network connect both to your network and use filesharing between the two computers.
    File Sharing on Macs
    Mac 101- File Sharing

Maybe you are looking for