OSX Firewall
Hello All,
I would like to know is the MacOSX firewall really necessary? I thought I read some conflicting views. I feel
like I've been conditioned to turn it on for all eternity. One other thing if you'll indulge me, is Little Snitch a good
idea? and does it affect the performance of MacOSX? Sorry if these questions seem elementary, but they've
be burning for awhile. Thanks!
Joseph
MacJoseph wrote:
I would like to know is the MacOSX firewall really necessary?
It's a added security layer. It should be on. It's only a incoming Firewall.
MacJoseph wrote:
is Little Snitch a good idea? and does it affect the performance of MacOSX?
OS X's performance isn't bothered by Little Snitch.
Little Snitch is a outgoing Firewall that catches the behind the scenes action going on behind your back.
So lets say you downloaded this program and it calls out over the internet 20 times a day, that shoudl raise a flag because if it's just checking for updates, why 20 times a day?
Apple's Addressbook used to contact Apple's servers, which was a bit strange, until it was found out it was part of the .Mac and syncing contacts. It doesn't do that anymore.
So LittleSnitch keeps honest people honest.
Now when you visit a webpage sometimes ports get opened up and strange connections are going on, Little Snitch will warn you of those and you can stop the connection.
If you get malware on your system unawares, Little Snitch will catch the "phoning home" before it starts, just keeping you in the loop.
Most "Standard users" don't need to do anything but use their computers, it's for those those who just like to keep taps on things.
Similar Messages
-
I am not reachable, but forwarded the port in AE & OSX Firewall
hi,
i forwarded the port 49500 for my bittorrent client, using with macgamefiles for example, in my osx firewall and my airport admin tool.
49500 … 10.0.1.2 … 49500
my torrent client is running, when i check it at www.canyouseeme.org i get an error: Error: I could not see your service on 85.xx.xxx.xxx on port (49500)
- why?
- which port can i test at www.canyouseeme.org, to see if my powerbook is reachable at all?
- why is my private IP 10.0.1.2, as listet in the airport port forward, cause when i open airport admin tool it shows: 10.0.1.1
- how can i access my airport from browser? (safari)
- what is DMZ? someone told me to do that
thanksthanks for the link
thats a bit hard to understand for a network novice as me.....
in the network prefs, i have this IP: 10.0.1.3
so i change it on the router also..
actually , the funny thing is, that i am not aware at all what i am doing here, i play trial and error, but have no insight....
maybe it will work....thanks -
How to setup osx Firewall to allow incoming access to nginx?
Hello!
How to setup osx Firewall to allow incoming access to nginx (any port)?
Local access is all fine, but when I trying to open http://<myip>:<port> from outside (other device in same network) there are no answer.
If I turn off Firewall all works fine, but I want to keep my safety.
Adding "nginx" binary file to Firewall list doesn't help."Victor" <[email protected]> wrote:
>
>Hi,
>
>I need to limit access on one JSP to a user. All the
>other JSP's
>should be available to averyone all the time. The following
Victor,
two ideas:
1. Once you've seen where jspservlet compiles the jsp to, try adding
an explicit servlet registration (then an acl for that servlet)
I'm not sure if it would work, never tried.
2. If it doesn't, well, you have a servlet class available from
the jspservlet/jspc process. Move it to servletclasses (or wherever
you keep other servlets) and register/acl it normally
-
Hello:
Could someone please explain how the OSX firewall and the ipfw rules play together or point me to an article about it?
First of all, the man ipfw states that ipfw is deprecated.
What I am trying to understand is related to this post: http://www.petefreitag.com/item/753.cfm
The Cisco AnyConnect VPN client alters the firewall rules via IPFW commands and if split-tunneling has not been configured on the vpn server, it blocks all the access to the outside world . The blog suggests that the line that denies the traffic in the ipfw list should be removed in order to free the traffic. Would this leave the computer vulnerable? What about the OSX firewall (accessible through -> Security & Privacy -> FireWall) ? I don't understand how these two pieces fit together at OS level...
ThanksThere's really no immediate need for anti-virus software on the Mac since there are no extant viruses affecting OS X. As for the firewall if you have a hardware router as part of your local network then there's little need for firewall protection beyond what is provided in OS X or by your router.
My suggestion is that your computer will have fewer potential problems if you uninstall the Norton software. -
As I understand it, currently there are no virus or worms out there which will infect Macs. So I haven't bothered to use the OSX firewall, but is it worth having on? And if so, what are the best settings to use?
Hi Robin, you're confusing viruses and worms (there are none for OS X) with hackers/crackers looking for a target. While it is unlikely that your Mac would get hacked, using the firewall gives you some cover as Karl explains. If you have a router in addtion to your modem then you are already behind a hardware firewall and may not want to/need to enable OS X built-in one.
-mj
[email protected] -
Hi
Does the above utility offer any benefits that OSX firewall doesn't. I tested my setup and everything is in stealth but my IP is visible . Net-barrier offers many other options based on web surfing but I am always looking to keep my system as safe as possible without unnecessary wasting money.
Also what is the stability of this utility with tiger..or any adverse conditions
thanksIt should function properly under Snowie. The two won't clash because net barrier uses a different
firewall technology than SL or leopard. It uses stateful packet filtering as opposed to Snowie's
active application (program) filtering.
Now whether or not it adds anything useful to the mix may be questionable. If you're on a laptop in
a wi-fi cafe, sure, you need all the help you can get. If you are at home behind a router that has
a properly configured hardware firewall, it is probably just consuming cpu cycles.
The little bit of testing I have done on Snowie's firewall, shows it to be a good one. It remains
completely stealthed when bombarded with various port scanners. It stops unauthorized traffic
real well and reports it in the logs.
Kj ♘ -
I am new to Macs (just just 5 months). Since I am Comcast customer, I get Norton security at no additional cost. I have installed that on my MBP without any apparent downside that I can see. I was curious, though, about opinions of the firewall built into Lion vs. the Norton Firewall. Does the Lion firewall receive more timely or better updates than Norton? For instance, I saw that the Lion firewall had an option to automatically update the safe download list, but obviously I can't do that if the OSX firewall is disabled, becuase I have the Norton firewall installed. Any opinions about the range of functionality or customization between the two? I do use a router, which also has a firewall.
Thanks for your help,
DaveThere's really no immediate need for anti-virus software on the Mac since there are no extant viruses affecting OS X. As for the firewall if you have a hardware router as part of your local network then there's little need for firewall protection beyond what is provided in OS X or by your router.
My suggestion is that your computer will have fewer potential problems if you uninstall the Norton software. -
Through my SysPrefs/Sharing I currently have the OSX (10.3.8) software firewall turned OFF. My cable modem is connected to the AEBS WAN port and the G5 is connected to the LAN, the iBook has the Airport Extreme card.
It was my understanding that because the AEBS has a hardware firewall, the use of the OSX software firewall wasn't necessary and can cause conflicts if used with the AEBS firewall.
In the SysPrefs/Sharing of both the iBook and G5, under the Services & Firewall tabs, Personal File Sharing is the only option I have checked. I don't have any entries in the Port Mapping section of the AEBS' configuration.
The only file sharing I really care about is between my G5 and my iBook, allowing others access to public folders is not a concern and I'd just as soon not allow it if I can still have my G5 & iBook sharing files.
I'm not really clear on the proper uses/functions of the Services and Firewall sections under the Sharing preferences, can someone set me straight and let me know if I should have it configured differently for the way I'd like it to work?
Thanks.
PatrickThe AEBS has NAT or Network AddressTranslation which hides the Internet Protocol address of each computer behind the router while still allowing all these machines to send and receive data from the Internet.
NAT is integral to safe computing, but it's not a firewall -- it can't prevent a malicious code on your machine from "phoning home" to another site.
Many consumer wireless routers now offer a hardwall firewall in the form of
Stateful Packet Inspection Firewall (SPI). SPI monitors both incoming and outgoing packets and will block either that are not in response to a specific request.
SPI adds additional security but must be customized for each set up and if done incorrectly makes you less secure. -
In my new iMac (Intel) OS 10.4.8 - the sites I managewith DW
will connect but not LIST . If I turn the Firewall off, the files
will LIST - Firewall on - they won't. I can access and LIST all
sites fine on my PC (Windows XP) - just not with the Firewall in OS
10.4.8. Tried both passive/active FTP options but neither work.
Anybody got an idea how to solve it?Hi Ian,
Go to http://www.apple.com/server/documentation/ and download the NetworkServices_Adminv10.5.pdf manual. Information on the Firewall and its configuration are in there. Most everything you need to know about running Leopard OS X Server is on that page. The rest is in these forums and at http://www.afp548.com and http://osx.topicdesk.com for starters.
Good luck with your new server software.
Larry -
I was having some network issues and in the course of it I tried specifically stating an app could have access through the firewall.
Now nothing seems to get through but web browsing. No Yahoo (even though i added it as an App), No Apple Update, No FrontRow, No Connecting to my Airport Router, nothing.
I added Front Row, Yahoo messenger, AIM, etc, as specific applications even with permissions for both directions but that didn't help. I see the response coming back from the app's servers in the Firewall log even.
Other than selecting Allow All Incoming Connections, what can I do to reset everything so it can redetermine what to allow and not allow?
ChristopherAnswer never found in forums.
-
With OSX firewall and firewall on router, do you really need Netbarrier?
With the native firewall and what the router provides do you really need to spend the extra money. I understand the need for anti virus but... do you really need something like Netbarrier from Intego?
I agree with Roam, but if you are still in doubt, check these out...
ClamXAV, free Virus scanner...
http://www.clamxav.com/
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
HenWen/Snort combo, that is a free MAJOR Firewall...
http://seiryu.home.comcast.net/henwen.html
Then the venerable old Brickhoues/Flying Buttress Firewall...
http://personalpages.tds.net/~brian_hill/downloads.html
WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, predefined rule sets, wizard, logs, statistics and other features.
http://www.macupdate.com/info.php/id/23317 -
OSX is blocking ports with firewall turned off...
I just purchased an iMac last week. I am not new to macs, but this is my first one in a few years so I am new to Leopard. The problem I've been having is strange. It seems that port 5190 is totally unreachable. This makes it impossible to connect to aim and use file transfer. I know i can connect on port 443, but file transfer doesn't work on that port. I also can not connect to certain streaming video websites. Justin.tv is one of them. On that site, the page loads perfectly, but no video loads. Other ports could also be affected but as of now, 5190 is the only one I know for a fact not to be working. I am behind a router, but I have 5 other PCs using the router with no problems. Everything works great on the windows machines. I have also tried to directly connect the mac to my cable modem. That didn't work. The blockage is local to this machine. I have disabled the OSX firewall and that did nothing. I am at a total loss here. If there is anyone that has an idea, i would very much appreciate it.
thanksJust to make sure, by disabled the firewall, you've set it to Allow all incoming connections?
Can you Ping it on that port? You may need to make sure Stealth mode is turned off in the Advanced button of Firewall System Prefs. While there, enable logging. Try to connect and see what the log produces. -
VPN no longer accessible after OSX Server 4 upgrade
I was using mavericks server on a mac mini and I had the vpn working perfectly for l2tp. I recently upgraded to Yosemite server and now I can no longer connect to my vpn. Testing internally I can see that the port 1701 is not open on the mac mini. Any one else have a similar experience when upgrading? Any idea how to open the port? The default osx firewall is off, so that is not interfering, but I can't figure out why the port is not open. Below is the results of a port scan I ran on the server from within my internal network. My setup hasn't changed since before it was upgraded, all the configuration is the exact same.
Port Scan has started…
Port Scanning host: 10.1.1.225
Open TCP Port: 22 ssh
Open TCP Port: 53 domain
Open TCP Port: 80 http
Open TCP Port: 88 kerberos
Open TCP Port: 106 3com-tsmux
Open TCP Port: 311 asip-webadmin
Open TCP Port: 389 ldap
Open TCP Port: 443 https
Open TCP Port: 445 microsoft-ds
Open TCP Port: 464 kpasswd
Open TCP Port: 548 afpovertcp
Open TCP Port: 625 dec_dlm
Open TCP Port: 631 ipp
Open TCP Port: 636 ldaps
Open TCP Port: 749 kerberos-adm
Open TCP Port: 1640 cert-responder
Port Scan has completed…Hotplugging is off. Both old and new xorg.conf are at http://pastebin.com/m23c8ea46
Not sure which fdi files to look for, but I've never made any changes to them. -
Reader 9 does not open LiveCycle protected PDF's on OSX
My daughter uses an electronic online learning environment at school. This website contains PDF's that are protected with Adobe LiveCycle Rights Management. But Adobe Reader (latest version 9.3.4) cannot open these PDF's. It shows an error dialog stating that "You can only open this document when connected to the network". As you might have guessed, we are connected to the network already.
It gets even more interesting when we e-mail the PDF's to other people. These files can be opened under Windows and under Linux with no problems, in IE and FireFox. This even works without logging in to the e-learning website! But although it is possible to open the document on a Mac, which has a size of about 2.9 MB, its contents stays completely blank.
I tried this on 3 Mac's, from 3 different networks, with all combinations of Safari, Firefox, Preview and Adobe Reader. With and without the OSX firewall enabled, and using both OSX 10.5 and 10.6. I am using the latest versions of all software, all with the default preferences after standard installation.
I would really like some suggestions on how to solve this. The school cannot help, the e-learning platform company does not want to help because they do not support "individual cases" and the content provider (publisher of the PDF's) does not respond to my questions by e-mail.The error message is a bit misleading.
This is most likely related to the certificate used by the browser to make the the HTTPS connection from the PDF to the Rights Management server.
You have to make sure the certificate is installed properly in the browser you're using to avoid this error message.
One way to quickly test is to hit https://<rights_management_servername>:<port> and see if the browser gives you a prompt to install a certificate. If it does, then install it.
Close the browser and try to hit that URL again. You want to make sure you can hit https://<rights_management_servername>:<port> without a prompt to install a certificate.
This is actually what Acrobat/Reader is trying to do. Acrobat uses a browser object and if it can't connect to the the URL without a prompt, it'll throw the error message you're getting.
I hpoe this helps.
Jasmin -
ITunes sharing - using AirTunes and older Mac (Firewall)
iTunes lives on my 27" iMac and I would like share the library out to home computers. I plan to have an older iMac G4 publicly accessible so visitors can control the music on the home stereo. I can access iTunes via the iMac G4, I can get to my main library without problem. However, when I try to connect to my Airport Express Air Tunes I get a firewall issue. Specifically, the G4 gives me a message to change my firewall settings. The help information for itunes with Mac OSX Firewall tells me to click sharing ->Firewall ->iTunes Music Sharing ->Advanced -> deselect "Block UDP traffic." I have done this on the G4 firewall and the 27" firewall isn't even turned on. However, I am still not having any luck. Any ideas? FWIW, all software and OS are up to date.
My wife's MacBook Pro can connect to the AE Air Tunes.
Message was edited by: K JDid you ever solve your problem? I just got a macbook with airport extreme card and then got an airport express mainly to play itunes through a stereo in another room. The macbook does this with no problem. However, I wanted to use an older powerbook G4 (867Mhz) with an airport (not airport extreme) card to run airtunes. The G4 gave me the same incorrect firewall warning even after I've changed the settings. Even with the firewall off, it only plays for a few seconds, then cuts out. I'm running 10.4.11 on the G4 and 10.6.2 on the macbook. I'm beginning to think the airport card just can't handle the bandwidth, even after I narrowed the multicast to to 1mbps.
Maybe you are looking for
-
Is there a way to save over previous files without renaming when packaging InDesign files?
I am finding the file management a nightmare with having to package my work from Creative Cloud at home in order to work in Creative Suite at school. I usually have to do this back and forth multiple times for the same project creating multiple files
-
Union among multiple select queries with full outer join
Hello everyone, I have 3 different select queries (used FULL Outer Join) which work fine. Now I want to add Union to the results among them and pick the selected columns from each query in the final result. while doing so, I am getting an error as "r
-
Subscription to Outlook thru webdav with some blank events
I convinced a colleague to publish its Windows Outlook 2010 calendar to a webdav site. We are almost there. The events are there but some repetitive events are blank, let's say 1 over 12. I can see a colored square with the right hours but nothing in
-
Is there a way I can create a folder that contains images from many different catalogs?
Id like to be able to put all of my select images in one folder so I can easily find images to develope at any given time.
-
Time Machine never gets out of Indexing backup...
I had a problem with my iMac earlier today. My first instinct was to create a complete backup. But since then I've not been able to create a backup. Time Machine never gets out of Indexing backup... Each time I try to backup the message log contains: