[Macpartners] Leopard firewall

Hans Dietrich hansdiet at MIT.EDU
Thu Nov 29 15:03:03 EST 2007 

Here is an extract from an Apple document on the Application  
Firewall. Modes one and two I would say are "user" friendly, but  
three are more for the "administrator".  I can't see the "average"  
user going through and picking and choosing which application or  
service should go out or come in.



Just my thoughts.

Hans

+++++|+++++|+++++|+++++|+++++

Hans Dietrich
hansdiet at mit.edu
617-253-1313
http://web.mit.edu/ist/teams/ditr/
************************************************************************ 
********************************cut***********

Application Firewall's three modes of operation

1. Allow all incoming connections:

This is the most "open" mode. Mac OS X will not block any incoming  
connections to your computer. This is the default mode for Leopard.  
If you upgraded from Mac OS X 10.4.x, your Application Firewall will  
default to this mode.

2. Allow only essential services:

This is the most conservative mode. Mac OS X will block all  
connections except a limited list of services essential to the  
operation of your computer.

The system services that are still allowed to receive incoming  
connections are:

configd, which implements DHCP and other network configuration services
mDNSResponder, which implements Bonjour
racoon, which implements IPSec
3. Set access for specific services and applications:

This mode offers you the most flexibility. You can choose whether to  
allow or deny incoming connections for any application on your system.


******************************************************cut*************** 
**************************************************


On Nov 29, 2007, at 1:53 PM, Jensen, Scott C. wrote:

> Hi,
>       Yesterday's thread about the Leopard firewall got me thinking a
> little about this - Are most Mac folks here figuring that turning
> Leopard's firewall on is necessary? Previously, I would have said the
> answer is yes, an active firewall is almost always a good idea,  
> without
> hardly a second thought. The fact that Leopard's firewall is turned  
> off
> by default (at least on machines upgraded from Tiger - I'm not sure
> about newly delivered machines) surprises me. Is Apple suggesting that
> the firewall is not really necessary, and if so, are the Mac managers
> here comfortable with that? I don't think I am, but given that  
> Leopard's
> Firewall is more of a pain than Tiger's (for non-privileged users,
> anyway), then I might be willing to consider leaving it off on user's
> machines.
>
>       What do y'all think?
>
>                                                        ---SCJ
>
>
>
> Allan Doyle wrote:
>> Leopard doesn't seem to have an easy way to open up a specific
>> incoming port.
>>
>> I want to allow incoming SMTP traffic on port 25 on a Leopard machine
>> (not Leopard Server). Googling and searching the Apple Discussions
>> doesn't offer much help.
>>
>> One perhaps drastic solution is to shut off the firewall entirely and
>> use ipfw. I'm happy to do that, but there must be a "Leopard" way...
>>
>> 	Allan
>
> -- 
> Scott C. Jensen
>    Asst. Director for Information Services
>      MIT Corporate Relations - Industrial Liaison Program
>        Room E38-576      292 Main Street       Cambridge, MA   02139
>          617/253-0441      FAX: 617/258-0796     Email: jensen at mit.edu
> _______________________________________________
> Macpartners mailing list
> Macpartners at mit.edu
> http://mailman.mit.edu/mailman/listinfo/macpartners

More information about the Macpartners mailing list