Firewall Problem

[macmacmacr]

23-April-2015-13:55 EST
I have noticed this issue on Yosemite as well as Mountain Lion. When I have "Blocked all incoming connections" not checked and I add Safari to the fire wall with "Block incoming connections" Safari is still able to communicate with the internet.



This appears to be a fault as no communications should occur for Safari? See enclosed. I have also posted this in the Apple forum under the name "Firewall Problem"

 

[aquajet]

This does not do what you think it does. When an application is added to the firewall list and set to block, it will block unsolicited incoming connections only. For example, an application that provides synchronization or streaming functions with a mobile device using a wifi network might require an application to accept unsolicited incoming connections. iTunes music sharing would be an example of this. Little Snitch is a firewall software that can provide this functionality however.

 

[macmacmacr]

firewall Problem

Aquajet you are incorrect. Unsolicited traffic is stopped on the most basic of Firewalls. If your description is correct this would mean all other traffic other than Safari in my example would be excepting unsolocited traffic and every Internet Application on my Mac would have to be added.

I would like to see an actual example of how the block incoming would be used for any Mac OS firewall Application.

 

[2984839]

Blocking incoming connections only blocks inbound traffic that you did not initiate. When you initiate a connection to a server through Safari, that initial connection is allowed because it is outbound. Further incoming traffic from that server is allowed because the state of that connection is legitimate since you initiated it and there was no firewall rule at that time that said to block it.

If you were running an SSH server and set the firewall to block incoming connections, you would not be able to connect to the machine from outside, since inbound traffic would not be initiated by you and would therefore be blocked.

 

[dyt1983]

edit: to remove personally identifying information not relevant to the thread.

 

[aquajet]

Aquajet you are incorrect. Unsolicited traffic is stopped on the most basic of Firewalls. If your description is correct this would mean all other traffic other than Safari in my example would be excepting unsolocited traffic and every Internet Application on my Mac would have to be added.

My description is correct, but that doesn't mean that unlisted applications will accept unsolicited connections. Apple uses a default-deny behavior for most applications (with the exception of things like DHCP, some ICMP messages and multicast DNS) but will prompt you to accept or deny the connection if an application receives an unsolicited connection request.

I should clarify however that if your intent is to prevent an application (Safari for example) from communicating with the internet or certain hosts on the internet, then I believe Little Snitch will accomplish this. Another option is Ice Floor.

http://www.hanynet.com/icefloor/

I would like to see an actual example of how the block incoming would be used for any Mac OS firewall Application.

I've not used Little Snitch myself but my understanding of it is that it only works to block outbound connections of various applications. It does this by using a kernel extension. So sure I suppose you could block the application in the Application Firewall but I don't think it would do anything. Little Snitch seems like it is designed to compliment the built-in Application Firewall. Ice Floor is far more powerful and as I mentioned is a front end for pf. If you go that route I would disable the Application Firewall as its functionality can be duplicated using Ice Floor.