OS X Firewall.

[newbie2macosx]

Hi,

I'm a Mac Newbie and have enabled the Firewall in OS X and would like to ask, does anyone know whether or not there's a utility for checking the functionality of the OS X Tiger Firewall similar to the one that can be found at grc.com.

Thank you.
Kind Regards.

 

[yellow]

I don't see why anyone wouldn't work. It's just a packet filter, same as any firewall on a PC. While the results from the website might not truely show as much info as they might about a PC (since they are all Windows inclined), breechs should be more or less the same.

That being said, nothing is better than getting yourself another computer and simply portscanning.

EDIT: As with any web-based scanning product, whether you're on a Mac or a PC, all results should be taken with a very large grain of salt. The best thing you can do is learn everything there is to know about your firewall (in this case ipfw2) and armed with that knowledge start learning how to make sure it's doing what it needs to do for you.

 

[newbie2macosx]

I don't see why anyone wouldn't work. It's just a packet filter, same as any firewall on a PC. While the results from the website might not truely show as much info as they might about a PC (since they are all Windows inclined), breechs should be more or less the same.

That being said, nothing is better than getting yourself another computer and simply portscanning.

EDIT: As with any web-based scanning product, whether you're on a Mac or a PC, all results should be taken with a very large grain of salt. The best thing you can do is learn everything there is to know about your firewall (in this case ipfw2) and armed with that knowledge start learning how to make sure it's doing what it needs to do for you.

Hi Yellow,

Thank you for your reply. I think that what you've said makes a lot of sense particularly the edit where you've mentioned web-based results should be taken with a very large grain of salt.

As a newbie i've some more questions to ask but i'll ask them on seperate threads.

Thank you.
Kind Regards.

 

[timmac]

I've used the scan on grc.com to "examine" the OS X firewall.

Of course, as someone who's a little security paranoid after years of Windows, I think it's still a good idea to also work behind a NAT router.

 

[UKnjb]

Hmmmm. Never heard of grc.com and thought I would give it a go on my PowerMac G4 panther 10.3.9 with the regualr Mac Firewall (no extra settings) enabled. Here's the result:

"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."

Well pleased with that, me! Thanks guys!

 

[mkrishnan]

One little wrinkle...not to be annoying. But if you're downstream of a router, and you run one of these testers, unless you purposely put that computer in the DMZ, you're testing the response characteristics of the router and not the computer. Almost every router effectively has built in functions analagous to a firewall by virtue of NAT....