[Macworld]

Post your comments for Understanding and using Leopard's firewall here

[bigdogone]

Great article and one I agree will keep people informed. Never can be to safe when the world always has someone trying to cause others a problem. I would offer one thing for intermediate and advanced users. Many may already know this but Little Snitch is a great add to the Apple firewall as it will alert you to the outgoing traffic. Being newer to the Apple platform I am still very used to my old systems asking for permission so this does not bother me. For others it may be to annoying.
Thanks for writing about something other than Spaces and Time Machine. While great features to be sure I want to learn many of the other great features in the operating system. Ones that I might use daily.

One question. Is there a site I can go to to have the ports scanned to see if the firewall is working?

[Hurley42]

One thing not mentioned - when "Allow only essential services" is checked, the Apple TV will not sync. I found this odd with the 10.5.1 update. I guess Apple TV syncing is not "essential."

[veggiedude]

Why are all SIP phones broken? Is that to do with Firewall or some other issue? Still waiting for X-Lite to be updated.

[bastion]

Decent article, but there's one thing that deserves clarification:

OS X 10.5.1 fixed these flaws by properly labeling the options, tightening and documenting which ?essential services? are allowed, and re-prompting users to activate changed applications instead of breaking them.

Apple/OS X didn't "break" these applications. The applications that had problems with the Leopard firewall did so because they were coded to perform one of two explicitly unsupported actions. The apps were already broken; Leopard's firewall simply exposed the coding errors. Doesn't make much difference to the average user, certainly; they're inconvenienced needlessly no matter whose fault it is. But ultimately it's up to the application developers to make their apps behave, and suggesting that the OS "broke" the apps is a deflection of accountability for the problem and responsibility for the real fix.

[Rick LePage]

bigdogone said:

One question. Is there a site I can go to to have the ports scanned to see if the firewall is working?

Won't Network Utility do that for you?

[khurtwilliams]

I just don't trust the GUI that Apple provided for configuring the firewall. I have been using WaterRoof to do this for me.

[TCDC]

Steve Gibson (Gibson Research Corp) has a nice port scanner at https://www.grc.com/x/ne.dll?bh0bkyd2.

[bigdogone]

Forgot all about this one. I used shields up in the past and since switching to Mac it just slipped my mind. Time to give it a try. I also found that a port scan can be done from my Mac but I feel better having an external source give it a try to be sure. Is it true that the airport extreme does not have a firewall built in? I thought routers almost always had firewalls.

Thanks for the help.

[TCDC]

I don't have an Airport Extreme, but do know that it hs a firewall and that you can configure it. See http://www.apple.com.../security.html.

[bigdogone]

Thanks. I thought it did. Just saw review the other day and it said it did not. Another misinformed windows article.

[reprobate]

Since the Apple web support page says it has a firewall, I think it refers only to the Airport Extreme N with Gig Ethernet, that is, the newest one. As usual those of us who couldn't wait another week and bought the model with 10/100 ethernet don't get the firewall. At least that was the talk on the Apple discussion boards before the new model was introduced.

Apologies if I'm wrong, but that's my impression.

[reprobate]

I just downloaded and read the manual for the AExN Gig Ethernet model and I couldn't find a single word about a firewall. I have to assume that if it has a firewall that it would be non-configurable.

I certainly would like to find out more about this, and whether the earlier model Extreme N has the same firewall.

[cina]

I just purchased an AirPort Extreme GB. I'm certainly not authoritative about the internal firewall (very little doc on this that I can find) but I have discvovered the following.

There is no UI in the AirPort utility to control firewall settings at the level of protocols, ports, port forwardiong, port trigering, DMZ, MAC filtering etc.

There is Network Address Translation (NAT), whick is one of the more important features of typical home routers.