Leopard firewall revisited

Written by Arvinder Singh / March 07, 2009 / 1 min read / Filed under Ipfw, / Firewall, / Security

While bringing up firewalls for my test server, I thought of doing a little check on my machine.The logs rang a bell. Google told me, I was not the only one scared.

Leopard introduced application based firewall, while the old ipfw still exists with just one default rule (Accept everything from everything!)

65535 allow ip from any to any

With Application firewall doing its best, lets add some ipfw rules. One way to do is making and adding new rules. However Newton said “Pigmaei gigantum humeris impositi plusquam ipsi gigantes vident(If I have seen a little further it is by standing on the shoulders of Giants.)”

So I downloaded the tested ipfw rule list from securosis.com to start with and tweaked to my taste, and imported the file into WaterRoof, an ipfw frontend.

To check your ipfw rules, use sudo ipfw list. When you’re satisfied with your rules, install them for future reboots with Tools > Rules Configuration > Save to startup configuration and Tools > Startup Script > Install Startup Script.

I also installed WireShark, originally known as Ethereal. A look at network log is far satisfactory now than before.

Image: Cedalion standing on the shoulders of Orion from Blind Orion Searching for the Rising Sun by Nicolas Poussin, 1658. This image is in the public domain.