Leopard firewall revisited

While bringing up firewalls for my test server, I thought of doing a little check on my machine. The logs raised both my eyebrows. Dear Google told me, I was not the only one.

Leopard introduced application based firewall, while the old ipfw still exists with just one default rule (Accept everything from everything!)

65535 allow ip from any to any

So with Application firewall doing its best, lets add some ipfw rules. One way to do is making and adding new rules. However Newton said “Pigmaei gigantum humeris impositi plusquam ipsi gigantes vident(If I have seen a little further it is by standing on the shoulders of Giants.)”

So I downloaded the tested ipfw rule list from securosis.com to start with and tweaked to my taste, and imported the file into WaterRoof, an ipfw frontend.

To check your ipfw rules, use “sudo ipfw list“. When you’re satisfied with your rules, install them for future reboots with “Tools > Rules Configuration > Save to startup configuration” and “Tools > Startup Script > Install Startup Script”.

I also installed WireShark, originally known as Ethereal, but could not get it working. However a look at network log is much more satisfactory now than before.

Image: Cedalion standing on the shoulders of Orion from Blind Orion Searching for the Rising Sun by Nicolas Poussin, 1658. This image is in the public domain.