what is the best firewall to get for a mac

Posted by: gnfnr2k

what is the best firewall to get for a mac - 05/26/03 04:16 PM

I asked about the built in one before, im just curious do i need to waste money on a fire wall or should i just get a router and use that for my firewall?<br><br>
Posted by: MacGizmo

Re: what is the best firewall to get for a mac - 05/26/03 04:27 PM

nearly all firewall software available for OSX are simply GUI front-ends for the built in OSX Firewall. In other words, they aren't really a full software app, but they just help make it easy to configure what is already there. You can try Brickhouse to give you an idea of what most of the firewall apps are like.<br><br>A router is always a good option because it adds a level of security you can't get with software alone. If you get a router, the built-in OSX Firewall in Jaguar will be plenty.<br><br><br>Click here to visit me.
Posted by: hayesk

Re: what is the best firewall to get for a mac - 05/27/03 01:23 PM

If you plan on having more than one computer, get a Linksys or Netgear (or other brand) router and use the router as the firewall. If you get a router, you don't need to use MacOS X's built-in router.<br><br>If you only have one computer, use the MacOS X firewall. By default there isn't much open on MacOS X to worry about. Turn off all sharing you don't need (which is off by default) and you should be fine.<br><br>
Posted by: JonnyCat

Re: what is the best firewall to get for a mac - 05/27/03 02:16 PM

All firewalls on OS X are implemented with the unix (BSD) command ipfw.<br><br>you can set up your own rules by typing the commands in the terminal.<br><br>In the system preferences there is a firewall start button. Pressing this button types those ipfw commands in for you.<br><br>Other firewall programs might have more features, and are basically a GUI front end for typing in ipfw commands.<br><br>The big question is what do you want in a firewall. If you want to stop somebody from connecting to your computer than the system prefs start firewall option will do that for you (turn off all sharing as well).<br><br>For extra paranoid super duper firewall protection, the ipfw command can stop programs from connecting to the outside world as well (the trojan horse type virus). Of course, now even with a GUI you have to be careful to set it up right otherwise you won't even be able to browse the internet.<br><br>Contrary to popular belief a router is not a firewall but acts like one. The home variety of routers from linksys are also a NAT - network address translator. What this means is your computer is given an IP address like 192.168.1.x which are non-routable, meaning nobody can access that IP address cause all the routers on the internet have those IP addresses blocked. Since nobody on the internet can access you - hence the firewall.<br><br>Picky but semi important distinction here. The router will protect you from someone on the internet but if you have a wireless network it won't protect you from someone connecting wirelessly to your in house network.<br><br>Anyways, yada yada with techno-bable. Turn on the firewall in the prefs panel and turn off sharing and you'll be fine! For super paranoia get a fancy firewall program and fiddle with settings and be frustrated but it will protect you from the one in a billion chance you'll download a trojan horse.<br><br>Buy a router not for the firewall, but to connect more than one computer to your internet connection. Buying it for the firewall is a waste of money.<br>
Posted by: iraszl

Re: what is the best firewall to get for a mac - 05/29/03 04:09 AM

Thanks a lot JC! I've learned a lot from this one post you made!<br><br>
Posted by: Anonymous

Re: what is the best firewall to get for a mac - 05/29/03 08:37 AM

<em>Buying it for the firewall is a waste of money.</em><br><br>It's easy to port-foward with the GUI. Perhaps someone has written a GUI IPFW already, so maybe that's not an issue.<br><br>Also, if you reinstall or machine goes on the fritz for some reason, you don' t have to rejiggify settings. Lastly, I trust a non-routable address in a dummy box more than any software to keep people out.<br><br>But, for the most part, I agree with your post.<br><br>neye<br><br>