Apple’s new Mac OS X 10.5 operating system, a.k.a. “Leopard”, ships with not one, but two firewalls. By default, however, both of them are disabled, leaving it up to the user to secure their own systems. Some security experts have said that this move is a big step backwards for Apple, and I have to agree.

The new firewall in Leopard is what Apple calls an “Application Firewall”. It is configured in the Security pane of System Preferences, but as Heise points out, the GUI does not accurately reflect what is actually blocked and what isn’t. Here is the description of this new firewall from the manual that ships with 10.5 server:

This firewall is called an application firewall because it accepts or denies an incoming connection based on the particular application, service, or other software module that is trying to accept the connection. This firewall doesn’t control outgoing network traffic.

Thankfully, ipfw, the trustworthy IP firewall that came with 10.4 (Tiger), is still included with Leopard server and client. You can use it to selectively block or allow incoming or outgoing network traffic based on rules that you define. I recommend that Leopard users disable the new application firewall in the Security Preference pane, and configure ipfw according to their needs.

There is a free GUI program for configuring ipfw: the strangely named, WaterRoof. It comes with some basic predefined firewall rulesets, and makes it easy to add your own rules to customize them to suit your needs. Apple has helpfully published a list of well known TCP and UDP ports used by their products, to aid you in customizing your firewall rules. Since ipfw is open source software, and has been around for decades, there is plenty of documentation for it online.

I’m running Leopard on my laptop, and most of the time I’m not running any services on it. I do however need to allow some traffic, such as DHCP (my IP address constantly changes depending on my location) and I need a bunch of ports open to allow video conferencing with iChat. If you’re in a similar situation, you might find my ipfw rules useful. You can import the rules from WaterRoof’s Tools menu -> Rules Configuration -> Import rules from file.

Let me know if you find this article helpful, or have any questions!

Tags: Apple, Firewall, ipfw, Leopard, OS-X-10.5, Security

This entry was posted on Wednesday, October 31st, 2007 at 2:53 pm MST and is filed under Articles, System Administration. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.