17.3. Using IPFW
The Unix program ipfirewall, version 2 (which I'll call by its more common name, IPFW — often seen in all-lowercase as ipfw or ipfw2), is included with Leopard and Snow Leopard even though it's disabled by default. It's a powerful, flexible, and well-liked firewall utility. It's found on most Unix and Unix-like computers and can provide enough protection for nearly any Mac. The only problem is that in the best tradition of Unix command-line software, it has an obscure, confusing user interface. That, compounded by its inherent complexity and wealth of options, makes it a formidable program to wrap one's head around.
NOTE
Mac OS X Server comes with a very nice user interface for managing its version of IPFW; I describe this in Chapter 31.
Nevertheless, if Mac OS X's built-in application firewall doesn't provide the level of protection or sophistication you require, IPFW is a fine choice — and you can't beat the price. This section gets you started with some of the basics and also gives you some advice as to where you can find more information.
IPFW is strictly for IPv4 traffic, but if you're also using IPv6 on your Mac, you'll be happy to know that Leopard and Snow Leopard also include an IPv6-capable version of IPFW called IP6FW! IPFW and IP6FW use similar syntax, but IP6FW has fewer options, and, of course, its rules must be specified using IPv6 addresses. As a result, if you want to set up your firewall to filter both IPv4 and IPv6 traffic, you need to duplicate ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
