Mac OS X Firewall

This page contains information about the IPFW firewall which is built in to Mac OS X. If you want to use this firewall, use these instructions to turn it on.

Introduction

Mac OS X comes with a built-in two-way firewall called IPFW. After version 10.2, a user-friendly graphical interface is also available to assist with basic firewall configurations.

Pros and cons

Like any firewall, IPFW holds both benefits and cautions for its users.

Pros:

Cons:

Activation

The graphical user interface is available in the System Preferences application. In the Network area, select Sharing. The Sharing window contains three tabs, including the Firewall tab.

Enabling or disabling the firewall can be performed with the click of a button; you can also use the graphical interface to selectively enable or disable the firewall for certain services such as FTP connections.

For users familiar with the Unix command line, the ipfw command line interface is more powerful and can be used to create more elaborate rule sets.

Additional information on using both the graphical interface and the command line to control IPFW can be found at:

http://www.macdevcenter.com/pub/a/mac/2002/12/27/macosx_firewall.html

Additional information for VPN users

In order to permit your system to communicate with the UIUC VPN through the IPFW firewall, you may need to create custom rules through either the graphical interface or the command line interface. A list of the ports which need to be permitted to communicate with the VPN server are listed in the Wireless and VPN FAQ.

However, even with the VPN, your computer will not be able to run its own web server, FTP server, or other service replying to requests from outside. The UIUC VPN server does not allow you to create permanent connections with a fixed IP address; your VPN connection will eventually time out even if you leave your computer connected and running.

More information

For additional assistance with the Mac OS X IPFW firewall: