- Top >
Network Security for Mac OS X
This section explains the firewall configuration for Mac OS X 10.4 Tiger.
Firewall Configuration
-
Open the "System Preferences" window.
-
Click "Sharing" under "Internet & Network".
-
Click "Firewall" and then click "Start".
-
The above procedure only blocks TCP traffic. To block UDP traffic, you must click "Advanced" for further setup.
The Firewall is setup to enable the use of major clients, even with the UDP traffic blocked.
However, if there is a streaming media which cannot be played, it may be due to the UDP blocking.
To use the services on Mac on which the Firewall will be run, you may need to further setup your computer, such as placing checkmarks into the list of permitted programs.
However, if you are using iBook or PowerBook, you may only need to allow "network time", which is enabled by default.
Specific Firewall Configuration Settings
ipfw list output in blocking TCP traffic
02000 allow ip from any to any via lo* 02010 deny ip from 127.0.0.0/8 to any in 02020 deny ip from any to 127.0.0.0/8 in 02030 deny ip from 224.0.0.0/3 to any in 02040 deny tcp from any to 224.0.0.0/3 in 02050 allow tcp from any to any out 02060 allow tcp from any to any established 12190 deny tcp from any to any 65535 allow ip from any to any
ipfw list output in blocking TCP and UDP traffics
02000 allow ip from any to any via lo* 02010 deny ip from 127.0.0.0/8 to any in 02020 deny ip from any to 127.0.0.0/8 in 02030 deny ip from 224.0.0.0/3 to any in 02040 deny tcp from any to 224.0.0.0/3 in 02050 allow tcp from any to any out 02060 allow tcp from any to any established 12190 deny tcp from any to any 20310 allow udp from any to any dst-port 53 in 20320 allow udp from any to any dst-port 68 in 20321 allow udp from any 67 to me in 20322 allow udp from any 5353 to me in 20340 allow udp from any to any dst-port 137 in 20350 allow udp from any to any dst-port 427 in 20360 allow udp from any to any dst-port 631 in 20370 allow udp from any to any dst-port 5353 in 22000 allow udp from any to any dst-port 123 in 30510 allow udp from me to any out keep-state 30520 allow udp from any to any in frag 35000 deny udp from any to any in 65535 allow ip from any to any
ipfw list output in blocking TCP and UDP traffics and using stealth mode
02000 allow ip from any to any via lo* 02010 deny ip from 127.0.0.0/8 to any in 02020 deny ip from any to 127.0.0.0/8 in 02030 deny ip from 224.0.0.0/3 to any in 02040 deny tcp from any to 224.0.0.0/3 in 02050 allow tcp from any to any out 02060 allow tcp from any to any established 12190 deny tcp from any to any 20000 deny icmp from any to me in icmptypes 8 20310 allow udp from any to any dst-port 53 in 20320 allow udp from any to any dst-port 68 in 20321 allow udp from any 67 to me in 20322 allow udp from any 5353 to me in 20340 allow udp from any to any dst-port 137 in 20350 allow udp from any to any dst-port 427 in 20360 allow udp from any to any dst-port 631 in 20370 allow udp from any to any dst-port 5353 in 22000 allow udp from any to any dst-port 123 in 30510 allow udp from me to any out keep-state 30520 allow udp from any to any in frag 35000 deny udp from any to any in 65535 allow ip from any to any
ip6fw list output in enabling IPv6
ip6fw list output in enabling IPv6
Last-Modified: July 7, 2011
The content ends at this position.