I am not a security jock, but was concerned that after the initial install the firewall preference pane was configured to "Allow all incoming connections". Since that Day 1 encounter with the firewall, I have been trying to get some more information on the changes.
The heise security blog, made interesting reading. Particularly the way he detailed some of his methods.
At securosis.com, the comment by Nick gives details about the application firewall (appfirewall) being used in Leopard.
John Sawyer at darkreading, blogged about the shortcomings. He mentions managing the firewall using ipfw and points to WaterRoof as a GUI frontend for ipfw.
There is a description of configuring ipfw at ibiblio. Reference is made there to an application called Flying Buttress – it was formerly callled BrickHouse but was renamed as that trademark was owned by someone else. Looks interesting, and I would probably use it if had been updated more recently.
What am I going to do?
- Try and get ipfw configured, but using a shell script.
- Only connect to the net from behind a separate router/firewall.