By Stefan Arentz, 2000-10-09
The internet is a scary place. Where else people take over your machine and use it for distributed denial of service attacks. Can that happen? Yes, this is what happens every day on many unsecured networks and machines. Most organisations protect theirself with a firewall, usually a hardware device that sits between the organisation's network and the evil outside world. These firewalls come in al colours, sizes and usually a very high price tag.
Your Macintosh running Mac OS X is as vulnerable as any other UNIX machine or network server. Depending on your configuraton there are many things an intruder can do. Guessing your password, accessing your files (did I have filesharing on?) and many other Things That Should Not Happen. So how do you protect your machine? When you are connected to the campus LAN, your ISP via cable, DSL or dialup, you obviously cannot use a firewall device. Scary!
Fortunately there is a solid firewall build right into your favourite operating system! This firewall is part of the kernel of Mac OS X. To be more specific, the firewall is part of the BSD layer inside the Darwin kernel, which is based on the most excellent open source operating system called FreeBSD. The FreeBSD hackers put this packet filtering firewall right in the network stack and the Apple engineers also moved this code to Darwin.
This firewall is a truly flexible piece of software. With it you can control exactly who has access to TCP/IP based services on your machine. You can very easily protect yourself from intruders and other low-live creatures. You could for example run a webserver on your machine and limit access to just your friends and friendly neighbours.
There is one catch though, there is no graphical tool to configure this firewall, so you will have to do this using the command line. This is not too bad, except that you have to understand some basics about TCP/IP and UNIX services and scripting. This article is not going to deeply dive into those topics but will give a short introduction with pointers to more detailed documentation. Obviously there is a very interesting third party opportunity to make a nice graphical configuration tool!
Next The Basics