Comments on: What firewall should I get?

Question: What firewall should I get?

rocketman — Wed, 31 Dec 2003 20:14:53 -0800

I have broadband now, and I guess I should get a firewall. Any recommendations? I'm running OS X on an iBook G3 700MHz, and I'm toying with the idea of getting a Netgear Router/Switch. [more inside]

I'm probably going to pull the trigger on the Netgear hardware soon, but I want software on my laptop as well. Does this make sense, to have a firmware firewall as well as additional software? Should I have something installed right now, as I'm browsing the web? Any input is appreciated.

By: majick

majick — Wed, 31 Dec 2003 20:23:01 -0800

I don't know a durned thing about Apple's port filtering options, but considering the general BSDishness of the OS, you probably don't need to buy any software for it, unless Apple has utterly hobbled the kernel.

Meanwhile, yes, you very much should have something acting as a filtering bastion host, and one of those cheap NAT "routers" will probably serve you quite well. I have a fully-functional dual homed host acting as my router/NAT/firewall, and I'm considering trading it out for consumer hardware of the kind you're talking about since I'm no longer doing VPN and the like.

By: rocketman

rocketman — Wed, 31 Dec 2003 20:29:55 -0800

Okay. I can't really talk that kind of talk, but based on a quick search, it appears that OS X has a built-in firewall. Neat. But when I look at it, I get a dialog box that tells me other firewall software is running and I need to disable it before making changes. ???

I didn't think I'd installed anything, but it could be talking about Mozilla, which does some basic filtering.

By: rocketman

rocketman — Wed, 31 Dec 2003 20:43:57 -0800

I just installed BrickHouse, which supposedly custom configures the OS X firewall. It should suffice along with the hardware I plan to get.

Thanks for the feedback, majick.

By: Mo Nickels

Mo Nickels — Wed, 31 Dec 2003 22:35:39 -0800

Another good one for running on the system which is, like Brickhouse, better than the built-in firewall, is Firewalk. Unless you're running other computers on your home network, there's really no point in getting a hardware router.

By: Space Coyote

Space Coyote — Wed, 31 Dec 2003 22:51:13 -0800

Going WiFi at this point would be as good a time as any, given the rather small price difference these days, and you get all the same port blocking as any wired consumer router.

By: mrbill

mrbill — Wed, 31 Dec 2003 23:01:46 -0800

I'm still a big fan of the (discontinued) NetGear RT314.

BTW, if you're behind a NAT box, you don't *need* OSX's built-in firewall, unless you're opening up ports tunneled from the outside.

By: Mo Nickels

Mo Nickels — Thu, 01 Jan 2004 09:06:42 -0800

I meant, you don't need a hardware firewall.

By: majick

majick — Thu, 01 Jan 2004 11:20:54 -0800

"... you don't need a hardware firewall."

While a single layer of security -- packet filtering on the host -- is better than no security at all, multiple layers of filtering on heterogenous hardware is better than leaving the whole host out on the external network. So while it might be true in a certain technical sense that you won't need a firewall in addition to filtering on the host (nor do you necessarily "need" filtering and security at all), you want a firewall.