mac, tips

Living with Leopard's Firewall

I made the plunge and upgraded to Leopard. A CompUSA rebate of $30 (bringing Leopard down to a mere $99) was too much to pass up. I like a lot of Leopard and I haven’t had many problems so far, though I do see a good amount of room for improvement. One place that needs serious improvement is Leopard’s new Firewall system. I’d heard that you could now choose to open the firewall on the application level, and I thought that was nice, but I hadn’t heard that you *had* to do on the application level. That’s dumb. Application level rules are fine if I have a simple application I want to open a port for, but if I want to open a port for something like a custom build of apache it can’t be done.

Thankfully you can still use the terminal to open ports in the firewall for Leopard. Not as easy as using the firewall in Tiger, but it gets the job done. Here’s a few helpful tips:

to add a port:
sudo ipfw add allow [udp or tcp] from [port] to [port]
So, if you want allow port 80 with tcp you’d type sudo ipfw add allow tcp from 80 to 80

to see your rules:
sudo ipfw list

to delete an open port:
first type sudo ipfw list, you’ll get something like this

33300 deny icmp from any to me in icmptypes 8
33400 allow udp from to
33500 allow tcp from to

take the number proceeding the rule you want to delete and type sudo ipfw deletem [rule number], so if I wanted to delete the rule “33500 allow tcp from to” I’d just type
sudo ipfw delete 33400

Hopefully Apple will realize that giving users no advanced options is dumb. But until then, start loving the terminal!