Configure Your Mac’s Firewall with WaterRoof

Product Link : WaterRoof 3.0 (Donationware)
Company :

Mac OS X, like many modern operating systems, contains a firewall that is meant to protect you from the evils of the networking world. Unfortunately, the Mac OS X interface, found in System Preferences | Security | Firewall | Advanced…, doesn’t offer many options. The only ones are “Block all incoming connections,” a window that allows you to add individual applications to allow or disallow, “Automatically allow signed software to receive incoming connections,” and “Enable stealth mode.” Fortunately, Mac OS X uses the ipfw firewall program. Sure, you can interact with and configure ipfw using the command line in the Terminal, but what a pain in the neck.  Fortunately, there’s WaterRoof.

WaterRoof (that’s the opposite of FireWall, get it?) is a GUI that allows you to interact with ipfw without all that nasty mucking about on the command line. When you start WaterRoof, you may be taken aback by the initial dialog, which provides buttons for Rules and Logs, and a Help button. Your first choice should be help, which opens a PDF file and gives an overview of how to use WaterRoof. Once you’ve done this, you may want to click the Logs button, which shows Console logs of both the Network Firewall and Application Firewall. Clicking on the Rules button will shows the Static Rules dialog, which should have a single rule in it. You can bring up other Firewall dialogs by using the Firewall menu. The next set of rules are Dynamic Rules, which, as you’ll see, is the output of a set of static rules that you define in the Static Rules dialog. To get you started, you can select “Activate example configuration,” which creates a set of static rules, whose output you can view by hitting the Refresh button in the Dynamic rules dialog. These rules can form the basis of a stateful firewall.

Static Rules After “Activate Example Configuration”

The next dialog in the Firewall menu, Bandwidth settings, is where things start to get interesting. With this feature, you can use ipfw to limit the upload and download bandwidth for network connections made to or from your Mac. You can make this specific to an IP address or port, or make a general rule that applies to all connections. There’s also a Network process choice, a list of processes which make or listen for network connections. This is equivalent to the “lsof” command. Next is the Manage network connection and Manage network connection (established) choices, where you can view these connections, but also select and either block or limit them if you choose. To get you started, the Firewall menu contains some Configuration Tools. There are Ready rule sets, such as “Block dangerous traffic” and “Safe ICMP,” to help you get started.

So get full control of your ipfw firewall today, and check out WaterRoof! Have any other gadgets that can help configure your network? Send an email to John, and he’ll check it out.