The Practical Mac

Configuring Your OS X Firewall

- 2002.03.05 - Tip Jar

Last week, The Practical Mac explained how to set up a basic firewall using the shareware program BrickHouse. BrickHouse provides an easy-to-use graphical interface to activate and configure the firewall which is built into OS X. Unfortunately, the default settings don't necessarily meet the needs of every user. This article will show you how to tweak your firewall settings to meet your needs.

Microsoft Office v.X

Microsoft built into Office v.X an anti-pirating "feature" which can pose a serious security risk in a network environment. When any Office application is launched, it polls other computers on the network in an attempt to discover whether any other Office installations with the same serial number are present on the network. If another installation with an identical serial number is found, the application displays a message to this effect and won't launch.

Using this mechanism, it is possible for a hacker to create packets and direct them at a particular Office v.X installation, causing any open Office applications to shut down immediately, losing any work in progress. To thwart such an attack, Microsoft recommends, among other things, disabling both incoming and outgoing traffic on UDP port 2222.

Most users would scratch their head and say, "How do I do that?" The Microsoft article certainly does not explain how to do this. Have no fear - BrickHouse allows you to easily apply this and other filters to your firewall.

Launch BrickHouse, select Quick Configuration, and click on the tab of the network service you want to add the filter to (AirPort, ethernet, etc.). Select Add Filter from the menu at the bottom of the screen.

The Filter Details screen will appear. In the dropdown box beside Action select Deny. Choose Custom Service and UDP protocol. In the Port box, erase the numbers there and enter 2222. Make sure the Source is My Computer and the Destination is The Internet. Click OK.

This will prevent your Mac from broadcasting on UDP port 2222.

Now repeat the procedure, except this time change Source to The Internet and Destination to My Computer. Click OK.

This will prevent your Mac from receive and responding to any packets directed to UDP port 2222.

Over time, you are bound to encounter other programs which will require you to either open or close certain ports on your firewall. For instance, to receive QuickTime streaming video, you must open several ports. Among them is TCP port 554 for Real Time Streaming Protocol (RSTP). There may be other ports which need to be opened to enable QuickTime streams - refer to Apple Knowledge Base articles 60688, 42604, and 106307 for more information. To get you started, we will walk through opening up TCP port 554.

Go back to the Quick Configuration screen and select Add Filter. Change the dropdown menu boxes to Allow Custom Service TCP and change the port number to 554. Set the Source as The Internet and the Destination as My Computer. Click OK.

Repeat this step for other ports you wish open. To close ports, follow the same steps, but make sure the Action is set to Deny.

Back at the Quick Configuration screen, select Save, Apply, and Install to save your configuration and enable it to reload each time your Mac boots up.

If, after installing your firewall, you have applications which quit working, check the support Web site for your particular program. Most network-enabled programs have technical articles on their Web sites which will tell you what firewall ports need to be enabled in order for the program to work.

Steve Watkins is the Vice President for Information Technology for a mid-sized bank and also an attorney. He has been a Mac user for about ten years. He has owned some PCs along the way - but always came back to the Mac. If you find Steve's's articles helpful, please consider making a donation to his tip jar.

Recent Practical Mac Articles

• 5 things Apple is doing right in 2008 - and 5 it could do better, 03.24. Apple has made great strides in the past five years, but there are still a few areas that need to be addressed.
• MacBook Air a compelling option for the true road warrior, 02.22. Although it's not intended as a desktop replacement and has a few shortcomings, the lightweight MacBook Air with its 13" display could be the perfect field computer.
• Mailsmith a simple, powerful, spam fighting alternative to Apple Mail, 04.23. Mailsmith is bundled with SpamSieve, integrates with Address Book, and has very flexible scripting tools combined with elegant simplicity.
• Can your spam with SpamSieve, 02.02. "Right out of the box, SpamSieve exceeded the accuracy of the Apple Mail filter I've been training for over a year."
• More in the Practical Mac index.

Links for the Day

• Mac of the Day: 15" MacBook Pro Core Duo, Jan. 2006 - The first Intel-based MacBook launched at 1.83-2.0 GHz, had several teething problems.
• Group of the Day: System 6 is the email list for those who choose System 6.
  
• November 22 in LEM history: 99: Gradebooks - 00: Leveraging Apple design - Quadra 630 to Power Mac 5200 - 02: Laptop or desktop? - 04: SuperDuper: Quick, easy, efficient backup - Cross-platform programming for the rest of us - 05: Mac video surveillance on the cheap - Which OS is best for my vintage Mac? - No 'best browser' for the Mac - Sorry state of browsers for classic Macs - 06: Core 2 means cooler running 'Books - 2.0 GHz G4 upgrade
• Support Low End Mac

Recent Content on Low End Mac

• Apple's Tablet an End Run Beyond Netbooks, Frank Fox, Stop the Noiz, 11.20. Whatever Apple has planned will leverage existing technologies while going beyond what its competitors can offer.
• i5 iMac Benchmarked, Mac mini 'Shouldn't Be Overlooked', Twitter Client for Classic Mac OS, and More, Mac News Review, 11.20. Also why Apple leaves the low end to others, 10.6.2 fixes video playback problem in 27" iMac, 3D Leopard and Snow Leopard performance, and more.
• Apple #4 in Reliability, Apple Tablet a Gadget for All?, HP's i7 Notebook Outdoes Mac Rivals, and More, The 'Book Review, 11.20. Also Flash 10.1 improves video on Hackintosh netbooks, thin-and-light notebooks impress, Windows XP finally on the way out, and more.
• NASA Chemical Sensor for iPhone, Smartphone Death Match, iPhone Earrings, and More, Ian R Campbell, 11.20. Also mobile phone dangers, new apps, GPS solution for iPod touch, new iPod and iPhone cases, and more.
• Replacing the Hard Drive in a Clamshell iBook, John Hatchett, Recycled Computing, 11.19. Yes, it is one of the most difficult Apple notebooks to disassemble and reassemble, but a 10 GB hard drive just will not do.
• IBM Model F: A Great Old Keyboard with an Outdated Layout, Tommy Thomas, Welcome to Macintosh, 11.19. Although it used a different technology than the revered IBM Model M keyboard, the Model F was a great keyboard in its own right.
• Soft Touch Keyboards, Wireless Mouse Options, Loving SeaMonkey 2, and More, Charles W. Moore, Miscellaneous Ramblings, 11.18. Also the future of browsing with PowerPC Macs and the multiple mouse input bug introduced with OS X 10.5.8.
• More links in our archive.

Recent Deals

• Best eMac Deals, 11.18. Used 1 GHz Combo, $100; SuperDrive, $269; 1.25 GHz Combo, $119; SD, $319; 1.42 GHz Combo, $289; SD, $498.
• Best Mac OS X 10.6 and Mac Box Set Deals, 11.18. "Snow Leopard", single user, $25; 5 users, $45; Mac Box Set, single user, $139; 5 users, $180; Server, $414. Shipping included.
• Best Xserve Deals, 11.18. Used 1 GHz dual G4, $649; 2.3 dual G5, $795; 3.0 4-core Xeon, $1,899; refurb 2.26 4-core, $2,499; new, $2,888; refurb 8-core, $2,999; new, $3,449; more.
• Best 15" MacBook Pro Deals, 11.17. Used 1.83 GHz, $750; 2.16, $800; 2.33, $900; refurb 2.4, $1,299; 2.53, $1,449; 2.66, $1,699; 2.8, $1,899; new 2.53, $1,579; 2.66, $1,799; more.
• Best Power Mac G4 and AGP Video Card Deals, 11.17. Used 400 MHz, $50; 933 MHz, $80; 500 dual, $60; 867 dual, $90; 1 GHz dual, $150; 1.25 GHz dual, $225; 1.42 GHz, $499.
• Best Mac OS X 10.5 Deals, 11.17. "Leopard" upgrade, $80; single user license, $135; 5 users, $173; Mac Box Set, 5 users, $230; Server, 10 users, $340; unlimited, $850. Shipping included.
• Best Mac mini Deals, 11.16. Used 1.42 GHz G4 mini, $379; 1.66 GHz Core Solo, $419; 2.0 Core 2, $450; new 2.26 GHz nVidia, $580; 2.53 GHz, $769; Server, $990.
• Best iBook G4 Deals, 11.16. Used 12" 1.07 GHz Combo, $210; 1.33 GHz, $298; 14" 1.33 GHz, $398; 1.42 GHz, $479; SuperDrive, $498.
• Best iPod shuffle Deals, 11.16. Used 1 GB, $35; 4 GB, $65; refurb 1 GB, $39; 2 GB, $59; new 2 GB, $55, 4 GB, $75. New and refurb prices include shipping.
• More deals in our archive.

About LEM | Support | Usage | Privacy | Contacts

Practical Mac articles copyright ©2001-08 by Steve Watkins. Entire Low End Mac website copyright ©1997-2009 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to .
  LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
  Access our RSS news feed at http://lowendmac.com/feed.xml.
  Email may be published at our discretion; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
  PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
  Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, iPhone, PowerBook, MacBook, MagSafe, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.

Custom Search

Navigation

Used Mac Dealers
Apple History
Video Cards
Email Lists

Favorite Sites

MacSurfer
MacMinute
MacInTouch
MyAppleMenu
InfoMac
Macs Only!
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac
   Museum
DealMac
DealsOnTheWeb
Mac2Sell
ramseeker
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End
   Mac FAQ
Abandonware
   Petition
Mac vs. PC Info

Affiliates

The Apple Store
Mac Connection
B&H
MacMall
TechRestore
ExperCom
Crucial Memory
batteries.com

Advertise

All of our advertising is handled by BackBeat Media. For price quotes and advertising information, please contact at BackBeat Media (646-546-5194). This number is for advertising only.

Problems viewing this page with Internet Explorer 5.5 or 6? It works fine in other browsers, including IE 7. We recommend Firefox for those using Windows, as it is standards based and more secure than IE 6 (and earlier). More LEM visitors use Firefox than any other browser.