The Practical Mac

Setting up a Firewall in OS X

A 'Best of the Practical Mac' Column

- 2002.02.26 - Tip Jar

You're trying to decide if you need a firewall. Perhaps you read The Practical Mac column, Internet Security for the Home User. In that column, we stated that the longer you stay connected to the Internet, the greater your need for a firewall.

If you use OS X as your primary operating system, there is good news. You already own a firewall program and may not even know it!

Mac OS X, or more properly, its underlying Unix OS, contains a built-in firewall program. Configuration of this firewall is typically done at a Unix command prompt. That fact in itself would make it unsuitable for the vast majority of Mac users. After all, many of us first started using a Mac years ago because we did not want to be faced with the DOS command prompt.

However, a very nice GUI-based program exists to allow the user to configure the most popular firewall options from the comfort of their Mac desktop. The program is called BrickHouse, was written by Brian Hill, and is available for a $25 shareware fee. This could be the best $25 you ever spend.

After you have downloaded and installed BrickHouse (and paid for it!), open the program. At the initial screen, you may have to click on the lock icon and enter the administrator password in order to make changes. From the icon menu at the top, select the Assistant.

At the first Assistant screen, select your method of connection to the Internet and whether you have a static or dynamic Internet (IP) address. Click Continue.

At the next screen, you will be asked for the service that you wish to allow others to access on your Mac. The caption is a bit misleading. It implies that the selections you make here will only pertain to those who try to access your Mac from the Internet. In fact, these settings apply to anyone who tries to access your Mac from anywhere, even on the local network.

If others ever need to connect to your Mac for file sharing or you use iDisk, you should check "AppleShare IP/iDisk and "Network Browser (SLP)." These are the most common services you might need to leave open for access. If your Mac is ever accessed via Timbuktu for remote control or troubleshooting, you will need to check that box as well. We recommend you leave all others unchecked unless you have specific needs for those services. Click continue.

The next screen lists a large number of know hacks and attacks. As a general rule, you want to prevent these kinds of attacks (that is the primary purpose of a firewall, after all), so we recommend you check every box except for the first two, TPC and UDP Standard Services. At some point, particularly if you are on a corporate network, you may encounter a legitimate program which uses the same port(s) as one of these identified attacks and is prevented from working properly due to your firewall. If so, you can always enable access to the necessary port(s) by unchecking the box beside the attack which uses the same port(s). Click Continue.

Congratulations! Your firewall is configured and ready to be enabled. Click on Apply Configuration to make your firewall active. Then click on Install Startup Script to create a startup item which will enable your firewall each time you boot up your Mac. Now click Done.

Exit BrickHouse. Your firewall is installed and will be present until you uninstall it. If you decide you wish to uninstall the firewall in the future, simply select Options>Remove Startup File from the menu bar, and it will be gone once you reboot.

BrickHouse also offers an easy way to set up IP Sharing at this screen. If you have a single Internet connection and wish to share it with other computers (including Windows or Linux PCs) on your network, you can do so by clicking on Setup IP Sharing. The Mac which IP Sharing is setup on has to be running in order for any other computers to access the Internet through IP Sharing.

This could can very useful in a pinch, but for permanent Internet sharing, the better solution is to use a dedicated hardware device such as a router.

It is very important to point out that this only works in OS X. If you reboot into OS 9, the firewall is not present. Any applications running in Classic under OS X are protected, however.

If you use OS 9 as your primary OS, the firewall recommendations we made in Internet Security for the Home User still apply to you.

Join us on Facebook. Follow us on Twitter.

Steve Watkins is the Vice President for Information Technology for a mid-sized bank, an attorney, and an Army Reserve JAG on extended active duty. He has been a Mac user for about 12 years. He has owned some PCs along the way - but always came back to the Mac. If you find his articles helpful, please consider making a donation to his tip jar.

Recent Practical Mac Columns

• Disk Expert Helps You Find and Delete or Archive Your Biggest Files, 2012.02.02. If your hard drive, flash drive, or SSD is filling up, Disk Expert can help pinpoint the biggest files, which you may be able to delete or archive.
• Welcome Back to Mac, Quicken, 2012.01.06. Quicken 2007, widely used on Mac, broke with OS X 10.7 Lion, and Quicken finally promises a Lion-compatible version.
• The Jobs Legacy: Nearly Problem-Free Computing, 2011.10.06. "...users quickly saw that the Macs had none of the problems their previous Windows PCs had."
• More in the Practical Mac index.

Links for the Day

• Mac of the Day: Mac IIfx, introduced 1990.03.19. This 'wicked fast' 40 MHz Mac trumped the 33 MHz DOS world.
• February 14 in LEM history: 98: A perfect compact Mac - 00: Extended computer warranties worth the cost? - Making your PC work with your Mac - 01: Customize Microsoft Word - 02: Quadra revives a passion for computing - 03: Real world performance - DIY Pismo screen replacement - Best Mac for writing - 03: Fastest browser on the Mac - 06: 15" MacBook Pro - Impressions of a newly acquired Lisa - Finding and using free WiFi - Apple should liberate OS 9 - 07: New Mac mini cheaper than upgrading a Power Mac - 08: Falling in love with OS X
• Support Low End Mac

Recent Content on Low End Mac

• Fix Home Button Delay, Tablet the Ultimate Mobile PC, iPad Notebook a Possibility, and More, iOS News Review, 2012.02.10. Also using your iPad at work, two photo editors, a new iPad text editor, Macally's magnetic iPad 2 stand, and more.
• White MacBook Goes End-of-Life, Logitech Touch Mouse Supports Gestures, Firmware Updates, and More, The 'Book Review, 2012.02.10. Also MacBook Air better than any Ultrabook, docks for MacBook Pro models, Intel offers improved SSDs, and more.
• Mac and iOS Browsers: Options Galore, Freeware Forum, 2012.02.10. Safari is adequate on Mac and great on iOS, but the range of good alternatives is stunning. LEM writers share their favorites.
• Apple's Support Lead Shipping, Smartphones Outsell PCs, OS X Ported to ARM by Intern, and More, Mac News Review, 2012.02.10. Also the power of Tex-Edit Plus, Google and Twitter are already censoring the Web, Snow Leopard Security Update, and more.
• LogMeIn: Remote Screen Sharing for the Rest of Us, Alan Zisman, Zis Mac, 2012.02.09. Configuring the Mac's built-in screen sharing to work over the Internet can be difficult or impossible. LogMeIn makes it easy.
• 15 Years Ago Motorola Unveiled the PowerPC G3, Low End Mac Round Table, 2012.02.06. The G3 processor was optimized for real world Mac software and made a big leap forward in efficiency.
• Don't Kill Caps Lock, Learning to Love the iOS Keyboard, and an Adaptive iPad Keyboard, Charles W. Moore, Miscellaneous Ramblings, 2012.02.06. The Caps Lock key has a useful function, the iPad's keyboard really is useful, and checking out an adaptive keyboard for the iPad.
• More links in our archive.

Recent Deals

• Best 17" MacBook Pro Deals
• Best iPod classic Deals
• Best eMac Deals
• Best MacBook Air Deals
• Best iBook G4 Deals
• Best iPad Deals
• Best Classic Mac OS Deals
• Best Apple TV Deals
• More deals in our archive.

About LEM Support Usage Privacy Contact

Practical Mac articles copyright ©2001-12 by Steve Watkins. Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Entire Low End Mac website copyright ©1997-2012 by Cobweb Publishing, Inc. unless otherwise noted. All rights reserved. Apple, the Apple logo, Macintosh, iPad iPhone, iMac, iPod, MacBook, MagSafe, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.
  Advice is presented in good faith, but what works for one may not work for all. Please report errors to .
  LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
  Email may be published at our discretion unless marked "not for publication"; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. Letters may be edited for length, context, and to match house style.
  PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.

Custom Search

Share

Follow Low End Mac on Twitter
Join Low End Mac on Facebook

Low End Mac Reader Specials

TypeStyler 11 is now in the Mac App Store!! -- Special Introductory Price of $59.95!! -- To Buy From The Mac App Store Click Here Now!! Or buy direct from Strider Software.

Don't install Parallels to play poker online! Poker Mac will show you how to download and install a native Mac poker and Mac Casino applications in minutes.

Favorite Sites

MacSurfer
Cult of Mac
Shrine of Apple
MacInTouch
MyAppleMenu
InfoMac
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac Museum
DealMac
Deal Brothers
Mac2Sell
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End Mac FAQ

Affiliates

Amazon.com
The Apple Store
The iTunes Store
PC Connection Express
GainSaver
Parallels Desktop for Mac
eBay

Advertise

All of our advertising is handled by BackBeat Media. For price quotes and advertising information, please contact at BackBeat Media (646-546-5194). This number is for advertising only.