The Practical Mac

Setting up a Firewall in OS X

A 'Best of the Practical Mac' Column

- 2002.02.26 - Tip Jar

You're trying to decide if you need a firewall. Perhaps you read The Practical Mac column, Internet Security for the Home User. In that column, we stated that the longer you stay connected to the Internet, the greater your need for a firewall.

If you use OS X as your primary operating system, there is good news. You already own a firewall program and may not even know it!

Mac OS X, or more properly, its underlying Unix OS, contains a built-in firewall program. Configuration of this firewall is typically done at a Unix command prompt. That fact in itself would make it unsuitable for the vast majority of Mac users. After all, many of us first started using a Mac years ago because we did not want to be faced with the DOS command prompt.

However, a very nice GUI-based program exists to allow the user to configure the most popular firewall options from the comfort of their Mac desktop. The program is called BrickHouse, was written by Brian Hill, and is available for a $25 shareware fee. This could be the best $25 you ever spend.

After you have downloaded and installed BrickHouse (and paid for it!), open the program. At the initial screen, you may have to click on the lock icon and enter the administrator password in order to make changes. From the icon menu at the top, select the Assistant.

At the first Assistant screen, select your method of connection to the Internet and whether you have a static or dynamic Internet (IP) address. Click Continue.

At the next screen, you will be asked for the service that you wish to allow others to access on your Mac. The caption is a bit misleading. It implies that the selections you make here will only pertain to those who try to access your Mac from the Internet. In fact, these settings apply to anyone who tries to access your Mac from anywhere, even on the local network.

If others ever need to connect to your Mac for file sharing or you use iDisk, you should check "AppleShare IP/iDisk and "Network Browser (SLP)." These are the most common services you might need to leave open for access. If your Mac is ever accessed via Timbuktu for remote control or troubleshooting, you will need to check that box as well. We recommend you leave all others unchecked unless you have specific needs for those services. Click continue.

The next screen lists a large number of know hacks and attacks. As a general rule, you want to prevent these kinds of attacks (that is the primary purpose of a firewall, after all), so we recommend you check every box except for the first two, TPC and UDP Standard Services. At some point, particularly if you are on a corporate network, you may encounter a legitimate program which uses the same port(s) as one of these identified attacks and is prevented from working properly due to your firewall. If so, you can always enable access to the necessary port(s) by unchecking the box beside the attack which uses the same port(s). Click Continue.

Congratulations! Your firewall is configured and ready to be enabled. Click on Apply Configuration to make your firewall active. Then click on Install Startup Script to create a startup item which will enable your firewall each time you boot up your Mac. Now click Done.

Exit BrickHouse. Your firewall is installed and will be present until you uninstall it. If you decide you wish to uninstall the firewall in the future, simply select Options>Remove Startup File from the menu bar, and it will be gone once you reboot.

BrickHouse also offers an easy way to set up IP Sharing at this screen. If you have a single Internet connection and wish to share it with other computers (including Windows or Linux PCs) on your network, you can do so by clicking on Setup IP Sharing. The Mac which IP Sharing is setup on has to be running in order for any other computers to access the Internet through IP Sharing.

This could can very useful in a pinch, but for permanent Internet sharing, the better solution is to use a dedicated hardware device such as a router.

It is very important to point out that this only works in OS X. If you reboot into OS 9, the firewall is not present. Any applications running in Classic under OS X are protected, however.

If you use OS 9 as your primary OS, the firewall recommendations we made in Internet Security for the Home User still apply to you.

Steve Watkins is the Vice President for Information Technology for a mid-sized bank and also an attorney. He has been a Mac user for about ten years. He has owned some PCs along the way - but always came back to the Mac. If you find Steve's's articles helpful, please consider making a donation to his tip jar.

Recent Practical Mac Articles

• 5 things Apple is doing right in 2008 - and 5 it could do better, 03.24. Apple has made great strides in the past five years, but there are still a few areas that need to be addressed.
• MacBook Air a compelling option for the true road warrior, 02.22. Although it's not intended as a desktop replacement and has a few shortcomings, the lightweight MacBook Air with its 13" display could be the perfect field computer.
• Mailsmith a simple, powerful, spam fighting alternative to Apple Mail, 04.23. Mailsmith is bundled with SpamSieve, integrates with Address Book, and has very flexible scripting tools combined with elegant simplicity.
• Can your spam with SpamSieve, 02.02. "Right out of the box, SpamSieve exceeded the accuracy of the Apple Mail filter I've been training for over a year."
• More in the Practical Mac index.

Links for the Day

• Mac of the Day: Mac mini Core Solo, Feb. 2006 - The only Mac to use a Core Solo CPU, this model ran at 1.5 GHz, has integrated graphics, and includes a Combo drive
• Group of the Day: SuperMacs is for those using Umax SuperMac clones.
  
• November 24 in LEM history: 98: Microsoft's heavy hand - 00: Looking at the iMac - 04: The best Mac for the holidays - Picking the right replacement for a dead mouse - Better battery for 15" AlBook
• Support Low End Mac

Recent Content on Low End Mac

• Why Spaces is My Favorite Leopard (and Snow Leopard) Feature, Charles W. Moore, Miscellaneous Ramblings, 11.23. Spaces, a feature introduced with OS X 10.5, is like having several monitors on your Mac without the cost and space of using multiple displays.
• i5 iMac Benchmarked, Mac mini 'Shouldn't Be Overlooked', Twitter Client for Classic Mac OS, and More, Mac News Review, 11.20. Also why Apple leaves the low end to others, 10.6.2 fixes video playback problem in 27" iMac, 3D Leopard and Snow Leopard performance, and more.
• Apple's Tablet an End Run Beyond Netbooks, Frank Fox, Stop the Noiz, 11.20. Whatever Apple has planned will leverage existing technologies while going beyond what its competitors can offer.
• Apple #4 in Reliability, Apple Tablet a Gadget for All?, HP's i7 Notebook Outdoes Mac Rivals, and More, The 'Book Review, 11.20. Also Flash 10.1 improves video on Hackintosh netbooks, thin-and-light notebooks impress, Windows XP finally on the way out, and more.
• NASA Chemical Sensor for iPhone, Smartphone Death Match, iPhone Earrings, and More, Ian R Campbell, 11.20. Also mobile phone dangers, new apps, GPS solution for iPod touch, new iPod and iPhone cases, and more.
• Replacing the Hard Drive in a Clamshell iBook, John Hatchett, Recycled Computing, 11.19. Yes, it is one of the most difficult Apple notebooks to disassemble and reassemble, but a 10 GB hard drive just will not do.
• IBM Model F: A Great Old Keyboard with an Outdated Layout, Tommy Thomas, Welcome to Macintosh, 11.19. Although it used a different technology than the revered IBM Model M keyboard, the Model F was a great keyboard in its own right.
• More links in our archive.

Recent Deals

• Best 12" PowerBook G4 Deals, 11.23. Used 867 MHz SuperDrive, $348; 1 GHz Combo, $379; SD, $519; 1.33 GHz, $529; 1.5 GHz Combo, $549; SuperDrive, $609.
• Best Time Capsule and AirPort Deals, 11.23. Used 802.11g AirPort Extreme, $49; 500 GB Time Capsule, $150; new, $190; 1 TB dual-band, $280; 2 TB, $469; 802.11n AirPort Extreme, $170.
• Best Mac Pro Deals, 11.23. Used 2.66 GHz 4-core, $1,300; 3.0 4-core. $1,919; refurb 2.66 4-core Nehalem, $2,149; 2.93, $2,549; 2.93 8-core, $4,999; new 2.26 8-core, $2,290.
• Best eMac Deals, 11.18. Used 1 GHz Combo, $100; SuperDrive, $269; 1.25 GHz Combo, $119; SD, $319; 1.42 GHz Combo, $289; SD, $498.
• Best Mac OS X 10.6 and Mac Box Set Deals, 11.18. "Snow Leopard", single user, $25; 5 users, $45; Mac Box Set, single user, $139; 5 users, $180; Server, $414. Shipping included.
• Best Xserve Deals, 11.18. Used 1 GHz dual G4, $649; 2.3 dual G5, $795; 3.0 4-core Xeon, $1,899; refurb 2.26 4-core, $2,499; new, $2,888; refurb 8-core, $2,999; new, $3,449; more.
• Best 15" MacBook Pro Deals, 11.17. Used 1.83 GHz, $750; 2.16, $800; 2.33, $900; refurb 2.4, $1,299; 2.53, $1,449; 2.66, $1,699; 2.8, $1,899; new 2.53, $1,579; 2.66, $1,799; more.
• Best Power Mac G4 and AGP Video Card Deals, 11.17. Used 400 MHz, $50; 933 MHz, $80; 500 dual, $60; 867 dual, $90; 1 GHz dual, $150; 1.25 GHz dual, $225; 1.42 GHz, $499.
• Best Mac OS X 10.5 Deals, 11.17. "Leopard" upgrade, $80; single user license, $135; 5 users, $173; Mac Box Set, 5 users, $230; Server, 10 users, $340; unlimited, $850. Shipping included.
• More deals in our archive.

About LEM | Support | Usage | Privacy | Contacts

Practical Mac articles copyright ©2001-08 by Steve Watkins. Entire Low End Mac website copyright ©1997-2009 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to .
  LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
  Access our RSS news feed at http://lowendmac.com/feed.xml.
  Email may be published at our discretion; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
  PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
  Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, iPhone, PowerBook, MacBook, MagSafe, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.

Custom Search

Navigation

Used Mac Dealers
Apple History
Video Cards
Email Lists

Favorite Sites

MacSurfer
MacMinute
MacInTouch
MyAppleMenu
InfoMac
Macs Only!
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac
   Museum
DealMac
DealsOnTheWeb
Mac2Sell
ramseeker
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End
   Mac FAQ
Abandonware
   Petition
Mac vs. PC Info

Affiliates

The Apple Store
Mac Connection
B&H
MacMall
TechRestore
ExperCom
Crucial Memory
batteries.com

Advertise

All of our advertising is handled by BackBeat Media. For price quotes and advertising information, please contact at BackBeat Media (646-546-5194). This number is for advertising only.

Problems viewing this page with Internet Explorer 5.5 or 6? It works fine in other browsers, including IE 7. We recommend Firefox for those using Windows, as it is standards based and more secure than IE 6 (and earlier). More LEM visitors use Firefox than any other browser.