Investigating the Leopard firewall


Our friend [Rich Mogull] has been flipping the switches on Leopard’s new firewall and scanning it to see what’s actually going on. There is some good and some bad. The new application signing is a mixed bag. It breaks Skype and a commenter pointed out that automatically trusting Apple installed apps like NetCat isn’t a good idea either. You can roll your own firewall using user friendly tools like WaterRoof since ipfw is still included.

5 thoughts on “Investigating the Leopard firewall

  1. @cde: you are so completely right, but I have had software firewalls crash and not realize it. I don’t even know if this is possible with a hardware firewall. I just feel safer.

  2. @techpagan

    Trust me, it is QUITE possible for a H/W firewall to crash. Be it on it’s own or via a DoS attack. I don’t think you hear about it because of different user bases (the home user vs. corporate sys admin).

  3. Looks like he just tested the front end.

    I’d like to see someone do black box testing on it using a flexible fuzzer framework. Or rootkit research.

    The native UDP services that are unblocked would be cool to mess with.

    The Mac droids will have to wash there abrecrombie and fitch, and clean there black framed designer glasses after the anger sweats.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.