Because other people can access your computer when it's on a network, you should protect it from unauthorized traffic. Mac OS X includes firewall software you can use to block unwanted network connections and prevent unauthorized network access to your computer. The firewall uses the BSD utility ipfw (IP Firewall) to block network traffic on specific IP ports. The firewall included in Mac OS X is separate from network firewalls or network security devices that network administrators use to protect against attacks from outside the network, but it has the same function: it protects your computer from attacks or unwanted intrusion. If your computer is on a network that has a firewall, you should still use the Mac OS X firewall to protect against the possibility of attacks from other computers on the network. TIP All Mac OS X computers connected to the Internet, including those behind network firewalls, should enable the firewall. To enable the firewall, click Firewall in Sharing preferences and then click the Start button. The Mac OS X firewall blocks traffic to specific IP ports. IP ports specify network services, such as Apple File Service (port 548) and web services (port 80). By preventing incoming traffic from reaching certain port numbers, you can prevent many types of unauthorized access to your computer. When you enable the firewall, all ports other than the ones checked in the list will be blocked. Blocking ports may disrupt services such as iChat Bonjour browsing and iTunes music sharing, so be sure to block only those ports you know are not in use. When you turn on a network service in the Services pane of Sharing preferences, Mac OS X automatically allows that service in the Firewall pane. This allows authorized traffic to pass and other traffic to continue to be blocked. If you are curious about the ports typically used for certain services, open /etc/services file. To read the file contents, either use the command line or navigate to /etc using Go to Folder (Command-Shift-G) in the Finder, and use TextEdit to view the file contents. You cannot change the settings for the default ports listed in the Firewall pane; however, you can specify additional ports to be opened as follows:
NOTE If you are using iTunes for Windows, refer to Knowledge Base document 93396: "iTunes for Windows: Music Sharing With Windows Internet Connection Firewall." Advanced Firewall SettingsTo set additional firewall options, click the Advanced button in the Firewall pane of Sharing preferences. There are three advanced options:
|