Re: Firewall or Little Snitch
- From: dempson@xxxxxxxxxxxxx (David Empson)
- Date: Mon, 28 Jan 2008 02:18:30 +1300
John Carrana <johncarrana@xxxxxxxxxxxxxxxx> wrote:
On 26/01/2008 01:06, in article 1ibbtad.31pf6tlvsndzN%dempson@xxxxxxxxxxxxx,
"David Empson" <dempson@xxxxxxxxxxxxx> wrote:
I have the latest Airport Extreme, I believe it has a built in firewall.
Can someone please tell me how I check if the firewall in Airport is on or
off.
In Airport Utility, click on Internet at the top.
At the bottom of the Internet Connection settings is "Connection
Sharing". Set that to "Share a public IP address" and you have a basic
firewall due to the NAT translation. I can't see any other settings for
enabling a firewall (except for an IPv6 one - see below).
If you want additional security, you might want to turn off the "Enable
NAT Port Mapping Protocol" option on the NAT tab. This will prevent
software running on your computer from allowing incoming connections but
this will also stop some applications from working. For example, iChat
probably needs this turned on to allow video and audio chats to work
(but it will still be able to do text chats).
The "Configure Port Mappings" button on the same tab takes you to a list
of allowed services on your computer, such as a web server. You set this
up manually to specifically allow things you want to let in. If the list
is empty then nothing outside your network can establish an incoming
connection (except with help from inside, via the Port Mapping Protocol,
if that is enabled).
You might still be affected by issues like a denial of service attack,
or some more advanced techniques. I don't know how good the Airport
Extreme is at protecting against those, and it may be necessary to have
a router with stateful packet inspection to provide better security.
You should also turn off external access to IPv6, as you probably won't
be using it yet. Go to Advanced, IPv6, and set the IPv6 Mode to
"Link-local only". The Airport Extreme has reasonably comprehensive IPv6
support, including a fair amount of firewall support, but IPv6 is still
only being used in specialised areas.
--
David Empson
dempson@xxxxxxxxxxxxx
.
- References:
- Firewall or Little Snitch
- From: John Carrana
- Re: Firewall or Little Snitch
- From: Andy Hewitt
- Re: Firewall or Little Snitch
- From: John Carrana
- Re: Firewall or Little Snitch
- From: David Empson
- Re: Firewall or Little Snitch
- From: John Carrana
- Firewall or Little Snitch
- Prev by Date: Re: Networking an iMac
- Next by Date: Re: Firewall or Little Snitch
- Previous by thread: Re: Firewall or Little Snitch
- Next by thread: Great article on building a mac clone - the hackintosh!
- Index(es):
