WaterRoof (that’s the opposite of FireWall, get it?) is a GUI that allows you to interact with ipfw without all that nasty mucking about on the command line. When you start WaterRoof, you may be taken aback by the initial dialog, which provides buttons for Rules and Logs, and a Help button. Your first choice should be help, which opens a PDF file and gives an overview of how to use WaterRoof. Once you’ve done this, you may want to click the Logs button, which shows Console logs of both the Network Firewall and Application Firewall. Clicking on the Rules button will shows the Static Rules dialog, which should have a single rule in it. You can bring up other Firewall dialogs by using the Firewall menu. The next set of rules are Dynamic Rules, which, as you’ll see, is the output of a set of static rules that you define in the Static Rules dialog. To get you started, you can select “Activate example configuration,” which creates a set of static rules, whose output you can view by hitting the Refresh button in the Dynamic rules dialog. These rules can form the basis of a stateful firewall.
Static Rules After “Activate Example Configuration”
The next dialog in the Firewall menu, Bandwidth settings, is where things start to get interesting. With this feature, you can use ipfw to limit the upload and download bandwidth for network connections made to or from your Mac. You can make this specific to an IP address or port, or make a general rule that applies to all connections. There’s also a Network process choice, a list of processes which make or listen for network connections. This is equivalent to the “lsof” command. Next is the Manage network connection and Manage network connection (established) choices, where you can view these connections, but also select and either block or limit them if you choose. To get you started, the Firewall menu contains some Configuration Tools. There are Ready rule sets, such as “Block dangerous traffic” and “Safe ICMP,” to help you get started.
So get full control of your ipfw firewall today, and check out WaterRoof! Have any other gadgets that can help configure your network? Send an email to John, and he’ll check it out.