5

Trying to find out more about apple's "Firewall". What exactly is it? 

In /usr/libexec/ApplicationFirewall

there are a bunch of undocumented programs, I've wandered through the mystery maze of the OSx docs... but they dont even mention it. What kind of thing is it?

MadHatter
  • 78,442
  • 20
  • 178
  • 229
chiggsy
  • 1,576
  • 1
  • 15
  • 20

2 Answers2

8

Wikipedia is your friend here -- Basically an Application Firewall is a firewall that operates at the Application layer (as opposed to just the network layer like packet-filtering firewalls).

The major advantage of Application Firewalls is that they can say "World of Warcraft is allowed to use port 12345, but nobody else is", or "HTTP traffic on port 80 is OK, but if the packets don't look like HTTP data block them", depending on the sophistication of the firewall in question and where it is on the network (a local application firewall knows World of Warcraft tried to use a port, where one plugged in later can only do packet inspection to figure out what kind of application it's dealing with).

voretaq7
  • 79,345
  • 17
  • 128
  • 213
2

Google is also your friend here, but apparently Leopard's "application" firewall is really just a socket firewall, allowing you to trust certain applications and ports, much like Windows Firewall or Zone Alarm.

For the proper definition of an application firewall, see voretaq7's answer.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
gravyface
  • 13,947
  • 16
  • 65
  • 100
  • Yes, I read both wikipedia and the other entry. It seems plausible, but I was hoping for "This is how a socket firewall works." I know that it lets far too much stuff in silently on osx, only blocks TCP and UDP, stealth is implemented with an ipfw rule. AFP flies right through. More questions coming ;) – chiggsy Feb 10 '11 at 16:28
  • You should ask then, "how does a socket firewall work" instead of "What's Apple's Application Firewall?" – gravyface Feb 10 '11 at 16:33