Women in Technology

Hear us Roar



Article:
  Exploring the Mac OS X Firewall
Subject:   Firewalls and Internet Sharing
Date:   2005-03-18 05:23:46
From:   peterhickman
Response to: Firewalls and Internet Sharing

The problem is that when you do internet sharing OS X does not create any special rules for the computers who are accessing the internet through the master computer. The rules for inbound packets are the same for access to your computer from the outside as they are for the sharees. I have found that as I only expose http and ssh then computers that are accessing the internet via my computer can only access http and ssh. What I do is add an extra rule to allow https access to my computer from the airport card so that my wife can access the shopping sites.


allow tcp from any to any https in via en1


Depending on how you feel about the people connecting to your computer you would need to set up a rule for each protocol that they are allowed to use or add a generic rule like


allow tcp from any to any in via en1


but this way you are putting a lot of trust in the users of your system that they will not use your machine as a gateway to spam from.