Filed under: OS, Freeware, Internet Tools, UNIX / BSD
WaterRoof firewall manager
Lots of people know that OS X has a very powerful stateful packet inspection firewall (ipfw) under the shiny hood of the Sharing Preference Pane thanks to its UNIX underpinnings, but actually understanding and controlling that power is something else entirely. Perhaps a bit lost in the rush to Christmas Macworld published a nice guide to configuring the Leopard firewall that's definitely helpful in getting a bit clearer about what's going on. But if you really want to dig into the options you've got to go deeper, and if you don't have the command line chops to set it up yourself, you'll want to check out the open-source WaterRoof from hanynet.com.Basically, WaterRoof is the graphical front end to ipfw that Apple left out. As the developer notes, its features "include dynamic rules, bandwidth management, NAT configuration and port redirection, pre-defined rule sets and a wizard for easy configuration." Particularly if you're trying to use a Mac as a gateway or router and need more sophistication than the built-in Internet Sharing provides, WaterRoof can really simplify matters.
WaterRoof is a free download (donations requested) with separate versions for Tiger and Leopard. The same developer also has a simplified version with many fewer features called NoobProof.
Get a WordPress.com Blog
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Joshua Ochs said 9:39AM on 1-11-2008
FYI, ipfw is not used for Leopard's "Application Firewall", so making changes in the Security preference pane will not affect it. You can use both, but beware that you don't confuse yourself - I know the pain of making changes in one firewall and missing the other (commence the gnashing of teeth).
Having mucked about with ipfw the last few days, I can recommend WaterRoof, but make sure you have a good grasp of ipfw - it's like a lot of UNIX - very powerful, very flexible, but it can be very tricky to get right.
Reply
Speddy said 9:51AM on 1-11-2008
This software's been out for sometime.
I prefer it, and using LittleSnitch to monitor what is trying to get out (let alone in).
Reply
john_a said 10:20AM on 1-11-2008
I had a short write-up of WaterRoof here:
http://macsecure.com/2007/11/09/managing-the-leopard-firewall-with-waterroof/
Reply