I’m spoiled on unix firewalls extreme flexibility, and paradoxically, Windows firewall ease of configuration.
There should be a good middle ground in there. Mac does a great job of “being” unix, but with a much easier interface than Windows. Which is a feat. But, let me just put on my rant hat and rant pants. WHAT THE HELL IS WRONG WITH THE OSX FIREWALL!?!?
Why would you move from ipfilters to the more featureful PF firewall that the unix environment offers, and then only provide a brain dead interface that allows you to select Applications to allow through the firewall, and ZERO ability to limit the networks or IPs that are allowed to use those applications?
What kind of security is provided by either allowing a) the entire world to access Screen Sharing, or b) nobody…
Yes, you can make an argument that the corporate firewall, or even your home router, should be acting as hardware firewall to protect you. But when I go to Starbucks, who is protecting me there? When I’m in the airport, who is protecting me? Nobody is. Thanks Apple.
Microsoft gets it right in this department. And, as far as I am concerned, Apple doesn’t even actually offer a useable firewall. At least not out of the box.
Here is my solution: PFLists by Hany El Imam
This handy little app allows you to specify which networks or IP addresses are allowed to connect to which ports on your computer.
The only thing missing is Microsoft’s concept of “network location” so I can be more open at home and more secure at Starbucks.