MacSecure.com
A Mac Security Blog

Leopard Firewall: Why it’s acting the way it’s acting.

Apple posted documentation about the Application Firewall today which explains a lot of what many folks have been seeing.

I haven’t had much time to analyze it yet, but here’s the kicker:

Anything running as UID 0 will not be blocked, even when the Application Firewall is set to Block All Incoming Connections.     This explains why the netcat tests were working.   I’m not sure how I feel about that — should “Block all incoming connections” have an asterisk?

Bookmark this page at:
  • Digg
  • del.icio.us
  • Reddit
  • StumbleUpon
  • Technorati

One Response to “Leopard Firewall: Why it’s acting the way it’s acting.”

  1. [...] “Block All Incoming Connections” setting I talked about here has now been changed to read “Allow only essential services.”   Without having [...]

    MacSecure.com » Mac OS 10.5.1 Update - Security Changes - November 15th, 2007 at 2:05 pm

Leave a Reply

You must be logged in to post a comment.