Apple posted documentation about the Application Firewall today which explains a lot of what many folks have been seeing.
I haven’t had much time to analyze it yet, but here’s the kicker:
Anything running as UID 0 will not be blocked, even when the Application Firewall is set to Block All Incoming Connections. This explains why the [...]
Mac side, from a Terminal:
sudo su
nc -l <port number> (I used 1000)
Ensure that your Leopard firewall settings are set to “Block all incoming connections” and “Enable Stealth Mode” (in the advanced settings)
From a remote machine:
nc <leopard ip> <port from above>
Connected! If you don’t have netcat on a remote machine, you can simply telnet to the [...]
I spent quite a bit of time tonight testing the Leopard firewall from my local host as well as from a Linux host on my local LAN while running various configurations of Nmap and tweaking the various Leopard firewall configuration options.
As I started to write it up, I found that I’ve been beaten to the punch. [...]
As of today it’s been a week since the (in)Famous Heise article was published online that slammed the then-newly-released MacOS X Leopard firewall. The initial article in German was translated to English and the translation has been blamed for at least part of the the problem, but the Heise article made some very damning commentary [...]