01-25-2010, 07:31 PM
Originally Posted by technologist
I also agree that you should have a host-based (software) firewall in addition to a network firewall. A network firewall only protects you from the Internet...not from other machines on a local network behind that network firewall.
1. The software firewall in Mac OS X does the same thing as a hardware firewall, only less well. So it will not protect you from local machines unless a local machine launches a DDOS attack. Which is pretty ridiculous, you could just walk over to them and throw your Starbucks latte at them if they did that.
2. You don't need protecting from local machines. A Mac with its default setup (all sharing turned off) is ALREADY IN STEALTH MODE. But don't take my word for it, test it yourself. Turn off your software firewall, and go here:
Run all the tests you want. You are "stealth" on all ports (in other words, no packets come back from "sniffing" tests).
And before anyone says "well that's a windows site," ahem -- TCP is TCP. Ports is ports. No difference.
Bottom line: if you're feeling paranoid, rather than hide behind multiple firewalls, you should probably ask yourself some hard questions about your internet behaviour.
If you want to run a software firewall to make yourself feel good, be my guest. Unless you are running certain specific services (like FTP, VPN, etc), having both hardware&software firewalls on may not cause any issues.
But don't pretend you are getting any "extra protection."