firewall question

macgig · Feb 10, 2014

I have the osx firewall on. do I also need to turn it on in my westell router/modem?

and what setting should I use if it needs to be on?

thanks.

osxx · Feb 10, 2014

I don't think you need the firewall turned on in the iMac but you should always have it enabled in your modem/router.

pigoo3 · Feb 10, 2014

Good question...especially since you have OS 10.6 support concerns.

I would turn it on...and try different settings (starting with "max/high")...and see how this affects your day to day activities. If it's "too restrictive" adjust the setting to "medium"...etc. This way you customize things to your situation.

- Nick

macgig · Feb 10, 2014

ok thanks for the quick reply. I may try max or medium at least. I don't like low because my modem can still be "seen".

RadDave · Feb 10, 2014

osxx said:
I don't think you need the firewall turned on in the iMac but you should always have it enabled in your modem/router.

Agree w/ the above - if you have a strong firewall built into your router, then the OS X firewall can be disabled (conflicts could occur w/ both operating); however, if you travel w/ a laptop and use hotel and/or public hotspots, the recommendation is to activate the firewall on the computer. Dave

macgig · Feb 10, 2014

Ok cool. looks like it's opposite of what it should be. I'll disable on OSX and turn it on for the router. thanks.

pigoo3 · Feb 10, 2014

Call me weird...I always have the "Mac" firewall on...in addition to the router/model firewall. I haven't (as of yet) run to any issues with everything on. But I agree...if it would cause issues...then I would think about turning it off.

- Nick

macgig · Feb 10, 2014

guess I could try both and see what happens? what sort of issues should I look for?

vansmith · Feb 10, 2014

I imagine that no conflicts arise since both block similar ports and thus, what gets stopped at the router never reaches the Mac which thus has nothing to complain about.

It probably doesn't hurt to have both on but it's redundant and if you only have the router one on, you lower the risk of conflicts.

pigoo3 · Feb 10, 2014

macgig said:
guess I could try both and see what happens? what sort of issues should I look for?

I cannot speak for others...but as far as I know...I haven't experienced anything.

If I was you (since you may be making a lot of changes):

- Turn off the "Mac Firewall" first.
- Adjust the router firewall setting to what you want...and figure out what router firewall setting is good for you.
- Once the router firewall setting is where you want it...then you could try turning the Mac Firewall back on.

Like I mentioned above...I haven't experienced any issues with both firewalls on...but maybe others have.

- Nick

osxx · Feb 10, 2014

pigoo3 said:
Call me weird...I always have the "Mac" firewall on...in addition to the router/model firewall. I haven't (as of yet) run to any issues with everything on. But I agree...if it would cause issues...then I would think about turning it off.

- Nick

I leave mine on in my MBP because I leave the house with it and never experienced any conflicts but on an iMac that is stationary IMO it really is user preference it probably can not hurt.

harryb2448 · Feb 10, 2014

With wireless router firewall on leave mine to Apple's default of off.

RadDave · Feb 10, 2014

osxx said:
I leave mine on in my MBP because I leave the house with it and never experienced any conflicts but on an iMac that is stationary IMO it really is user preference it probably can not hurt.

Again agree, my MBP stays @ home behind our AirPort Extreme Router, but I would certainly use the OS firewall if on the road; and using both seems to have worked out fine for others, so becomes a personal decision.

But if you plan to 'test' the firewall (alone or in combination), then be careful on how the testing is done; e.g. I visited Steve Gibson's website which I used constantly when on PCs - his Shields Up!! will scan a variety of ports etc. on your router or computer to determine if these are 'open', 'closed', or 'stealth' (the link provides an explanation of each).

Well, I scanned my system w/ just the router's firewall in place, all of the 1056 ports tested were closed w/ a handful in stealth mode - the closed ports had responded but of course did not permit TCP packets to pass; I then turned on my computer's firewall and checked off the 'stealth' option producing the same results (see two attached pics); of course, both times only the router was being examined - I would have to directly attach my laptop to the cable modem and then retest, i.e. the laptop would need the IP address (top of each pic) assigned to my cable modem and the router.

Now is having all ports closed enough to ask from one's router or is complete stealth the goal? I've not really delved into the more advanced settings of my fairly new router w/ the AirPort Utility - but would be curious of others' opinions regarding the level of protection desired from their routers. Dave

.

chscag · Feb 10, 2014

@macgig

Set your router on "Typical Security" (medium) as that's where it should be for best overall use. Turn the firewall off in your iMac. If you had a MacBook Pro that you were using at places where there is free WiFi (Starbucks, Panera, etc) then you would want to turn on your Mac's firewall.

firewall question

macgig

osxx

pigoo3

Well-known member

macgig

RadDave

macgig

pigoo3

Well-known member

macgig

vansmith

Senior Member

pigoo3

Well-known member

osxx

harryb2448

RadDave

chscag

Well-known member

Shop Amazon