what is the difference if the firewall is enable or disable in mac
what is the difference if the firewall is enable or disable in mac
what is the difference if the firewall is enable or disable in mac
It monitors incoming traffic and can be set to not allow certain incoming traffic for safety reasons. If you have a wireless modem/router in your house, then the firewall is not necessary as the router does a much better job of monitoring incoming (although you can leave it on).
It's generally advised to leave it on, especially if you have a laptop which you carry around and use in public wifi areas such as cafés. As babowa says, a router will generally block any incoming traffic you have not solicited, but this is not foolproof and some cheap and ISP-supplied routers can actually be hacked remotely.
Matt
Thanks - didn't think about laptops/public wifi; I have mine on (contrary to all the comments I've seen here which say it's completely unnecessary) although i do have a good modem/router combination.
There are some issues that can be fixed to prevent intrusion without having the Mac's firewall on, and some that can't. One is how router itself is configured by the manufacturer. I figure you know this stuff already, babowa. This is more of a general post.
Some routers (stupidly) allow remote access or remote administration by default. The very first thing you should do is enter the web browser setup pages, locate those settings and turn them off.
Typically, you would enter 192.168.0.1, or 192.168.1.1 in your web browser to access those pages. Check the manuals to see what it is for your router. You should be presented with a sheet to enter your admin name and password before they will allow you in. Again, check the manuals for the defaults to enter. Or, enter the admin name and password you use if you have changed it from the defaults (you should).
On my CenturyLink DSL router, they're disabled under two separate pages of the Remote Management section:
However, as Thomas Reed noted in an article I had forgotten about, some Netgear routers can be remotely compromised even if you have remote access disabled. That's due to a flaw in the firmware they've know about for over a year and still haven't supplied patches for.
Thanks; it's all disabled here (and we may have the same modem? ZyXEL Q1000Z?); I also have MAC addressing enabled (which has nothing to do with the issue here, but I think it's a good idea).
Thanks everyone for your valuable replies.
I have one more question like i am getting same open ports and close ports even if the firewall is up and even when the firewall is down. Do you know the reason?
Your Mac (or any computer) can't send/receive email, or access the web in general without port activity. So there's at least those in normal operation.
Sorry for the incredibly slow response, babowa. My CenturyLink unit is an Actiontec Q2000.
Ahh, mine is the only one that'll work with the A-DSL service from centurylink here (ZyXel Q1000Z).
I think that's the one I previously had. We're still limited to 12 Mbs in our area, but they were able to boost it to 20 for us by using a pair bonded modem.
what is the difference if the firewall is enable or disable in mac