"Stealth Mode" Firewall not working at all

Question

Level 1

12 points

"Stealth Mode" Firewall not working at all

Hello,

I am struggling myself with an issue on my old 2007 MacBook Pro, where it has Mavericks 10.9.5 installed. I have recently noticed that enabling "Stealth mode" at firewall options is not doing anything, as I used Terminal to get pings from "localhost" using Terminal, and computer responds normally whether "Stealth mode" is enabled or not.

Surprisigly, I have another MBP, but model from 2012, and this one have exactly same OS X version installed (10.9.5), and Stealth Mode is working as it should be, because, when I try to ping locahost also using Terminal, it says "request timeout - 100% packet lost", so it is refusing pings at all, it is working correctly on this machine.

I have no idea why Stealth Mode in my old MBP is not working at all. I already tried to enable and disable eveything, but there is no way to get this issue solved.

Is there anything I can do to restore or rebuild the Firewall structure to "original mode" ? What are the files that control Firewall in Mavericks ? Was told that the only file is "com.apple.alf.plist", but absolutely no idea about this ?

Any help would be much appreciated 🙂🙂

MacBook Pro, OS X Mavericks (10.9.5)

Posted on May 10, 2017 12:03 PM

Reply

Answer 1

Drew Reece

Level 6

10,684 points

May 10, 2017 12:12 PM in response to Gl7-9M

pinging 'localhost' is not going out to the network & coming back in. It is routing within the system internally. That means the firewall is not seeing those packets. I believe localhost uses the loopback system which does not leave the device.

If you want to test a firewall you need to ping from outside the device. Use the devices IP instead of 'localhost' and run it from another machine.

Stealth mode does very little besides make the Mac more difficult to use, if you enable any sharing features the Mac will open ports for those anyway. Why do you need stealth mode? Most NAT routers will provide protection from threats (e.g. the internet).

P.S. You need to avoid trying to 'rebuild firewall rules to original mode' unless you understand the system. It is very easy to break features, especially if you assume correct behaviour is incorrect…

Reply

Answer 2

etresoft

Level 9

53,456 points

May 10, 2017 12:13 PM in response to Gl7-9M

Hello Gl7-9M,

The Application Firewall is not what people think it is. I suggest turning it off because it doesn't provide any value. It is a bit of a long and complex story. I'll be glad to get up on my soapbox and give it to you if you want, but only if you ask. The bottom line is that a firewall is only useful for network administrators running large networks. The Application Firewall that comes with your Mac is a much less powerful tool and essentially does the exact opposite of what you think it does. Most people are behind some kind of wireless internet router anyway, so your Firewall is only blocking other machines on the network. And if you are actually providing services, by default it will allow external connections.

Reply

Answer 3

Gl7-9M Author

Level 1

12 points

May 10, 2017 3:15 PM in response to Drew Reece

Thank you Drew Reece for your comment. Let me start to saying that I forgot to mention on first message I used another machine ( Windows laptop ) linked in my NAT and from there, I was able to ping my 07 MBP using the basic "command line"...

Also used a different device, and was able to get pings from my Macbook as well, so firewall stealth mode is not acting as it should be, right ? I am not using any sharing features, everything is disable.

This is not happening on the other MBP as I mentioned above, and they have exactly same OS X version installed, so this is exactly what is concerning me, why my old Macbook is not blocking incoming pings from anyother machine in my NAT, exactly as is happening on my other MB ?

Reason for my interest to enable "Stealth mode" is because my router is not able to block incoming pings (at least using my devices in NAT), so this way I would get "extra" protection. I have no idea if inbound traffic from internet, is able to pinging my router ? How can I test that ?

Many thanks

Reply

Answer 4

Gl7-9M Author

Level 1

12 points

May 10, 2017 3:33 PM in response to etresoft

Hello etresoft,

Thank you for your message. I understand your point here, and the main reason for my concern, is due to the fact I do not trust too much in my router's defence abilities. The firewall setup is very basic and I am not able to go deeper when it comes to write my own rules. Unfortunately I am not able to install any third party firmware (like OpenWrt) since this router is the one provided from my ISP, and I would need to use a second router linked in bridge directly to get the internet. I am not really an expert in Mac's, am actually a novice user, and am trying to understand how exactly firewall works on OS X systems. I know there are Application Layer Firewall, and "Packet Filter Firewall" - PF. My confusion starts exactly here.... because I still do not understand the exact function and difference between both 😕

What you exactly meant by "soapbox" ? I am sorry for not understand this 😊

Cheers

Reply

Answer 5

etresoft

Level 9

53,456 points

May 10, 2017 4:13 PM in response to Gl7-9M

Hello again Gl7-9M,

Your router has no "defence abilities". If you are concerned enough about security to want to install a firewall, then just don't publish any services on the internet. It's that simple. And if you have a router, regardless of its defensive abilities, you aren't doing that. Unless you have defined some special DMZ zone or port translations inside your router, then it will not redirect anything from the internet to your Mac. That isn't a function of any defensive capabilities, that is just how it works.

Here is the problem with the Application Firewall. If you are publishing any services on the internet, then the default setting for your firewall is also to publish those services. If you configure the firewall to block those services, then they won't work. So why publish them if you are then going to block them? And I can guarantee that "stealth mode" is useless if you are publishing any services. Those services are the first thing any hacker would look for - and you are publishing them.

But wait, I've gotten ahead of myself. You have an internet router. So you aren't publishing anything. Ergo, you have no need for any application firewalls.

Reply

Answer 6

BobHarris

Level 9

55,967 points

May 10, 2017 5:43 PM in response to Gl7-9M

the main reason for my concern, is due to the fact I do not trust too much in my router's defence abilities

If you have a home router, then it is impossible for the internet to directly see your Mac, not to mention impossible to ping your Mac from the internet.

This is just a basic feature of a typical home NAT router. That is to say no device behind the home router (any home router) has a directly visible address. This is an inherent feature of all consumer home routers, whether cheap or expensive. Generally the extra cost is for ease of use, or better WiFi, or extra features, or faster network support/WiFi. It has nothing to do with the basic nature the NAT service, which is what makes your Mac not directly addressable from the internet.

The only way the outside world can connect to a device behind your router, is if the device asks the router to make a port available via things like universal-plug-and-play (UPNP).

It is a waste of time turning on the Mac firewall as long as your Mac is behind a home router.

If at home you want stealth mode, you have to have your router do that, as it is the ONLY device visible to the internet.

If you take your Mac out to a public WiFi host spot, then your firewall might be useful (not much, but it might).

But your best defense is to never enable the 'root' account, and to make sure that any accounts you have on your Mac have good passwords.

Reply

Quick Links

"Stealth Mode" Firewall not working at all