logo Quick Configuration

BrickHouse provides an easy graphical configuration screen for common firewall options, and a text-based expert option that will allow power users and administrators to take full advantage of the built-in firewall.

Connection Options
Most Macintosh computers can have two types of network connections. Ethernet connections are very fast and may connect your computer to the internet (such as a DSL or Cable modem) or other computers in your home or office in a Local Area Network or LAN. PPP connections connect your computer to the internet through a modem.

Your firewall can be set with different options for both your ethernet and PPP connections.*

Allow All Outgoing Connections
To allow all outgoing traffic, select this option. If it's not selected, only types of outgoing traffic selected in the 'Allow Standard Services' section will be allowed. This may be done if there is a high risk of your computer being 'hijacked' for use in a distributed denial of service attack. A computer in a semi-public place such as a computer lab would be a good candidate for this rule. Typical home use would allow all outgoing connections.

Allow Standard Services
This section allows you to filter internet traffic by common service types, such as AppleShare, web, ftp and email. If Allow All Outgoing Connections is off, these options will control both incoming and outgoing traffic. If it is on, these options will only control incoming traffic. As a general rule, if you don't know what a specific service is, you probably don't need it on. One possible exception to this is SNMP. If you are located on a corporate network, or other professional installation, you may need to allow SNMP traffic. Ask your network admin. If you don't have a network admin, you don't need to allow SNMP traffic.

Deny All Other Standard Services
This options is encouraged to deny all traffic in the range used by Unix 'standard services'. These include many small network programs, most of which are disabled by default on MacOS X. However, it's a good idea to deny all traffic in this range (port 1-1023 for the experts out there) that's not explicitly allowed in the above section, just for safety's sake.

Deny All Other Incoming Connections
Many 'user-oriented' or peer-to-peer programs use ports numbered above the standard service range to communicate over the internet. Examples of this include games like Quake 3, sharing programs like Napster, and others. Since these programs only accept connections when the user of the computer is running them, it's more safe to allow connections above the range of standard services.

 

* The Quick configuration screen can only configure your firewall for the default ethernet card (en0). If your computer has more than one ethernet card, you must use the Expert configuration screen to configure your firewall for your second and subsequent ethernet cards. The planned 'Advanced' configuration screen may allow you to configure multiple ethernet cards using a GUI.