SecurityFocus

Apple releases Mac OS X v10.5.1 with Application Firewall security updates Nov 15 2007 07:11PM
Todd Woodward (todd_woodward symantec com) (1 replies)

Application Firewall security updates Nov 15 2007 08:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (4 replies)

Re: Application Firewall security updates Nov 21 2007 03:00PM
Dave Piscitello (dave corecom com) (2 replies)

Re: Application Firewall security updates Nov 21 2007 09:27PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (3 replies)

Re: Application Firewall security updates Nov 22 2007 06:35PM
Derek Chesterfield (dez mac com)

Re: Application Firewall security updates Nov 22 2007 04:28PM
Bruce Carter (bcarter nd edu)

RE: Application Firewall security updates Nov 21 2007 10:43PM
Todd Woodward (todd_woodward symantec com)

Re: Application Firewall security updates Nov 21 2007 09:02PM
Chris Adams (chris improbable org)

Re: Application Firewall security updates Nov 16 2007 03:58AM
Mike Savory (mike_lists nzbox com)

RE: Application Firewall security updates Nov 15 2007 09:55PM
Todd Woodward (todd_woodward symantec com)

Re: Application Firewall security updates Nov 15 2007 09:51PM
Dave Schroeder (das doit wisc edu) (3 replies)

Re: Application Firewall security updates Nov 15 2007 11:36PM
Mark Senior (senatorfrog gmail com) (3 replies)

Re: Application Firewall security updates Nov 17 2007 02:54PM
Chris Pepper (pepper reppep com) (1 replies)

At 4:36 PM -0700 11/15/07, Mark Senior wrote:

>All this is an improvement, but IMO it's still not actually good.
>The big improvement one is configd - I gave up on writing a stateful
>ipfw filter for DHCP, because the request goes out to the broadcast,
>but the response is from a non-broadcast source. Application
>awareness is a nice one here

I just realized I had blocked DHCP; this is letting it work,
but I haven't done much testing yet:

# Allow DHCP responses (DHCP broadcasts, which seems to defeat
# keep-state).
add 800 allow udp from any to any src-port 67 dst-port 68 in

http://securosis.com/2007/11/16/ipfw-rules-20071116-revision/

>But, they've missed the big possibility for improvement here - they
>have an application-aware firewall - why on earth would they not
>apply it to outbound connections? No interesting malware requires
>inbound connections anymore; it's already written to get past home
>routers that allow all outbound and deny all inbound connections.
>Ah well.
>
>Incidentally, can anyone with access to a 10.5 system tell me, is
>there a CLI interface to the new application firewall? Is there a
>useful man page?

No manual page; the relevant command is
/usr/libexec/ApplicationFirewall/socketfilterfw.

http://www.extrapepperoni.com/2007/11/10/leopards-socket-firewall/

Chris
--
Chris Pepper: <http://www.reppep.com/~pepper/>
<http://www.extrapepperoni.com/>
The Rockefeller University: <http://www.rockefeller.edu/>

[ reply ]

Re: Application Firewall security updates Nov 19 2007 12:59PM
Sandor Szücs (sszuecs zedat fu-berlin de)

Re: Application Firewall security updates Nov 16 2007 11:03AM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (2 replies)

Re: Application Firewall security updates Nov 16 2007 05:30PM
Mark Senior (senatorfrog gmail com)

Re: Application Firewall security updates Nov 16 2007 04:34PM
Derek Chesterfield (dez mac com) (1 replies)

Re: Application Firewall security updates Nov 17 2007 12:30AM
Mark Senior (senatorfrog gmail com)

Re: Application Firewall security updates Nov 16 2007 04:47AM
Derek Chesterfield (dez mac com) (2 replies)

Re: Application Firewall security updates Nov 16 2007 04:08PM
Scott Russell (ScottRussell nd edu)

Fwd: Application Firewall security updates Nov 16 2007 04:55AM
Derek Chesterfield (dez mac com)

Re: Application Firewall security updates Nov 15 2007 10:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr)

Re: Application Firewall security updates Nov 15 2007 10:05PM
Dave Schroeder (das doit wisc edu)