OSNews

Thank you for the quick reply and good clarification.

As far as I see, some functionalities of IPFW and the Application firewall do overlap, e. g. when ipfw is used to deny everything except the intended services in, and the Application firewall has to allow traffic for these services.

So, if I am correct, there needs to be a kind of link between the IPFW and AFW. For example, if you setup something for IPFW like "add allow tcp from any to any ftp" then the FTP service should be allowed to make connections and receive / send data, where the AFW would be responsible for.

"Now this is not a bad idea but the issue I have is that the front end program apple made for OS 10.5 is does not let you setup IPFW rules saying block all TCP traffic from IP BLAH. or Deny all IP in and then setup explicit allow rules."

Assuming that the some of the unterlying FreeBSD stuff is still intact, isn't it possible to create /etc/ipfw.rules and enter the intended rules, and then start /etc/rc.d/ipfw?

"Apple IMHO needs to add and advanced firewall editing in the system prefs gizmo for the firewall to allow you to add ipfw rules . The application firewall's default setup does not address a number of firewall issues that ipfw + the application firewall could."

A nice GUI frontend would be a good idea.