Karl Katzke

The girl brought over her new MacBook last night so that I could help her files moved over from her old Windows PC. I haven’t upgraded yet (As much of an Apple fanboy as I am, I will readily admit that I usually wait until 10.x.2 before I buy anything of Apple’s…) and was a little confused at first because I could connect out from her machine via ssh and http, but couldn’t connect to other samba shares or connect to the machine with anything — even ping.

The gist: Leopard’s firewall is configured to be a black hole in the network by default in 10.5.2, and it doesn’t seem to flush when you turn on a file sharing option (including Samba and SSH) in the ‘Sharing’ panel. It required a reboot to flush the rules and to start accepting connections. Until I restarted her machine, I couldn’t shell in via ssh or even see SMB network shares on other computers on the network. I didn’t do any further diagnosing — I was kind of in a hurry to keep the shreds of my geek dignity intact.

Also, yes, if you do an ‘ipfw list’ — you’re gonna get told that it allows all. Apple’s firewall doesn’t use ipfw. It runs at the sockets layer instead of the ports layer. If you’re a nerd like I am and want to use ipfw, just set the Apple firewall to allow all and write your ipfw rules oldschool style.