Firewalls come in all shapes and sizes. Some are physical devices that sit between a computer or network and the Internet while others are software installed on individual machines. Regardless of their form, firewalls are designed to protect your computer from unauthorized access via its network/Internet connection.
While hardware firewalls are great for protecting all the computing devices in your home or office, they dont offer protection for mobile computers that use a variety of public and private wireless networks. For this, software firewalls installed on those computers are needed particularly on public networks where any computer connected to the same Wi-Fi hotspot can easily see and potentially access any other.
Mac OS Xs Built-in Firewall Mac OS X has shipped with a built-in firewall based on the Unix ipfw firewall for several years. Leopard introduced an adaptive firewall interface that is extremely easy for users to configure and work with. It doesnt offer the option to directly configure complex rules (just the ability to allow or deny incoming connections though you can modify the list of allowed or blocked applications making those connections fairly easily). Advanced users familiar with Unix will also find that ipfws full suite of options available from the command line.
While Apple did a good job in crafting a very easy-to-use firewall and one that is generally decent, itss limitations do show, particularly if you need to a firewall for any professional situation. At the very least, however, every Mac user should be using it.
Integos NetBarrier Intego again gets my props for its NetBarrier firewall. NetBarrier is designed to be easy to use (like Leopards built-in firewall), but is also designed to offer easy configuration of more complex rules from a Mac-like GUI. It also offers a number of pre-configured settings that can applicable to both home and education/business environments, including rules to block specific types of applications (such as peer-to-peer file sharing sites) and specific types of known threats (such as those posed by spyware).
In addition to being highly configurable and yet very easy to use, NetBarrier is a powerful tool for protecting a Mac. It offers a number of extra features beyond basic filtering of incoming and outgoing connections, including the ability to define specific sets of rules for different locations (home, office, public Wi-Fi, etc), and it shows you how much bandwidth is being used for various types of network access (web, email, iTunes file sharing, etc),
Norton Internet Security Suite Norton Internet Security is Symantecs firewall product for both the Mac and Windows. The suite offers a solid solution and integrates with Symantecs Deepsight blacklist, a global list of Internet addresses associated with various forms of network attack and malware distribution. Like NetBarrier, it also allows you to define different settings based on location.
Like NetBarrier, Norton Internet Security strives to offer powerful firewall rules and protection options in a simple manner that all users can comprehend and manage. The interface isnt quite as intuitive in my opinion, and it lacks some of the extra features that Intego built into NetBarrier. That said, it is still a powerful solution and offers a few features of its own, including a file guard technology for securing access to files on your hard drive.
DoorStop X From Open Door Networks. DoorStop X is a firewall that offers a more stripped down interface than either NetBarrier or Norton Internet Security. Instead of being focused on consumer-friendly interface elements and extra features, DoorStop X focuses on simply being a good firewall. It allows a decent set of rules and enables you to easily configure protection for common Mac services (such as web access and file sharing).
The downside is that DoorStop X is not as easy as NetBarrier or Norton to configure for novice computer users. For consumers looking for a very simple solution, this probably makes it a less desirable choice. For power users and technicians wanting something that allows easy configuration of the core features of a firewall without a lot of bells and whistles, this can actually make DoorStopX somewhat more appealing.
IPNetSentryX IPNetSentryX is a fourth firewall option for Mac OS X. It is a robust tool that operates slightly different from a traditional firewall. Typically, firewalls rely on a fixed set of rules to allow or deny connections (the default rule being to deny everything). IPNetSentryX does offer this, but its designed to run in an adaptive fashion, monitoring your network/Internet traffic but not blocking connections unless there is some suspicious activity (either defined by its default settings or by your custom rules).
Although its approach makes for a lightweight and adaptive product (and one which can be used for anything from simple protection to complex bandwidth management), IPNetSentryXs interface is probably the least user friendly of the firewalls available for Mac OS X. This can be off-putting to many users. However, if youre a power user or technician and want to leverage a number of complex firewall options, its worth checking out.
Whos There? A companion product to DoorStop X, Whos There? isn't a firewall itself, but rather an application that reads firewall logs and provides information and advice about the entries it finds. This can help you fine-tune your firewall settings and better understand how your firewall is protecting (or not protecting) your Mac.
Little Snitch Like Whos There?, Little Snitch isnt a firewall but a useful companion to one. But while Whos There? and your firewall logs can often inform you easily about incoming connections to your Mac, Little Snitch is focused on the opposite telling you what applications and services (such as file sharing or iTunes Music Sharing) your Mac is attempting to connect with on network resources or the Internet.
Since some malicious tools (or even legitimate software) installed on your Mac are typically allowed to make outgoing connections through a firewall, being aware of exactly what the software on your Mac is trying to do and who its trying to contact can be a great security aid.
Armed with the information that Little Snitch provides, you can craft better firewall rules if needed. You can also use it to turn off unused services (such as file sharing, screen sharing, or even iTunes) that could make your Mac more vulnerable to attack. It even provides a way of simply being aware how people using your Mac are accessing the Internet. All of these make Little Snitch a great Mac security aid.