You do have to know enough Mac to build things when no mac packages are available if you want to use arnos-iptables-firewall. I find it questionable to have intrusion detection in a firewall at all. That's the proper job of system integrity software not a firewall. For that the aide packages or shorewall or tripwire is more appropriate. The reason it's inappropriate to add mission creep to firewall software is very simple. When a hacker does break into your system, they'll completely disable only one package then all of that additional mission creep added into that single package is just as compromised as that firewall was. You could research honeypot software if you'd like to have some fun with the attackers as they crash your system too. On Sun, 31 Jul 2011, Robin Kipp wrote: > Hi Jude and Tim, > Jude, thanks for the tip! However, wouldn't a firewall based on iptables be a > bit primitive? After all, I guess the only thing I could do would be to block > certain ports, so no attack signatures, no intrusion detection etc? However, > I checked out Arnos-iptables, but I can't find a package for Mac. Am I > missing something? > Tim, sorry but I think that's not right, unfortunately. The firewall probably > asked you if those programs would be allowed to accept incoming connections, > not whether they should be allowed to access the internet. There's a free > firewall for the Mac called Little Snitch, but unfortunately that's totally > inaccessible. > Thanks! > Robin> > > Click on the link below to go to our homepage. > > http://www.icanworkthisthing.com > > > > Manage your subscription by using the web interface on the link below. > > //www.freelists.org/list/macvoiceover > > > > Users can subscribe to this list by sending email to > > macvoiceover-request@xxxxxxxxxxxxx > > with 'subscribe' in the Subject field OR by logging into the Web > > interface at //www.freelists.org/list/macvoiceover > > > > > > Click on the link below to go to our homepage. > http://www.icanworkthisthing.com > > Manage your subscription by using the web interface on the link below. > //www.freelists.org/list/macvoiceover > > Users can subscribe to this list by sending email to > macvoiceover-request@xxxxxxxxxxxxx > with 'subscribe' in the Subject field OR by logging into the Web > interface at //www.freelists.org/list/macvoiceover >