Applications Applicazioni
x x  
 WaterRoof and NoobProof

Comparison between WaterRoof and NoobProof

WaterRoof and NoobProof are two firewall configuration tool.
Mac OS X 10.4 and 10.5 come with a integrated kernel level network firewall called "ipfw" version 2. It is the same firewall as in FreeBSD 6.

In Mac OS X 10.4 the
firewall preference pane is very poor.
In Mac OS X 10.5 the firewall preference pane is related to "Appfirewall" and not "ipfw".
Appfirewall is the new application firewall in Leopard.
In Mac OS X 10.5 the "ipfw" network firewall is still there and is the same as "ipfw" in Mac OS X 10.4.
Mac OS X 10.6 and Mac OS X 10.5 uss the same firewalls.

• About Application Firewall

Network firewalls and application firewalls work together. They do different tasks, for example the network firewall can deny access to local or remote ftp server while the application firewall can deny connections to remote ftp servers using Fetch, but allow connections from Cyberduck or other ftp clients.
Network firewall usually works at lower level but this does not mean that network firewall overrides application firewall. A network connection can be denied by both application and network firewall.For example: if you allow all network connections in network firewall, and you deny connections from Firefox then you will not be able to browse the web with Firefox.
Another example: if you allow all connections from Firefox in application firewall and you deny all connections to remote ports 80 and 443 in network firewall you still wont be able to browse the web with Firefox.
WaterRoof and NoobProof are ipfw frontends. Application Firewall can be managed only by the System Preferences "Security" preference pane in Mac OS X 10.5.

• Why should you need a ipfw frontend?
ipfw configuration, setup and debug is tipically done with the shell terminal. It is the most reliable way, and if you have a strong knowledge of ipfw you should use only this way. But it is very slow.
With WaterRoof and NoobProof you can do your tasks very quickly and you don't need to man if you don't remember how do to something. You can see and analyze logs more easily than you would do in shell terminal. You can do many other things and very quickly. And you still can use a frontend and shell terminals together.

• WaterRoof, NoobProof... which is the right for me?
WaterRoof is a very complex and powerful tool, which allows you to configure almost every aspect and option of "ipfw". And more, you can list/manage active connections or network files, do graphics log analisys, configure your mac as a router with bandwidth management with stateful rules and tons of other options. You need a good knowledge of "what a firewall is", and you should also have at least a basic ipfw knowledge.
NoobProof is a very easy tool. When you start it the first time you have a service list and you can choose to "allow" or "deny" connections to those services. So you have only to decide which service to allow, and then check "Activate NoobProof". You can also add selective "allow" and "deny", and you can delete or add new custom services in service list.

NoobProof is the right solution for the average Mac user. WaterRoof is a tool for experienced network administrators.

NoobProof and WaterRoof are freeware and open-source applications.


WaterRoof homepage

NoobProof homepage



Static rules list x x
Customizable dynamic service list   x
Customizable rules builder x  
Startup Script and Startup configuration x x
Import and export firewall configuration x x
Bandwidth Management (Dummynet) x x
NAT setup (Network Address Translation) x  
Dynamic rules (stateful firewall) x x
Ready rule sets x  
Logs listing x x
Logs parsing and graphic statistics x  
Network connections and applications list x  
Network connections selective block or limit x  
Interface list and DNS/WHOIS queries x  
Configuration Wizard x x
Easy firewall configuration deployment x x

Need more info?