(2)
Your rating: Now say why...
WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, live connections blocks, predefined rule sets, wizard, logs, graphic report and statistics and other features.
- uses Mac OS X built-in IPFW firewall. No kernel modules, no extensions, no pain. WaterRoof is free and open-source
- the most advanced Mac OS X free graphic frontend for ipfw now features a new, clean interface. WaterRoof lets you create, modify, delete, move ipfw ipv4 and ipv6 rules very quickly.
- designed for Mac OS X and Mac OS
What's New
Version 3.7:
- improved connection inspector
- added confirmation dialogs
- bugs fixed
Requirements
PPC / Intel, Mac OS X 10.5.8 or later
PPC / Intel, Mac OS X 10.5.8 or later
NetBarrier X5+3
IceFloor+3 
VirusBarrier X...+2 
NoobProof+2 
VirusBarrier P...+1 
DoorStop X Sec...+1
WaterRoof User Discussion (Write a Review)
Overall:
(6)
(6)
| Downloads:36,234 |
| Version Downloads:2,163 |
| Type:Internet : Internet Utilities |
| License:Free |
| Date:05 May 2012 |
| Platform:PPC / Intel |
| Price:Free |
Overall (Version 3.x):  |
Features: |
| Ease of Use: |
| Value: |
| Stability: |
Displaying 1-10 of 15
-
-
-
WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, live connections blocks, predefined rule sets, wizard, logs, graphic report and statistics and other features.
With WaterRoof you can set up the IPFW built-in firewall easily and quickly. With the NAT Setup feature you can fine-tune your internet sharing for the home LAN, or you can also set up a full-featured dual-homed firewall for your network.Rules and network option can be stored and loaded at boot time.
WaterRoof is only a frontend so it makes use of system tools: this means that when you have finished configuring/testing your firewall, you can safely delete WaterRoof from your system, without loosing your rules. Bandwidth settings, firewall rules, NAT rules, forwarding, logging and other options will be preserved and activated at boot using launchd, following Apple guidelines.This means that WaterRoof is quite safe because it does not install any strange kernel extension or background daemon. You can also download and check WaterRoof source code, it's open.
WaterRoof can be used to learn how ipfw works: you can use predefined rule sets to test firewall behaviour, or you can use the wizard to start from scratch with a step-by-step configuration.But WaterRoof can also be used to deeply configure a ipfw firewall/router, using every ipfw option including traffic shaping (dummynet queues).
English documentation included. Source code available at my web site. WaterRoof is freeware and open-source.
- uses Mac OS X built-in IPFW firewall. No kernel modules, no extensions, no pain. WaterRoof is free and open-source
- the most advanced Mac OS X free graphic frontend for ipfw now features a new, clean interface. WaterRoof lets you create, modify, delete, move ipfw ipv4 and ipv6 rules very quickly.
- designed for Mac OS X and Mac OS X Server
- build ipfw rules easily with the new simplified interface and the IPFW Rules Translator. Building ipfw rules now is easier than ever
- scan your mac for running network services and filter open ports with one mouse click
- list and ban remote hosts connected to your mac
- watch and parse firewall logs, create raw and graphic statistics
- look at active network connections, block them or limit their bandwidth on-the-fly with the connection inspector
- list all processes that make or listen for network connections
- Backup and deploy firewall rules with WaterRoof Injectors
- manage Network Address Translation (NAT) daemon: create a dual-homed firewall/nat/router with port redirection and forwarding
- Manage rules on Mac OS X Server: WaterRoof is fully integrated with Server Admin
- Manage NAT Port Forwarding (including Mac OS X Server 10.7 Lion)
- Configure a dual homed NAT firewall/router with Mac OS X Server 10.7 Lion: set up *working* port forwarding directives and choose your favourite IP range for your LAN interface and clients
- deploy firewall configuration using WaterRoof Injectors
- Import and export firewall configurations
- Quick dns reverse and whois choosing from a list of whois servers
- manage network bandwidth with dummynet pipes
- check live dynamic rules (IPFW States) created by stateful firewall rules
- import rules from NoobProof Injectors
- keep your favourite firewall rules active at system boot
- explore and test ipfw with configuration wizard and ready rule sets
- tested on 10.6.8 and 10.7.3 (client/server), runs on 10.8DP3 too.
- concept and code by Hany El Imam
- It's free !! We accept PayPal donations to hany@hanynet.com and BitCoin donations to 16UvmZcqEEYT5gYrTaGrh82d12726fQi5x . Thank you.
With WaterRoof you can set up the IPFW built-in firewall easily and quickly. With the NAT Setup feature you can fine-tune your internet sharing for the home LAN, or you can also set up a full-featured dual-homed firewall for your network.Rules and network option can be stored and loaded at boot time.
WaterRoof is only a frontend so it makes use of system tools: this means that when you have finished configuring/testing your firewall, you can safely delete WaterRoof from your system, without loosing your rules. Bandwidth settings, firewall rules, NAT rules, forwarding, logging and other options will be preserved and activated at boot using launchd, following Apple guidelines.This means that WaterRoof is quite safe because it does not install any strange kernel extension or background daemon. You can also download and check WaterRoof source code, it's open.
WaterRoof can be used to learn how ipfw works: you can use predefined rule sets to test firewall behaviour, or you can use the wizard to start from scratch with a step-by-step configuration.But WaterRoof can also be used to deeply configure a ipfw firewall/router, using every ipfw option including traffic shaping (dummynet queues).
English documentation included. Source code available at my web site. WaterRoof is freeware and open-source.
Copyright © 2012 MacUpdate LLC
- -
-1
+31
No, doesn't hold a candle to any form of live defense, such as in Little Snitch.
-1443
+1
False. Anyway this is not the purpose of IPFW, which is the network firewall that Apple included in Mac OS X since 2001. And it is not the purpose of WaterRoof, even if WaterRoof adds to OSX an easy way to monitor IPFW logs in real time. This is a way to get notified about wanted/unwanted connections using IPFW, but you should use it only to debug IPFW rulesets and not for your every day use. Checking for "program seeking to establishing connections" is exactly the purpose of application firewalls, not network firewalls.
Since OSX 10.5 there's NO way to configure IPFW with the OSX GUI. The OSX firewall preferences panes are about ALF, the application layer firewall, while IPFW is a network firewall. WaterRoof is a frontend for IPFW.
You simply can't compare a network firewall (IPFW) and an application firewall (LittleSnitch or ALF). They do completely different things. All network firewalls work like IPFW. And all application firewalls work like LittleSnitch.
If you need "live defense" then you should use an application firewall. Anyway you should read documentation about network firewalls and application firewalls and understand how they work before making any choice. Adding a "daemon" to WaterRoof has absolutely no sense. IPFW has been deprecated in OSX 10.7 so it will soon disappear from OSX. The new default network firewall for OSX is PF. PF is different from IPFW but it works the same way as IPFW. There are rules (static or dynamic) and logs. There's no "daemon". :-)
+9
+33
-6
+20
This is off a clean install of 10.4.11, so I can't understand what is going wrong.
+4
+1
+71
+2
+334
+4
Security is a issue for everyone, and I think that security tools must be free and open-source. This is the only way to achieve the best results.
I would like to say thanks to every friend that helped me with code and beta testing.
I don't consider WaterRoof and NoobProof as 'my effort' but as 'community needs satisfied by community members.'
My english is very bad, anyway I hope you understand my words.
Regards from Italy
Hany
+1
+6
+334
+1
+334
+15
PTBCMac reviewed on 09 Aug 2007
-1
moire reviewed on 18 Jul 2007
+4
Yes, it is. This is the correct definition of "frontend". WaterRoof is a frontend.
"If you don't understand ipfw this program won't help you as the manual is too vague."
Yes, of course, WaterRoof manual is not IPFW manual. The User manual for WaterRoof is useful for people that want to use my application. If you need to learn IPFW, you need an IPFW manual.
"If this is the case for you you'll be better off sharpening your ipfw skills by manipulating the command line form of ipfw as that is the true way of learning and mastering ipfw"
Yes of course. If you need to add a rule, you can do it using the terminal. It's better.
If you want to change rules order quickly, you want to update dyn.rules often, you want to search logs and see stats/graphs... so you NEED a frontend. If you want to add/remove startup quickly, configure NAT easily, redirect ports, change bandwidth policies... you NEED a frontend.
WaterRoof is a frontend for ipfw, so you must know how to use ipfw. Once you know it, you can speed up your tasks using an ipfw frontend.
Easy.
+1
The file /Applications/WaterRoof.app/Contents/Resources/fwanalog/out/alldates.html does not exist. (1)
Sure enough, you can only get as far as /Applicatons/WaterRoof.app/Contents/Resources/fwanalog. Hany, can this be fixed?
Graphic report is saved in /Applications/WaterRoof.app/Contents/Resources/fwanalog/out/ and can be optionally exported to desktop. To make a simple test do the following:
flush rules, add one rule:
1000 deny log ip from any 80 to me
enable firewall logging, open safari and try to browse 3-4 web sites; they should not load; flush your rules and check logs, then generate a graphic report.
+2
For these reasons the minumum requirements for WaterRoof is Mac OS X 10.4.
+3
Widber rated on 19 Feb 2012
+7
Gazzmanzx6 rated on 08 Dec 2010