WaterRoof
WaterRoof
3.8

4.3

WaterRoof free download for Mac

WaterRoof

3.8
18 December 2012

Firewall management front end.

Overview

WaterRoof is a ipfw firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, live connections blocks, predefined rule sets, wizard, logs, graphic report and statistics and other features.

  • uses Mac OS X built-in IPFW firewall. No kernel modules, no extensions, no pain. WaterRoof is free and open-source
  • the most advanced Mac OS X free graphic frontend for ipfw now features a new, clean interface. WaterRoof lets you create, modify, delete, move ipfw ipv4 and ipv6 rules very quickly.
  • designed for Mac OS X and Mac OS X Server
  • build ipfw rules easily with the new simplified interface and the IPFW Rules Translator. Building ipfw rules now is easier than ever
  • scan your mac for running network services and filter open ports with one mouse click
  • list and ban remote hosts connected to your mac
  • watch and parse firewall logs, create raw and graphic statistics
  • look at active network connections, block them or limit their bandwidth on-the-fly with the connection inspector
  • list all processes that make or listen for network connections
  • Backup and deploy firewall rules with WaterRoof Injectors
  • manage Network Address Translation (NAT) daemon: create a dual-homed firewall/nat/router with port redirection and forwarding
  • Manage rules on Mac OS X Server: WaterRoof is fully integrated with Server Admin
  • Manage NAT Port Forwarding (including Mac OS X Server 10.7 Lion)
  • Configure a dual homed NAT firewall/router with Mac OS X Server 10.7 Lion: set up *working* port forwarding directives and choose your favourite IP range for your LAN interface and clients
  • deploy firewall configuration using WaterRoof Injectors
  • Import and export firewall configurations
  • Quick dns reverse and whois choosing from a list of whois servers
  • manage network bandwidth with dummynet pipes
  • check live dynamic rules (IPFW States) created by stateful firewall rules
  • import rules from NoobProof Injectors
  • keep your favourite firewall rules active at system boot
  • explore and test ipfw with configuration wizard and ready rule sets
  • tested on 10.6.8 and 10.7.3 (client/server), runs on 10.8DP3 too.
  • concept and code by Hany El Imam
  • It's free !! We accept PayPal donations to hany@hanynet.com and BitCoin donations to 16UvmZcqEEYT5gYrTaGrh82d12726fQi5x . Thank you.

With WaterRoof you can set up the IPFW built-in firewall easily and quickly. With the NAT Setup feature you can fine-tune your Internet sharing for the home LAN, or you can also set up a full-featured dual-homed firewall for your network.Rules and network option can be stored and loaded at boot time.

WaterRoof is only a frontend so it makes use of system tools: this means that when you have finished configuring/testing your firewall, you can safely delete WaterRoof from your system, without loosing your rules. Bandwidth settings, firewall rules, NAT rules, forwarding, logging and other options will be preserved and activated at boot using launchd, following Apple guidelines.This means that WaterRoof is quite safe because it does not install any strange kernel extension or background daemon. You can also download and check WaterRoof source code, it's open.

WaterRoof can be used to learn how ipfw works: you can use predefined rule sets to test firewall behaviour, or you can use the wizard to start from scratch with a step-by-step configuration.But WaterRoof can also be used to deeply configure a ipfw firewall/router, using every ipfw option including traffic shaping (dummynet queues).

English documentation included. Source code available at my Web site. WaterRoof is freeware and open-source.

What's new in WaterRoof

Version 3.8:
  • Full OS X 10.8 support
  • Interface with bigger fonts
  • Improved network interfaces list
  • Fixed logs statistics for OS X 10.8

17 WaterRoof Reviews

See all

Rate this app:

Ericob
28 January 2010

Most helpful

Creating names for new, specialized, software products is difficult. I have to say that "Water" + "Roof" is a pretty clever twist on "Fire" + "Wall." And this from someone who does not use English as their primary language! Pretty good... :)
Like (10)
Version 3.0
The downfall here is misunderstanding of daemons. Without a live daemon running, there's no in the moment warnings and options to cut off a program seeking to establishing and incoming or outgoing connection illicitly. This might useful for analyzing and setting up a default firewall configuration with greater control than the dumbed down swiss cheese setup that comes default in OS X. But without the assistance of a daemon, even running into a java applet on a web page won't always trigger a warning to do something about it. No, doesn't hold a candle to any form of live defense, such as in Little Snitch.
Like
Version 3.7
4 answer(s)
Libertyforall1776
Libertyforall1776
06 May 2012
Little Snitch is for outgoing connections only...
Like (2)
Hanynet.com
Hanynet.com
06 May 2012
"There's no in the moment warnings and options to cut off a program seeking to establishing and incoming or outgoing connection illicitly". False. Anyway this is not the purpose of IPFW, which is the network firewall that Apple included in Mac OS X since 2001. And it is not the purpose of WaterRoof, even if WaterRoof adds to OSX an easy way to monitor IPFW logs in real time. This is a way to get notified about wanted/unwanted connections using IPFW, but you should use it only to debug IPFW rulesets and not for your every day use. Checking for "program seeking to establishing connections" is exactly the purpose of application firewalls, not network firewalls. Since OSX 10.5 there's NO way to configure IPFW with the OSX GUI. The OSX firewall preferences panes are about ALF, the application layer firewall, while IPFW is a network firewall. WaterRoof is a frontend for IPFW. You simply can't compare a network firewall (IPFW) and an application firewall (LittleSnitch or ALF). They do completely different things. All network firewalls work like IPFW. And all application firewalls work like LittleSnitch. If you need "live defense" then you should use an application firewall. Anyway you should read documentation about network firewalls and application firewalls and understand how they work before making any choice. Adding a "daemon" to WaterRoof has absolutely no sense. IPFW has been deprecated in OSX 10.7 so it will soon disappear from OSX. The new default network firewall for OSX is PF. PF is different from IPFW but it works the same way as IPFW. There are rules (static or dynamic) and logs. There's no "daemon". :-)
Like (7)
H3L0
H3L0
10 September 2012
@Libertyforall1776 Little Snitch now has incoming firewall, but is still lacking the ability to bock IP addressees.
Like (1)
anonymous-dingo-653
anonymous-dingo-653
10 September 2012
Hanynet: You bring up some useful points here that have to be acknowledged... which I didn't. Good information worth sharing, though it still doesn't change my view on the app. But thanks just same for the explanation, as it was much more useful that the petty little smiley wars that too often occur here at Mac Update.
Like (1)
goldenthal-g
08 April 2012
Declining vision requires scalability wrt this otherwise very interesting-looking program (and only one other so far). The "zoom" merely takes up more screen real estate, does not enlarge fonts too, so no improvement. I know I can change the resolution settings of my monitor, but that is a nuisance for, so far, only Water Roof and Pure Music.
Like (1)
Version 3.6
1 answer(s)
hwgray
hwgray
20 September 2013
Will you compare the cost of PureMusic to that of WaterRoof?
Like
Daniel-Albaugh
17 July 2011
When I click "Generate graphic report' , I get the error The file /Applications/WaterRoof.app/Contents/Resources/fwanalog/out/alldates.html does not exist. (1) Sure enough, you can only get as far as /Applicatons/WaterRoof.app/Contents/Resources/fwanalog. Hany, can this be fixed?
Like
Version 3.3
1 answer(s)
Hanynet.com
Hanynet.com
20 July 2011
This error occurs when log file is empty or when it contains only logs from application level firewall and not ipfw. To generate a graphic report you need /var/log/appfirewall.log to be populated with ipfw logs. Please check the contextual help button in waterroof logs window. Graphic report is saved in /Applications/WaterRoof.app/Contents/Resources/fwanalog/out/ and can be optionally exported to desktop. To make a simple test do the following: flush rules, add one rule: 1000 deny log ip from any 80 to me enable firewall logging, open safari and try to browse 3-4 web sites; they should not load; flush your rules and check logs, then generate a graphic report.
Like
Ericob
28 January 2010
Creating names for new, specialized, software products is difficult. I have to say that "Water" + "Roof" is a pretty clever twist on "Fire" + "Wall." And this from someone who does not use English as their primary language! Pretty good... :)
Like (10)
Version 3.0
Aikousha
23 January 2009
Definitely doesn't work for me. Won't save rules, locks up with scripting errors after 4th block attempt, after crash (about 5 minutes after lockup), will not restart (icon appears in dock but nothing else happens, and this then creates a situation where a power-button restart is required). This is off a clean install of 10.4.11, so I can't understand what is going wrong.
Like
Version 2.1
1 answer(s)
Anonymous
Anonymous
02 April 2009
Those issues must be related with your "clean install of 10.4.11". WaterRoof has been tested and reported to work on both Mac OS X 10.4 and 10.5. If you need help please contact me and I'll try to understand why you are experiencing such problems. There are minor bugs in latest version but you are the first user since 2 years reporting those strange behaviours.
Like (4)
Version 2.1
Nicolasd
13 December 2007
thank goodness this is a free app! thanks so much to the developer for the effort! it is appreciated more than you know.
Like (2)
Version 2.0
2 answer(s)
MacUpdate-Lon
MacUpdate-Lon
13 December 2007
There is a PayPal button for donations at the developer's website if you feel inclined to donate.
Like (2)
Version 2.0
Hany
Hany
14 December 2007
Thank you nicolasd, I think we are part of a great community made of great people. Security is a issue for everyone, and I think that security tools must be free and open-source. This is the only way to achieve the best results. I would like to say thanks to every friend that helped me with code and beta testing. I don't consider WaterRoof and NoobProof as 'my effort' but as 'community needs satisfied by community members.' My english is very bad, anyway I hope you understand my words. Regards from Italy Hany
Like (6)
Version 2.0
Hany
05 November 2007
Now up and running, sorry about that.
Like (2)
Version 1.9
Xypher
04 November 2007
Just released and the link is down?
Like
Version 1.9
1 answer(s)
MacUpdate-Lon
MacUpdate-Lon
04 November 2007
So it seems. I was able to download the file at the time it was posted today, now no can do.
Like
Version 1.9
Variac
20 September 2007
Is it possible to have a waterRoof version that will run on MAC OS 10.3
Like
Version 1.8
1 answer(s)
Hany
Hany
28 September 2007
I'm sorry but Mac OS X 10.3 features ipfw version 1 which lacks many options compared to ipfw version 2 found in Tiger. Mac OS X 10.3 is old and the applescript subsystem is not as stable as for Mac OS X 10.4. And anyway it is not suitable for WaterRoof. For these reasons the minumum requirements for WaterRoof is Mac OS X 10.4.
Like (2)
Version 1.8
Likos
31 August 2007
Thanks for a useful tool. If time permits can you please consider adding port knocking to the list of features?
Like
Version 1.8
Free

4.3

App requirements: 
  • Intel 32
  • PPC 32
  • Mac OS X 10.5.8 or later
Developer Website: 
Download(2.9 MB)MacUpdateInstall with MacUpdate

Downloaded & Installed 52,733 times