WaterRoof
Your rating: Now say why...

(3) 4.5

Firewall management front end.   Free
Add to my Watch List
Email me when discounted
WaterRoof is a ipfw firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, live connections blocks, predefined rule sets, wizard, logs, graphic report and statistics and other features.
  • uses Mac OS X built-in IPFW firewall. No kernel modules, no extensions, no pain. WaterRoof is free and open-source
  • the most advanced Mac OS X free graphic frontend for ipfw now features a new, clean interface. WaterRoof lets you create, modify, delete, move ipfw ipv4 and ipv6 rules very quickly.
  • designed for Mac OS X
What's New
Version 3.8:
  • full OS X 10.8 support
  • interface with bigger fonts
  • improved network interfaces list
  • fixed logs statistics for OS X 10.8
Requirements
Intel/PPC, OS X 10.5.8 or later



MacUpdate - WaterRoof



WaterRoof User Discussion (Write a Review)
ver. 3.x:
(3)
Your rating: Now say why...
Overall:
(7)

sort: smiles | time
burypromote
-2

+95
JCH2 commented on 06 May 2012
The downfall here is misunderstanding of daemons. Without a live daemon running, there's no in the moment warnings and options to cut off a program seeking to establishing and incoming or outgoing connection illicitly. This might useful for analyzing and setting up a default firewall configuration with greater control than the dumbed down swiss cheese setup that comes default in OS X. But without the assistance of a daemon, even running into a java applet on a web page won't always trigger a warning to do something about it.

No, doesn't hold a candle to any form of live defense, such as in Little Snitch.
[Version 3.7]

4 Replies

burypromote
-4

-1277
Libertyforall1776 replied on 06 May 2012
Little Snitch is for outgoing connections only...
burypromote
+4
Hanynet.com (developer) replied on 06 May 2012
"There's no in the moment warnings and options to cut off a program seeking to establishing and incoming or outgoing connection illicitly".
False. Anyway this is not the purpose of IPFW, which is the network firewall that Apple included in Mac OS X since 2001. And it is not the purpose of WaterRoof, even if WaterRoof adds to OSX an easy way to monitor IPFW logs in real time. This is a way to get notified about wanted/unwanted connections using IPFW, but you should use it only to debug IPFW rulesets and not for your every day use. Checking for "program seeking to establishing connections" is exactly the purpose of application firewalls, not network firewalls.

Since OSX 10.5 there's NO way to configure IPFW with the OSX GUI. The OSX firewall preferences panes are about ALF, the application layer firewall, while IPFW is a network firewall. WaterRoof is a frontend for IPFW.

You simply can't compare a network firewall (IPFW) and an application firewall (LittleSnitch or ALF). They do completely different things. All network firewalls work like IPFW. And all application firewalls work like LittleSnitch.
If you need "live defense" then you should use an application firewall. Anyway you should read documentation about network firewalls and application firewalls and understand how they work before making any choice. Adding a "daemon" to WaterRoof has absolutely no sense. IPFW has been deprecated in OSX 10.7 so it will soon disappear from OSX. The new default network firewall for OSX is PF. PF is different from IPFW but it works the same way as IPFW. There are rules (static or dynamic) and logs. There's no "daemon". :-)
burypromote

+6
H3L0 replied on 10 Sep 2012
@Libertyforall1776 Little Snitch now has incoming firewall, but is still lacking the ability to bock IP addressees.
burypromote
+1

+95
JCH2 replied on 10 Sep 2012
Hanynet: You bring up some useful points here that have to be acknowledged... which I didn't. Good information worth sharing, though it still doesn't change my view on the app.

But thanks just same for the explanation, as it was much more useful that the petty little smiley wars that too often occur here at Mac Update.
burypromote
+1

+1
goldenthal.g commented on 08 Apr 2012
Declining vision requires scalability wrt this otherwise very interesting-looking program (and only one other so far). The "zoom" merely takes up more screen real estate, does not enlarge fonts too, so no improvement. I know I can change the resolution settings of my monitor, but that is a nuisance for, so far, only Water Roof and Pure Music.
[Version 3.6]

1 Reply

burypromote

+99
lamontDakota replied on 20 Sep 2013
Will you compare the cost of PureMusic to that of WaterRoof?
burypromote
+10

+35
Ericob commented on 28 Jan 2010
Creating names for new, specialized, software products is difficult. I have to say that "Water" + "Roof" is a pretty clever twist on "Fire" + "Wall." And this from someone who does not use English as their primary language! Pretty good... :)
[Version 3.0]


burypromote
-6

+20
Aikousha commented on 23 Jan 2009
Definitely doesn't work for me. Won't save rules, locks up with scripting errors after 4th block attempt, after crash (about 5 minutes after lockup), will not restart (icon appears in dock but nothing else happens, and this then creates a situation where a power-button restart is required).
This is off a clean install of 10.4.11, so I can't understand what is going wrong.
[Version 2.1]

1 Reply

burypromote
+4
Anonymous commented on 02 Apr 2009
Those issues must be related with your "clean install of 10.4.11". WaterRoof has been tested and reported to work on both Mac OS X 10.4 and 10.5. If you need help please contact me and I'll try to understand why you are experiencing such problems. There are minor bugs in latest version but you are the first user since 2 years reporting those strange behaviours.
burypromote
+1

+62
nicolasd commented on 13 Dec 2007
thank goodness this is a free app! thanks so much to the developer for the effort! it is appreciated more than you know.
[Version 2.0]

2 Replies

burypromote
+2

+403
MacUpdate-Lon replied on 13 Dec 2007
There is a PayPal button for donations at the developer's website if you feel inclined to donate.
burypromote
+5
Hanynet.com (developer) replied on 14 Dec 2007
Thank you nicolasd, I think we are part of a great community made of great people.
Security is a issue for everyone, and I think that security tools must be free and open-source. This is the only way to achieve the best results.
I would like to say thanks to every friend that helped me with code and beta testing.
I don't consider WaterRoof and NoobProof as 'my effort' but as 'community needs satisfied by community members.'
My english is very bad, anyway I hope you understand my words.
Regards from Italy

Hany
burypromote
+1
Hanynet.com (developer) commented on 05 Nov 2007
Now up and running, sorry about that.
[Version 1.9]


burypromote

+12
xypher commented on 04 Nov 2007
Just released and the link is down?
[Version 1.9]

2 Replies

burypromote

+403
MacUpdate-Lon replied on 04 Nov 2007
So it seems. I was able to download the file at the time it was posted today, now no can do.
burypromote
+1

+403
MacUpdate-Lon commented on 05 Nov 2007
The developer would like you and everyone else to know that the problem has been rectified and the file is now available again.
burypromote

+21
Likos commented on 31 Aug 2007
Thanks for a useful tool. If time permits can you please consider adding port knocking to the list of features?
[Version 1.8]


burypromote

PTBCMac reviewed on 09 Aug 2007
Easy to use and full of interesting features. We all have been waiting for a long time, but now we have a good firewall interface for osx.
[Version 1.8]


burypromote
-1

-1

moire reviewed on 18 Jul 2007
This program is quite simply a gui for the ipfw command prompt firewall program. If you don't understand ipfw this program won't help you as the manual is too vague. If this is the case for you you'll be better off sharpening your ipfw skills by manipulating the command line form of ipfw as that is the true way of learning and mastering ipfw.
[Version 1.7]

2 Replies

burypromote
+5
Hanynet.com (developer) replied on 28 Sep 2007
"This program is quite simply a gui for the ipfw command prompt firewall program."

Yes, it is. This is the correct definition of "frontend". WaterRoof is a frontend.

"If you don't understand ipfw this program won't help you as the manual is too vague."

Yes, of course, WaterRoof manual is not IPFW manual. The User manual for WaterRoof is useful for people that want to use my application. If you need to learn IPFW, you need an IPFW manual.

"If this is the case for you you'll be better off sharpening your ipfw skills by manipulating the command line form of ipfw as that is the true way of learning and mastering ipfw"

Yes of course. If you need to add a rule, you can do it using the terminal. It's better.
If you want to change rules order quickly, you want to update dyn.rules often, you want to search logs and see stats/graphs... so you NEED a frontend. If you want to add/remove startup quickly, configure NAT easily, redirect ports, change bandwidth policies... you NEED a frontend.

WaterRoof is a frontend for ipfw, so you must know how to use ipfw. Once you know it, you can speed up your tasks using an ipfw frontend.

Easy.
burypromote
+1

+99
lamontDakota replied on 20 Sep 2013
"you'll be better off sharpening your ipfw skills" Just as you'll be better off sharpening your fire-starting skills instead of flicking your Bic.
burypromote

+1
Daniel Albaugh had trouble on 17 Jul 2011
When I click "Generate graphic report' , I get the error

The file /Applications/WaterRoof.app/Contents/Resources/fwanalog/out/alldates.html does not exist. (1)

Sure enough, you can only get as far as /Applicatons/WaterRoof.app/Contents/Resources/fwanalog. Hany, can this be fixed?
[Version 3.3]

1 Reply

burypromote
Hanynet.com (developer) replied on 20 Jul 2011
This error occurs when log file is empty or when it contains only logs from application level firewall and not ipfw. To generate a graphic report you need /var/log/appfirewall.log to be populated with ipfw logs. Please check the contextual help button in waterroof logs window.
Graphic report is saved in /Applications/WaterRoof.app/Contents/Resources/fwanalog/out/ and can be optionally exported to desktop. To make a simple test do the following:
flush rules, add one rule:
1000 deny log ip from any 80 to me
enable firewall logging, open safari and try to browse 3-4 web sites; they should not load; flush your rules and check logs, then generate a graphic report.
burypromote
variac had trouble on 20 Sep 2007
Is it possible to have a waterRoof version that will run on MAC OS 10.3
[Version 1.8]

1 Reply

burypromote
+2
Hanynet.com (developer) replied on 28 Sep 2007
I'm sorry but Mac OS X 10.3 features ipfw version 1 which lacks many options compared to ipfw version 2 found in Tiger. Mac OS X 10.3 is old and the applescript subsystem is not as stable as for Mac OS X 10.4. And anyway it is not suitable for WaterRoof.
For these reasons the minumum requirements for WaterRoof is Mac OS X 10.4.

+26

Runtime rated on 02 Nov 2013

[Version 3.8]



+8

Widber rated on 19 Feb 2012

[Version 3.5]



+7

Gazzmanzx6 rated on 08 Dec 2010

[Version 3.2]


Downloads:46,766
Version Downloads:7,384
Type:Internet : Internet Utilities
License:Free
Date:18 Dec 2012
Platform:PPC 32 / Intel 32 / OS X
Price:Free0.00
Overall (Version 3.x):
Features:
Ease of Use:
Value:
Stability:
Displaying 1-10 of 15
1 2 >
Displaying 1-2 of 2
Displaying 1-3 of 3
-
-
-
Please login or create a new
MacUpdate Member account
to use this feature
Watch Lists are available to
MacUpdate Desktop Members
Upgrade Now
Install with MacUpdate Desktop.
Save time moving files & cleaning
up space wasting archives.
WaterRoof is a ipfw firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, live connections blocks, predefined rule sets, wizard, logs, graphic report and statistics and other features.
  • uses Mac OS X built-in IPFW firewall. No kernel modules, no extensions, no pain. WaterRoof is free and open-source
  • the most advanced Mac OS X free graphic frontend for ipfw now features a new, clean interface. WaterRoof lets you create, modify, delete, move ipfw ipv4 and ipv6 rules very quickly.
  • designed for Mac OS X and Mac OS X Server
  • build ipfw rules easily with the new simplified interface and the IPFW Rules Translator. Building ipfw rules now is easier than ever
  • scan your mac for running network services and filter open ports with one mouse click
  • list and ban remote hosts connected to your mac
  • watch and parse firewall logs, create raw and graphic statistics
  • look at active network connections, block them or limit their bandwidth on-the-fly with the connection inspector
  • list all processes that make or listen for network connections
  • Backup and deploy firewall rules with WaterRoof Injectors
  • manage Network Address Translation (NAT) daemon: create a dual-homed firewall/nat/router with port redirection and forwarding
  • Manage rules on Mac OS X Server: WaterRoof is fully integrated with Server Admin
  • Manage NAT Port Forwarding (including Mac OS X Server 10.7 Lion)
  • Configure a dual homed NAT firewall/router with Mac OS X Server 10.7 Lion: set up *working* port forwarding directives and choose your favourite IP range for your LAN interface and clients
  • deploy firewall configuration using WaterRoof Injectors
  • Import and export firewall configurations
  • Quick dns reverse and whois choosing from a list of whois servers
  • manage network bandwidth with dummynet pipes
  • check live dynamic rules (IPFW States) created by stateful firewall rules
  • import rules from NoobProof Injectors
  • keep your favourite firewall rules active at system boot
  • explore and test ipfw with configuration wizard and ready rule sets
  • tested on 10.6.8 and 10.7.3 (client/server), runs on 10.8DP3 too.
  • concept and code by Hany El Imam
  • It's free !! We accept PayPal donations to hany@hanynet.com and BitCoin donations to 16UvmZcqEEYT5gYrTaGrh82d12726fQi5x . Thank you.


With WaterRoof you can set up the IPFW built-in firewall easily and quickly. With the NAT Setup feature you can fine-tune your Internet sharing for the home LAN, or you can also set up a full-featured dual-homed firewall for your network.Rules and network option can be stored and loaded at boot time.

WaterRoof is only a frontend so it makes use of system tools: this means that when you have finished configuring/testing your firewall, you can safely delete WaterRoof from your system, without loosing your rules. Bandwidth settings, firewall rules, NAT rules, forwarding, logging and other options will be preserved and activated at boot using launchd, following Apple guidelines.This means that WaterRoof is quite safe because it does not install any strange kernel extension or background daemon. You can also download and check WaterRoof source code, it's open.

WaterRoof can be used to learn how ipfw works: you can use predefined rule sets to test firewall behaviour, or you can use the wizard to start from scratch with a step-by-step configuration.But WaterRoof can also be used to deeply configure a ipfw firewall/router, using every ipfw option including traffic shaping (dummynet queues).

English documentation included. Source code available at my Web site. WaterRoof is freeware and open-source.


- -