Existing users, 
 Flying Buttress - 1.4advanced configuration for OS X's built-in firewall |
|
||||||||||||||||
|
|||||||||||||||||
Feedback Summary:
| This Version: | |||||
| Overall Rating: | Not rated (0.0) | Features: | Not rated (0.0) | Support: | Not rated (0.0) |
| Ease of Use: | Not rated (0.0) | Quality / Stability: | Not rated (0.0) | Price: | Not rated (0.0) |
Key to Types of Feedback:
Reviews 
Troubleshooting 
Usage Tips 
Developer Notes 
Commentary 
Featured Reviews
Does not work 
- Version: 1.4, 2/15/2007 11:04AM PST
malamud
Most Recent Replies: View All 1 Replies
- Does not work
Perhaps this will be useful to those who still want to use this - Version: 1.3, 10/3/2005 03:58AM PST
adriatichouse_dotmac
As far as I can see to date, Brickhouse does the job well. I don't seem to be able to print from my iBook to my Mac Mini but I don't have Brickhouse installed on the Mac Mini at the minute and them both working with the same Firewall software might solve that problem.
no more support - Version: 1.3, 9/12/2005 12:38PM PST
ozean
This wouldn't be all that problematic if this app just worked - but it doesn't, especially under Tiger. (See two comments below.)
Brickhouse FAILED at grc.com Shields UP online tests - Version: 1.3, 8/28/2005 06:24AM PST
(0 of 2 users found this comment useful)
SWriter
Brickhouse is way too convoluted apparently and the defaults are useless because it always fails. How can just a regular person configure it to work correctly to provide true STEALTH firewall protection?
These are the typical, repeated FAILED results from GRC.com > Shields UP:
Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.
QUESTION: As a non-techie/non-expert, just a regular type of user: How do I configure Brickhouse so I don't get FAILED results? Because apparently the wizard / default settings (and the built-in apple OS X firewall settings) don't work to provide true STEALTH firewall protection, which I used to be able to automatically get in default mode under OS 9 and either NetBarrier or Norton Personal Firewall.
Shields UP can be found at https://www.grc.com/x/ne.dll?bh0bkyd2
Most Recent Replies: View All 2 Replies
10.3.9 - Version: 1.3, 7/3/2005 06:29PM PST
(5 of 5 users found this comment useful)
amcgeeTo solve this, your boot script needs to look like this (/Library/StartupItems/Firewall/Firewall):
#!/bin/sh
# Firewall Boot Script
# Generated by BrickHouse
. /etc/rc.common
#===========================================================
# Activate Firewall Filters
#===========================================================
ConsoleMessage "Activating Brickhouse Filters"
/sbin/ipfw -q /etc/firewall.conf
#===========================================================
# Enable IP Firewall Logging
#===========================================================
ConsoleMessage "Enabling Brickhouse Logging"
/usr/sbin/sysctl -w net.inet.ip.fw.verbose=1
/usr/sbin/sysctl -w net.inet.ip.fw.verbose_limit=65535
And your startup parameters file needs to look like this (/Library/StartupItems/Firewall/StartupParameters.plist):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Description</key>
<string>BrickHouse Firewall</string>
<key>Messages</key>
<dict>
<key>start</key>
<string>Activating Firewall</string>
<key>stop</key>
<string>Clearing Firewall</string>
</dict>
<key>OrderPreference</key>
<string>Late</string>
<key>Provides</key>
<array>
<string>Firewall</string>
</array>
<key>Requires</key>
<array>
<string>NetworkExtensions</string>
<string>Resolver</string>
<string>Super Server</string>
</array>
</dict>
</plist>
For the record, the Messages key in the parameters file has been deprecated by Apple and doesn't do anything, which is why normally you can't even tell if the rules have been applied. The addition of the ConsoleMessage commands in the actual script remedies that.
After making the changes and rebooting, you should now be able to look at the system.log and see if Brickhouse has loaded properly.
While Brickhouse is a great product, it's plain sloppy of the developer not to have corrected this by now.
Most Recent Replies: View All 6 Replies
- 10.3.9 (3 replies)
- 10.3.9 (3 replies)
nice start, needs work - Version: 1.3, 6/20/2005 08:53AM PST
(1 of 1 users found this comment useful)
dano30060. The author is unresponsive to emailed queries after two weeks.
1. When creating rules (filters), you cannot simultaneously create a rule to apply to both built-in Ethernet (en0) and wireless Ethernet (en1). The interface forces you to create a rule for one interface, then for the other. If you have a handcrafted custom ruleset that takes time to build, this will double your time. There should be an option in the GUI to apply rules to both (all) interfaces.
2. No matter the order in which you create custom rules, BrickHouse enters them in random order. You can drag and drop them into your preferred order, but this is extremely tedious and time consuming. An option to reorder the rules by port number (a standard method for configuring rules in the CLI) would be a big time saver instead of the current big time waster.
3. Editing rules by hand (either in the CLI or in BBEdit) and then reviewing them in BrickHouse causes the app to crash.
4. No longer works in 10.2.
5. Payment of the shareware fee does not seem to prompt any reply to queries about problems or suggestions for improvement.
Most Recent Replies: View All 2 Replies
stealthy - Version: 1.3, 4/14/2005 10:10PM PST
(0 of 1 users found this comment useful)
peterm555v1.3 killed my connection - Version: 1.3, 4/14/2005 09:37AM PST
Gulliver64
This software does not work anymore. For example, the firewall does not install itself as part of the boot process: you have to run the software each time, authenticate yourself, and hit "install."
If you're looking for something that works on a modern system, I'd recommend <a href="http://www.versiontracker.com/dyn/moreinfo/macosx/24156">Firewall Builder.</a>
IMHO, it is not exactly honest of Mr. Brian D. Hill, the developer, to be still taking money for software he is clearly not supporting anymore. (Yes, I did run the demo version before forking over my money, but only after using it for a while did I realize how bad it really is.)