![]() I was shocked to see that the Public profile, by default, allows inbound traffic for all pre-existing rules including file sharing, screen sharing and so on. All traffic is allowed outbound by default (which is fine), so it's not much of a test if we don't add more rules and see how they perform. So I pretend Work doesn't exist and go to modify the Public rules to allow specified traffic inbound on the utun1/WireGuard (public IP) interface. I only want Home and Public as I either trust a network or I don't - and if any other situation ever presented (eg in a hotel with my MacBook Pro) I'd make a custom profile for it to suit. The first annoyance is that default profiles can't be deleted. We'll go on to the rules, set them as desired and test: ![]() That said I noted that in the firewall settings under Interfaces only physical interfaces (Ethernet, Bluetooth, Wireless etc) are listed. Indeed, even with these zones specified and the interface being up, the app still doesn't know it's there:Īlas, this could just be a GUI quirk. As with the previous version, the zones required explicitly specifying as Eset still doesn't pop up a network detection dialogue when a PAN interface (eg utun1) makes a connection. 'Home' zone for the physical ethernet LAN subnet, 'WireGuard' zone to cover the VPN tunnel on utun1 (which brings a public ipv4 address to the local machine, hence the need for strict local firewalling), and 'VPN' as a catch-all for any other VPN address (IKEv2, WireGuard, OpenVPN) which all providers I use issue in the 10.0.0.0/8 range. Unfortunately, Eset Cyber Security Pro still has no fully manual/policy mode, unlike the Windows version, so I left the mode set to automatic with exceptions. With that in mind this is just a quick note of my experiences, sans my usual fully referenced, stated-methodology and formatted results etc reporting. With all due respect this is a brief ad-hoc test to check whether things have improved since my experience with the previous version. I downloaded the latest version and installed it for testing as requested. Thanks in advance.Ĭan you please try it with it and share your feedback with us? I did do a search before posting, but the one topic I saw asking this and a few other questions had all questions answered but this (most important!) one. Eset do make a nice GUI (and excellent AV) though, so that'd be icing on the cake. My question is, does Eset's Cyber Security Pro for Mac utilise macOS' underlying pf, or does it use a custom engine? I'm really hoping it just acts as a GUI front-end for pf, as it's such a feature rich, powerful and battle-tested firewall there's no real reason to change it. I'm more than capable of writing pf rulesets/conf files by hand, and always double-check the resulting pf.conf before pushing it into production, but a GUI is quicker to generate the initial config so whatever. ![]() ![]() On my MacBook Pro I currently use the excellent built-in pf firewall, with Murus Pro acting as front-end. It even now has a top-to-bottom ruleset like pf. Eset's Internet Security finally gave me the control I desired namely per-interface/IP zones and rules, to easily allow application-specific traffic over VPN interfaces but not the LAN/ISP etc. I get very frustrated by the firewall availability on Windows machines, as they're generally nowhere near as fine-grained or powerful as *nix offerings. I'm a long time user of pf on BSD and macOS, and iptables on Linux.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |