Review: IPNetSentryX 1.6.5

OS X includes a basic firewall that helps to protect your Mac from a variety of outside intruders, such as hackers trying to run spam-spewing robots. In Leopard, though, the firewall-which is disabled by default-offers very little in the way of customization. At most you can specify programs and services (such as file sharing and screen sharing) to which outside connections are explicitly permitted or blocked. IPNetSentryX stands at the opposite end of the firewall software spectrum. The program from Sustainable Softworks has every bell and whistle that even the geekiest Mac user could hope for-and a complex user interface to match.

Although IPNetSentryX is a sort of jack of all trades when it comes to firewall software (which also includes monitoring, filtering, logging, notification, and bridging features), its most salient distinguishing characteristic is that it uses adaptive rather than fixed rules. Conventional firewalls usually start by disallowing all access, and then let the user selectively make exceptions for certain kinds of traffic on certain ports-for example, allowing SSH (secure shell) connections on port 22 for remote logins, or AFP (AppleTalk Filing Protocol) connections on port 548 for personal file sharing; conventional firewalls can also allow only certain IP addresses to access any port. IPNetSentryX can do all that too, in approximately the same way, but by default it takes a slicker approach: it constantly watches for various kinds of suspicious behavior and, when it occurs, instantly blocks the offending IP address from accessing a particular port or, in some cases, all ports.

For example, a built-in rule watches for any computer trying to make a telnet connection to your Mac. Because it would be unusual (and potentially unsafe) for the typical Mac user to be running a telnet server, IPNetSentryX assumes that any machine contacting your Mac in this way is up to no good, and it immediately adds the putative attacker’s IP address to a trigger list, completely blocking it from further access to any port on your Mac. The program can also detect signs of denial-of-service attacks, port scanning, worms, and other mischief, immediately taking corrective action without requiring manual configuration-and without preventing desirable network access from occurring normally.

This rundown is merely the thinnest dusting of snow on the tip of the iceberg, however. If you have sufficient networking mojo (or the patience to spend hours reading and experimenting), there’s no end to the cleverness or complexity of behaviors you can construct. You can define a deep hierarchy of rules, each containing a condition to check for (of which there are innumerable choices) and an action to take. When an undesirable access occurs, you’re not limited to blocking access; you can send an e-mail alert, run an AppleScript, visit a URL, log the attempt, delete a packet without notification, and do a great many other things too. Rules can be chained to produce multiple actions when a condition is met.

Going beyond ordinary firewall tasks, IPNetSentryX can do things like tailor bandwidth usage to your needs. For instance, if you back up your Mac over the Internet, you can restrict the amount of bandwidth your backup software uses so that enough is available for tasks such as sending e-mail or uploading videos to run at an acceptable rate. If you suspect your neighbors of using your AirPort network without your permission, IPNetSentryX can monitor your network and alert you when any unknown computer connects. IPNetSentryX also provides detailed reporting of exactly how your network is being used-showing traffic by service, port, network interface, and data quantity, and optionally logging all the details.

If you run IPNetSentryX with its basic default settings, it’ll do plenty of useful things. But if you want to branch out and explore any of its advanced capabilities, be prepared for some hair-pulling. The user interface is far from self-explanatory, and the documentation (in the form of an Apple Help guide) is fairly lightweight, considering the breadth and complexity of tasks the software can perform. In addition, a lot of the help is out of date-some pages haven’t been updated since 2004, and I found at least one reference to Jaguar’s firewall but not a single mention of the fact that Leopard’s built-in firewall is much different from those of all its predecessors.

The program also lacks polish in spots. For example, sometimes clicking Apply after changing settings also deselected the “IPNetSentry On” checkbox, seemingly disabling the software (though the firewall continued to work). Also, although the Read Me file gives instructions for running IPNetSentryX on startup, setting this up requires some manual steps, and even then, produces an alert at restart that a file’s permissions are incorrect-requiring yet another restart to fix it. For something as basic as running on startup, the program should automate the setup, taking care of all those messy details for you.

Macworld’s buying advice

The default settings in IPNetSentryX are designed for a basic home user, but the program’s extensive filtering, traffic-shaping, and monitoring capabilities make the most sense when used in a server environment. Even if you’re an experienced and fearless network administrator, the program’s complexities may give you pause; making IPNetSentryX intuitive or novice-friendly was clearly not a design priority. Considering what you can accomplish, though, the effort required to use the software is well rewarded.

[Joe Kissell is the senior editor of TidBits and the author of numerous e-books about OS X.]