Exploring the Mac OS X Firewall
Subject:   Firewalls and Internet Sharing
Date:   2005-03-18 05:23:46
From:   peterhickman
Response to: Firewalls and Internet Sharing

The problem is that when you do internet sharing OS X does not create any special rules for the computers who are accessing the internet through the master computer. The rules for inbound packets are the same for access to your computer from the outside as they are for the sharees. I have found that as I only expose http and ssh then computers that are accessing the internet via my computer can only access http and ssh. What I do is add an extra rule to allow https access to my computer from the airport card so that my wife can access the shopping sites.

allow tcp from any to any https in via en1

Depending on how you feel about the people connecting to your computer you would need to set up a rule for each protocol that they are allowed to use or add a generic rule like

allow tcp from any to any in via en1

but this way you are putting a lot of trust in the users of your system that they will not use your machine as a gateway to spam from.