Mac Firewall: Allowing Apps to Communicate - Guide
Understanding and Configuring the macOS Firewall
Many Mac users are unaware that their operating system, OS X, includes a built-in firewall. This security feature is designed to safeguard your computer by preventing unauthorized applications and services from establishing connections and shielding your Mac from network-based intrusions.
Related: What Does a Firewall Actually Do?
This article will guide you through the process of enabling or restricting application and service access via your OS X firewall. If you are unfamiliar with the fundamental principles of a firewall, we recommend reviewing a basic explanation before proceeding.
Default Firewall Status and Functionality
By default, the macOS firewall remains inactive. However, if your Mac is connected to the internet through a router – a common setup – the need for the firewall may be lessened. It’s still a beneficial layer of security to have in place.
It's important to note that the OS X firewall primarily controls incoming connections. It does not restrict applications and services from initiating connections to the internet. This distinction is crucial, particularly when hosting services like a web server, where you might want to limit external access.
Accessing the Firewall Settings
To locate the firewall settings, open System Preferences and then select "Security & Privacy". Within the Security & Privacy preferences, click on the "Firewall" tab.
Before making any adjustments, you will need to unlock the settings by clicking the lock icon in the lower-left corner and entering your administrator password.
The initial step is to activate the firewall if it is currently disabled.
Related: Your Mac’s Firewall is Off By Default: Do You Need to Enable It?
Firewall Options Explained
Once the firewall is enabled, you can access the "Firewall Options" to configure its behavior. Let's examine the available settings.
Blocking all incoming connections prevents unauthorized access to non-essential services and applications. The firewall will still permit your Mac to utilize authorized services from other computers on your network, while denying connections to other sharing services.
Enabling this option disables features like screen sharing and file sharing. It represents a stringent security measure and should only be activated if specifically required, as it may disrupt legitimate network functionality.
The add and remove buttons (+/-) allow you to manage the list of permitted and blocked applications and services.
The option to automatically allow signed software to receive incoming connections grants automatic access to applications and services verified by a trusted certificate authority. For instance, applications developed by Apple that require incoming connections will be automatically added to the allowed list.
Stealth mode renders your computer virtually undetectable to network probing requests, effectively concealing its presence. However, your Mac will continue to respond to requests from authorized applications.
Adding and Blocking Applications
To add an application or service, click the "+" button, which will open the Applications folder. Select the desired application or service and then click "Add". Conversely, to block an application or service from receiving incoming connections, click on its corresponding entry and select "Block incoming connections".
You can customize the firewall list to precisely control which applications and services are permitted or restricted. Remember, this configuration only affects incoming connections; it does not prevent applications from initiating outbound connections.
Conclusion
The macOS firewall is straightforward to use and generally requires minimal configuration. Simply enabling it provides a valuable layer of security. In most cases, you won't need to explore the advanced options.
However, unless you have specific security concerns regarding an application, the firewall on your router typically provides sufficient protection against external threats.