If you use a Mac, chances are you might not even realize that OS X comes with a firewall. This firewall helps ensure unauthorized app and services can’t contact your computer, and prevents intruders from sniffing out your Mac on a network.
In this article, we will show you how to allow or prevent apps and services access through your OS X firewall. If you don’t know what a firewall does, check out our primer first, then come back here.
By default, your Mac’s firewall is off. If you’re connected to the Internet through a router (most people are), then you may not even need it–but it’s still nice to have. Moreover, OS X’s firewall won’t prevent apps and services from connecting to the Internet. It only blocks incoming connections. That firewall becomes much more important if you’re testing a webserver and you don’t want anyone else to be able to access it.
If you’re wondering where to find the firewall, open the System Preferences, then click “Security & Privacy”. Once you’re in the Security & Privacy preferences, click the “Firewall” tab.
Before you can make any changes, you need to click the lock icon in the lower-left corner and then enter you admin password.
The first thing you will want to do is to turn the firewall on (if it’s not on already).
Once the firewall is on, you can access the “Firewall Options”. Let’s discuss what all these options entail.
Blocking all incoming connections will “prevent incoming incoming connections to nonessential services and apps.” This means that the firewall allows your Mac to find authorized services provided by other computers on your network, but prevents connections to all other sharing services.
This means things like screen sharing and file sharing won’t be available on your computer. Blocking all incoming connections is pretty strict and will disable a lot of legitimate network services, so unless you’re sure you really need this, it’s best to leave it off.
The add and remove buttons (+/-) let you add apps and services, as well as remove them.
There is an option to automatically allow signed software to receive incoming connections. This means that apps and services signed by a valid certificate authority will automatically added to this list. Any app that created by Apple, for example, that needs to receive incoming connections will be automatically added to the list.
Stealth mode simply means that your computer will be effectively invisible to probing requests to reveal your existence on a network. Your Mac will still answer requests from authorized apps.
If you want to add an app or service, click the “+” button and the Applications folder will open. Choose the app or service you want, then click the “Add” button. If you want to specifically block that app or service from incoming connections, then click on the right edge as shown in the screenshot below and then select “Block incoming connections”.
You can go through the firewall list, add and block anything you want to lock down, and remove anything you don’t want on the list. Like we said, however, this won’t prevent apps from creating outbound connections, it simply means that nothing will be able to contact them from outside your Mac’s firewall if you specifically block it.
OS X’s firewall is a cinch to use and typically requires little to no configuration. Just turn it on and forget about it. Chances are you won’t need to even delve into any of the advanced functions we described in this article.
Still, unless you have a security concern about a particular application on your computer, the firewall on your router is more than adequate to block intruders from finding you.