The other day, while writing a post over preventing Mac malware, I found a built-in setting on my computer for a Mac firewall. Even more surprising that my Mac had a built-in firewall was the discovery that it wasn’t enabled by default.
In this post, I’m going to explain what the firewall does, why it isn’t enabled by default, whether or not you should enable it, and, of course, how to enable it.
Let’s get into it!
What is the Mac firewall?
The Mac firewall is what’s known as an application firewall. There are more robust firewalls out there, but the built-in option on Mac is pretty lightweight.
Specifically, the firewall is used to prevent outside computers and servers from connecting to your Mac when you use the internet. This can prevent certain types of hacking attacks.
There are other ways for hackers to breach your computer using an internet connection, so the Mac firewall isn’t a complete solution. It’s a fairly lightweight solution. But as we’ll get into, that might be better than a heftier solution for most people.
What does the Mac firewall do?
The firewall stops devices from connecting to your Mac when you use the internet. For instance, if you’re at the coffee shop and another computer user tries to infiltrate your Mac by exploiting the vulnerable public WiFi, your Mac firewall will stop them.
As mentioned, though, it’s not a complete solution. Your firewall won’t stop most apps already installed on your computer from connecting to an outside source over the internet. For example, if you download malware by accident and that app gets permission to pass through your firewall, it will be able to connect to a malicious source over the internet.
In other words, the Mac firewall stops incoming attacks but only certain outgoing attacks. Malware can still fool your firewall (or you) once you’ve installed it.
Should you use the built-in Mac firewall?
I was pretty surprised to find that Apple intentionally leaves the firewall off by default. Especially since Apple is known for being a pretty secure machine.
As it turns out, it’s the secure nature of Mac that makes the built-in firewall optional. Most users will never notice that they have a firewall much less need it.
When to use the Mac firewall
There are some instances, however, where you’ll need to use the firewall. If you’re a developer, you should probably turn it on. That’s because developers often work with
localhost, creating vulnerable channels for outsiders to connect to your Mac.
The firewall will stop hackers from exploiting these use cases and other similar instances.
Another reason to use the firewall on Mac is if you’re someone who regularly installs apps on your Mac from the internet rather than the App Store. Downloading malware without a firewall enabled can lead to that malware contacting a malicious server from your Mac. A firewall will usually block this behavior.
When you shouldn’t use the firewall
Of course, there is a reason that Mac has its firewall disabled by default, and that’s that most users will never need it. If you don’t download apps over the internet too often and you vet them before downloading them, and if you’re not a developer, you should be fine.
Not only do most users not need to use the firewall, but it can be a nuisance for many users. Gaming on your Mac, for instance, can be negatively affected by using a firewall. The firewall might block connectivity for your games, making multiplayer difficult.
That’s not to say that you shouldn’t enable the firewall on Mac. In the same way that most users won’t notice if it’s disabled, most users also won’t notice if it is. It will add a minimal amount of security as well as a minimal amount of inconvenience. So if you want to stay on the safe side, it doesn’t hurt to enable it.
How to configure the firewall on Mac
In the Menu Bar, click the Apple logo, then System Preferences.
Next, click Security & Privacy.
Then, click the Firewall tab.
You’ll probably see a lock icon in the bottom-left of this screen. Click it, then enter your password to make changes on this screen.
Once you’ve entered your password, you can click Turn On Firewall to turn on your Mac firewall.
If you want greater control over your firewall configuration, click Firewall Options….
On this screen, you’ll see a few additional options. Here’s Apple’s breakdown of what these different options mean:
For most users (myself included) turning on the firewall and leaving at that should be good. These are just for high-risk users or the paranoid.
And that’s it!
The best third-party firewalls for Mac
As mentioned, the firewall on Mac is a pretty lightweight option. It will only protect you against a specific type of vulnerability. If you want more fool-proof firewall protection, you’ll need to look to third-party firewalls.
Before using a third-party firewall, know that these can affect your Mac’s performance. That’s because they aren’t built into your Mac’s operating system. Also, they might not be as configurable, which can alter the usability of your Mac substantially. None of these will break your Mac, of course, but they might completely remove your ability to operate certain apps.
With that out of the way, here are a few third-party firewalls for Mac you should look into:
- Little Snitch. This is an app I recommended recently in the Best macOS Apps For May 2021 post. It’s a bit pricey ($45), but it’s a super robust application that gives you total control and insight into your Mac’s connections.
- Radio Silence. Another helpful app is Radio Silence. This one is a lot simpler than Little Snitch and is good for those who don’t care as much about complete connectivity control. It’s more robust than the Mac firewall but easier to use than Little Snitch.
- Vallum. Lastly is Vallum. This is one of the most highly-rated firewalls for macOS. It’s somewhere between Little Snitch and Radio Silence, offering a high degree of security without presenting too intimidating of an interface. And for just $15, it’s a pretty solid option.
Keep your computer safe by using the firewall on Mac
Using the Mac firewall is a great way to start boosting the security of your Mac. This is important, as we’re currently experiencing more threats to Mac than usual. Even Apple executives like Craig Federighi have called attention to the declining security of Macs.
That’s not to say that Macs are unsafe computers (they’re still miles ahead of Windows). But the time where Macs were regarded as untouchable is at an end. By enabling the firewall, using a third-party firewall, and following security best practices, you should have a safe Mac experience.
For more tips, tricks, and all things Apple, check out the rest of the AppleToolBox blog.