What is Firewall on Mac Actually Does?

Understanding why the firewall isn’t enabled by default and whether you should enable it first requires understanding what a firewall actually does. It’s more than just a switch you flip to boost your security, as it’s sometimes understood by Windows users.

Firewalls like this one do one thing: They block incoming connections. Some firewalls also allow you to block outgoing connections, but the built-in firewalls on Mac and Windows don’t work in this way. If you want a firewall that will allow you to choose which programs get to connect to the Internet or not, look elsewhere.

An incoming connection is only a problem if there are applications listening for these incoming connections. That’s why a firewall was so necessary on Windows all those years ago — because Windows XP had so many services listening for network connections, and those services were being exploited by worms.

How to Configure Mac OS X Firewall

Unlike the firewall settings in Windows, the built-in firewall for Mac OS X is not enabled by default. If you’ve recently purchased a new Mac computer, then you will have to go in and turn on the firewall manually if you want that protection. The steps to do so are quite simple and user-friendly, but the first question is this: do you need to enable the firewall on your Mac?

The short answer is “yes.” Apple leaves the firewall disabled by default because it can cause issues with certain applications. In most situations, though, having the firewall enabled will offer more benefits than drawbacks. It only takes one system vulnerability or rogue app, exploitable through the Internet, for your machine to be remotely accessed by a hacker. By enabling the firewall, you bring up the shields and protect your sensitive files and personal information from such a possibility. Sure, it’s probably true that the average Mac user will rarely experience a situation where their system is vulnerable in this way. Regardless, enabling the firewall is a good measure to take just in case.
Why It Isn’t Enabled By Default on a Mac

How to Turn On Firewall on Mac

A standard Mac OS X system doesn’t have such potentially vulnerable services listening by default, so it doesn’t need a tacked-on firewall to help protect such vulnerable services from being attacked.

  • You’ll find your Mac’s firewall in the Security and Privacy preference in the System Preferences app.
  • Open System Preferences
  • Click Security and Privacy or Type Firewall in System Preferences search field and select “Turn Firewall on or off”

Before you can make changes to the Security and Privacy preference you need to authenticate as an administrator:

  • Click the lock at the bottom left of the Security and Privacy preference
    Enter your password
  • To start using the firewall, once you’ve entered your password, all you need to do is click the button that says Turn On Firewall
  • That’s it! But there’s more to the the built-in firewall than meets the eye, so let’s take a look at what’s going on behind the scenes.
  • Click the button that says Firewall Options

Depending on what applications you have running and which sharing services you have turned on, what you’ll see when you look at Firewall Options may be a little different than what you see in the following screenshot:

  • If you don’t see anything, that means you don’t currently have any applications running that are sending or receiving network traffic.
  • If you do see something in the list, it means that the Application Level Firewall trusts that application and is allowing it to send and receive network traffic. How and why the firewall trusts an application is more than we can go into in detail here, but it’s because of something called Code Signing Certificates, which Apple only issues to trusted applications. Any application with one of these trusted certificates can request and be granted access to allow traffic to pass through Application Level Firewall.

Let’s see how this works automatically:

  • Make sure that the only box that’s checked is the one that says, “Automatically allow signed software to receive incoming connections”
  • Take note of the applications listed in the list of allowed applications
  • Click OK
  • Open the Sharing preference in System Preferences

Put a check in the box that says File Sharing or, if that’s already selected, put a check in one of the other sharing boxes

  • Re-open the Security and Privacy preference
  • Click the Firewall Options button
  • Look at the list of allowed applications

If you selected File Sharing in the Sharing preference you should now see File Sharing (AFP, SMB) in the list of allowed applications.

The beauty of Apple’s built-in Application Level Firewall is that you don’t need to do anything other than turn it on. Your Mac will take care of determining whether or not an application should be allowed to send and receive network traffic.