Fire up your Mac's firewall

Worried about your networked Mac? Protect yourself with OS X's built-in firewall. Here's how.

mac firewall

A few weeks back, after the Working Mac column about scanning your Mac for viruses I received an email message from Yolanda:

Hope you can help your readers with something that I haven’t found. I’ve just purchased my first Mac after being on Windows for about 15 years, so I’m looking around for reputable recommendations of free and good anti-virus/firewall programs.

The article Yolanda linked to recommended ClamXav for scanning your Mac for viruses, but Yolanda was correct, there was no mention made of firewall applications.

Most people, whether you’re using a Mac or a PC, are aware that commercial virus scanning applications such as Norton Security not only provide virus and malware protection, they also include firewall protection.

What’s a firewall? In the simplest terms it’s hardware on your network or a piece of software on your computer that limits the way other computers can send data to or receive data from your Mac. (For a more detailed explanation on Firewalls, have a look at Jeff Tyson’s, How Firewalls Work).

While you can certainly spend money on firewall applications for your Mac—the aforementioned Norton Security application will set you back a minimum of $45 per year—your Mac, no surprise, already includes an excellent, built-in, free Application Level Firewall that, with minimal configuration, will do everything you need. So, why spend anything at all, when you can have great for free?

You’ll find your Mac’s firewall in the Security and Privacy preference in the System Preferences app.

  1. Open System Preferences
  2. Click Security and Privacy or
  3. Type Firewall in System Preferences search field and select “Turn Firewall on or off”
    Security and Privacy system preference

Before you can make changes to the Security and Privacy preference you need to authenticate as an administrator:

  1. Click the lock at the bottom left of the Security and Privacy preference
  2. Enter your password

To start using the firewall, once you’ve entered your password, all you need to do is click the button that says Turn On Firewall

OS X firewall turn on or off

That’s it! But there’s more to the the built-in firewall than meets the eye, so let’s take a look at what’s going on behind the scenes.

  1. Click the button that says Firewall Options

Depending on what applications you have running and which sharing services you have turned on, what you’ll see when you look at Firewall Options may be a little different than what you see in the following screenshot:


If you don’t see anything, that means you don’t currently have any applications running that are sending or receiving network traffic.

If you do see something in the list, it means that the Application Level Firewall trusts that application and is allowing it to send and receive network traffic. How and why the firewall trusts an application is more than we can go into in detail here, but it’s because of something called Code Signing Certificates, which Apple only issues to trusted applications. Any application with one of these trusted certificates can request and be granted access to allow traffic to pass through Application Level Firewall.

Let’s see how this works automatically:

  1. Make sure that the only box that’s checked is the one that says, “Automatically allow signed software to receive incoming connections”

    OS X firewall signed software
  2. Take note of the applications listed in the list of allowed applications
  3. Click OK
  4. Open the Sharing preference in System Preferences
    OS X sharing
  5. Put a check in the box that says File Sharing or, if that’s already selected, put a check in one of the other sharing boxes
  6. Re-open the Security and Privacy preference
  7. Click the Firewall Options button
  8. Look at the list of allowed applications

If you selected File Sharing in the Sharing preference you should now see File Sharing (AFP, SMB) in the list of allowed applications.

The beauty of Apple’s built-in Application Level Firewall is that you don’t need to do anything other than turn it on. Your Mac will take care of determining whether or not an application should be allowed to send and receive network traffic.

Subscribe to the Best of Macworld Newsletter