Do you want a firewall on your Mac PC? Well, yes and no. The chances are that your PC is behind the firewall that is part of your router, so having the Mac operating system’s firewall turned off makes it simpler to set up internet connections with other Mac devices. But if you use a laptop or PC and hop onto untrusted internet networks frequently, you should turn on the firewall.
Mac operating system X ships with a built-in firewall, but it is not enabled by default. The Windows firewall has been turning on by default ever since worms like Blaster infected all those vulnerable Windows systems, so gives? Mac systems include a firewall that you can turn on from Security & System Settings. Like firewalls on other operating systems enables you to block a specific type of incoming connections.
The Mac operating system also includes a collection of shared network services to remotely access your content. If you keep these services turned on or use third-party applications, that could make your Mac vulnerable to a network attack. In this blog, TechNinjaPro will show you how to configure your firewall and when you have to use it.
What Does a Firewall Actually Do?
There are two types of PC firewalls: software and hardware. There are many things that a firewall can do, but generally, they are designed to restrict outgoing and incoming network connections. When a firewall blocks incoming connections, it disallows apps running on your PC, and accepts requests from other systems. With outgoing connections, the process is reversed: local apps get stopped from sending requests outside.
Some firewalls enable you to block outgoing connections, but built-in firewalls on Mac and Windows do not work in this way. If you need a firewall that will allow you to select which programs get to connect to the internet or not, look elsewhere. An incoming internet connection is an issue if there are apps listening for these incoming connections, and that is why a firewall is so important on Windows.
Why It Is Not Enabled By Default on a Mac
A standard Mac operating system does not have such vulnerable services listening by default, so it does not have a tacked-on firewall to help protect such vulnerable services from being attacked. This is why Ubuntu Linux does not ship with its firewall on by default. Ubuntu took the approach of not having potentially vulnerable services listening by default, so the Ubuntu system is protected without a firewall. Mac operating systems also work in the same way.
How to Setup Your Mac's Firewall
The significance of a firewall as a part of security cannot be underestimated. TechNinjaPro has discussed in detail the difference between a firewall and an antivirus. In the Mac operating system’s case, there are two components of the software firewall.
App Layer Firewall
App Layer Firewall is a firewall component that will allow or deny access for an application to set up communication over the network. App layer firewall is not based on the ports used. The built-in Mac firewall provides this, and it is intuitive and straightforward by design. You can specify whether to allow or block incoming connections for each application.
To run on the firewall on your MacOS, open System Preferences > Security & Privacy > Firewall. Tick the lock icon on the lower-left of the window, enter your administrator password and tick unlock.
If the window does not say Firewall: On, tick the Turn On firewall button. The green circle lights up, and your MacOS will allow incoming internet traffic for established connections, signed software, and enabled services. You can later turn off your MacOS’s firewall using the corresponding button.
Packet Filter Firewall
Packet Filter Firewall is another firewall component embedded deep in the OS kernel. The packet filter is the OpenBSD packet filter, and its primary function is to filter network packets by matching the properties of individual data packets against the filtering criteria defined in the ruleset.
You can control network traffic based on virtually any connection or packet type with a packet filter firewall. This includes sources and destination address, protocols, interface, and ports. You can allow the packet to pass, block it and trigger events that other parts of the OS can handle.
A packet filter firewall came into effect on Mac, starting with Mac OS X 10.7 Lion. While Application Layer Filter is easy to use, setting up a Packet Filter firewall needs a thorough knowledge of logic, syntax, and network configuration. You must edit the configuration files, and the packet filter monitoring is completely done from the command line.
Configure Mac's Firewall Settings
MacOS includes many built-in solutions to share files, printers, remote access to resources, and more. Navigate to System Preferences >Sharing and click the box next to each service you need to turn on a firewall. Since the firewall works efficiently per application, you will see these services listed by name rather than a port number.
To customize the firewall, go back to the Firewall panel and tick the firewall options button. This will reveal more firewall configurations. Use the Plus and Minus buttons to remove or add as required. You can also select to check some extra options below.
Any services you have checked in the Sharing Panel will automatically appear in the list of allowed connections. But if you disable any services, they will no longer appear in the firewall options pane.
When any third-party application starts listening for incoming connections, you will see a message asking, “Do you need the app to accept incoming network connections”? Tick allows or denies modifying the firewall settings, and applications you allow access will appear on the list.
Should the Outbound Firewall Be Turned On or Off?
The built-in firewall provides you the capability to monitor and block incoming connections. However, you can monitor outgoing internet connections as well. How can a beginner user use outgoing traffic data? Let’s look at some of the examples.
- Most applications that you use on your Mac system have a visible interface and continuously exchange data between your servers and machines located elsewhere. But many processes running in the background send and receive data.
- Applications participate in activities all the time: your email application downloads new messages, checks for app updates, and Dropbox syncs newly changed files. The activities are fine, but that is an issue if you download a malicious application that secretly logs your keystroke and sends private data to a malicious actor.
- Premium applications routinely "phone home" to check your license data, but some developers may collect important information without your consent. These applications may sniff or broadcast over your network, copy the configuration details of your Mac, and monitor how you utilize a particular application.
The examples mentioned above show that a two-way firewall protects both inbound and outgoing internet traffic. They can help discover the activity of malware, but they are less concerned about security than privacy.
Third-Party Firewall Applications for Mac
Most third-party applications offer control over both outgoing and incoming connections. Let’s discuss a few popular options below.
LuLu is an open-source and free firewall application that blocks outgoing traffic unless the user explicitly approves it. Once installed, LuLu will alert you about new or illegal attempts to create an outgoing network connection. Tick the allow or block button to handle the connection. The alert window pops up a process icon and the code-signing status of an application. The built-in VirusTotal integration can assist you in checking if an application is malicious or not. You can also see the process hierarchy, process details, and more.
Radio Silence is an easy firewall application for your Mac. After installation, the application automatically runs in the background without any menu bar icon or other visual display. Navigate to the Firewall tab and tick the block app button. Once you add an application to the blocklist, it will no longer connect over the internet.
Since you manually add these applications, you will not see any irritating pop ups. The Network Monitor tab offers you real-time data for a particular process or an application. You can find unknown helpers, in-memory processes, daemons, XPC services, host IP addresses, and port numbers. While the application comes at a small fee, you can try it before buying.
Little Snitch is a host-based firewall app for Mac. The app offers detailed reports on processes, outgoing and incoming connections, protocols, and ports. It also shows the complete internet traffic history down to a one-minute interval time range. The app feature allows network access not explicitly forbidden by a ruleset by default. Since you do not deny anything, you will have time to know the ins and outs of the applications.
The network monitor shows a universal map of the active connections from your system to the IP-derived or possibly locations all over the world in real-time. The left panel displays a list of applications sending and receiving data, while the right panel provides you with a detailed summary.
The app’s automatic profile switching feature lets you create filtering profiles based on the network. You can create separate profiles for jobs, homes, coffee shops, and more. There are many other features, though the software does not come cheap. However, Little Snitch is a complex firewall to beat for devotees.
Murus is a graphical frontend for a packet filter firewall. It packs an intuitive interface and configures the application using the built-in presets. It also provides you with an editor to create and manage rules. You can create difficult rules with advanced options like accounting, knocking, and more. Murus is a firewall with only inbound filtering and logging capabilities. For $10, you will get outgoing filtering abilities, custom rules, port knocking, customization-related features, and much more.
How to turn off Firewall for Mac
Turning off the firewall is a case of following the same instructions as above and ticking on the Turn Off Firewall button. To do this, you may want to enter your administrator password.
Mac Firewall advanced settings
By ticking on the firewall options button, you will find extra settings that give you more control over how the firewall performs. You will see all the currently allowed applications to send and receive network traffic in the list. You can remove the app from the list by ticking on the “-” button. On the other end, ticking on the “+” sign enables you to add a new application to the list.
Not directly. If the virus algorithm is such as it requires to accept incoming connections from external programs, then having a firewall may break the virus. But generally, this is a rare case. Firewalls do not check for viruses when one downloads software from the internet. Firewalls and antivirus apps do not restore or substitute each other, and they protect from different security threats.
A firewall can stop hackers from accessing the apps which accept incoming connections. For instance, if file sharing is enabled on the MacOS, some firewalls can block contacts from unauthorized PCs and allow File sharing with authorized devices. But even if file sharing is On, having a solid password can stop hackers. So be smart; never use something like "123435" or "monkey" as your password because it is elementary to guess.
Your Mac automatically determines whether an app can send or receive traffic with a firewall running from the network. It does this by using Code Signing Certificates that are issued to trusted apps without the proper certification.
Yes, a wifi firewall will slightly affect internet speed if it cannot process data as quickly as your internet speed. To confirm, take a look at the specs of your firewall.
A firewall is not a mysterious solution to issues such as spam and malware. But its importance may vary in different situations. For a standard user, the built-in firewall is more than enough. If you work for an organization that uses all Macs, having a different firewall protection layer makes sense.
A mixture of an App Layer Firewall and Packet Filter firewall can work well without any significant problems. However, their approach to network filtering is dissimilar and covers different layers of the network stack. The same is correct for third-party firewall applications, and every third-party ALF can work with the packet filter firewall.