Manage Firewall
A firewall can protect a user’s Mac from unwanted contact initiated by other computers when it’s connected to the internet or a network. However, the Mac can still allow access through the firewall for some services and apps.
Here are some examples:
If a user turns on a sharing service, such as file sharing, macOS opens a specific port for the service to communicate through.
An app or service on another system can request and be given access through the firewall, or it might have a trusted certificate and therefore be allowed access.
Note: A device management service can configure these settings. For more information about your organization’s requirements and device policies, check with your device management administrator.
Firewall options include the following:
Option | Description |
|---|---|
Firewall | Prevent unwanted connections from the internet or other networks. |
Options | Choose how much to block incoming connections. |
Block all incoming connections | Prevent incoming connections to nonessential services and apps. Basic internet services are a set of apps that allow the Mac to find services provided by other computers on the network. This setting prevents connections to all other sharing services. |
Add | Add an app or service to allow incoming connections. |
Remove | Remove an app or service from allowing incoming connections. Certain shared services can connect through the firewall when they’re turned on in Sharing settings. For additional security, you can prevent connections to these incoming services by turning off the service in Sharing settings. |
Automatically allow built-in software to receive incoming connections | Allow built-in apps and services that are signed by a valid certificate authority to be automatically added to the list of allowed apps, without your authorization. |
Automatically allow downloaded signed software to receive incoming connections | Allow downloaded apps and services that are signed by a valid certificate authority to be automatically added to the list of allowed apps, without your authorization. |
Enable stealth mode | Prevent the Mac from responding to probing requests that can be used to reveal its existence. The Mac still answers requests from authorized apps, but unauthorized requests such as ICMP (ping) get no response. |
Turn on firewall protection
On the Mac, choose Apple menu > System Settings, then click Network in the sidebar.
Click Firewall, then turn on Firewall.
To specify additional security settings, click Options, turn settings on or off, then click OK.
Set firewall access for services and apps
Either you or the user can complete this task:
On the Mac, choose Apple menu > System Settings, then click Network in the sidebar.
Click Firewall, then click Options.
If the Options button is disabled, first turn on Firewall.
Click the Add button under the list of apps and services, then select the apps or services you want to add. After an app or service is added, click its up and down arrows and choose whether to allow or block connections through the firewall.
Blocking an app’s access through the firewall could interfere with or affect the performance of the app or other software that may depend on it.
Important: Certain apps that don’t appear in the list may have access through the firewall. These can include system apps, services, and processes, as well as digitally signed apps that are opened automatically by other apps. To block access for these programs, add them to the list.
When the Mac detects an attempt to connect to an app you haven’t added to the list and given access to, an alert message appears asking if you want to allow or deny the connection over the network or internet. Until you take action, the message remains, and any attempts to connect to the app are denied.
Turn on stealth mode
On the Mac, choose Apple menu > System Settings, then click Network in the sidebar.
Click Firewall.
If Firewall is turned off, first turn it on.
Click Options.
Turn on “Enable stealth mode.”