How to Configure the Mac Firewall - dummies

By Joe Hutsko, Barbara Boyd

Although the default setting for your Mac’s firewall should be adequate for most people, you may want to configure your firewall to block additional Internet features for added security. For example, most people will likely need to access e-mail and web pages, but if you never transfer files by using FTP (short for File Transfer Protocol), you can safely block this service.

Don’t configure your firewall unless you’re sure that you know what you’re doing. Otherwise, you may weaken the firewall or lock programs from accessing the Internet and not know how to repair those problems.

To configure your Mac’s firewall, follow these steps:

  1. Choose Command→System Preferences and then click the Security & Privacy icon.

    If the lock icon in the lower-left corner of the preferences window is locked, you must unlock it to make changes to your Mac’s user account details. Click the lock icon, type your password in the dialog that appears, and then press Return to unlock your Mac’s user account details.

  2. Click the Firewall tab.

    The Firewall preferences pane appears.

  3. Click the Turn On Firewall button to turn on your Mac’s firewall (if it isn’t already turned on).

  4. Click the Firewall Options button to display the firewall’s custom settings, as shown in this figure.


    The dialog that appears offers three check boxes.

    In the center list box, you may see one or more sharing services you turned on by using the Sharing preferences pane Command→System Preferences→Sharing).

  5. Select (or deselect) the following check boxes:

    • Block All Incoming Connections: Allows only essential communications for basic Internet and Mail access; also blocks sharing services, such as iTunes music sharing or Messages screen sharing. When you select this option, any services or applications listed in the pane disappear, replaced with a static warning that indicates all sharing services are being blocked.

    • Automatically Allow Signed Software to Receive Incoming Connections: Allows typical commercial applications such as Microsoft Word to check for software updates and Safari to access the web.

    • Enable Stealth Mode: Makes the firewall refuse to respond to any outside attempts to contact it and gather information based on its responses.

  6. Continue to Step 8 if you want to make additional adjustments to your Mac’s firewall feature; otherwise, skip to Step 13.

  7. (Optional) Click the Add (+) button to add applications that you want to allow or block from communicating over the Internet.

    A dialog appears, listing the contents of the Applications folder.

  8. Click a program that you want to allow to access the Internet, such as Dropbox or Skype.

  9. Click Add.

    Your chosen program appears under the Applications category.

  10. (Optional) Click the pop-up button to the right of an application in the applications list and choose Allow Incoming Communications or Block Incoming Communications.

  11. (Optional) To remove a program from the applications list, click the program name to select it and click the Delete (–) button below the program list.

  12. Click OK.

Beginning with Mac OS X 10.7 Lion, your Mac’s security was enhanced with two features:

  • Advanced Space Layout Randomization (ASLR): Makes your applications more resistant to malicious attacks

  • Sandboxing: Limits the types of operations an application can do, thereby making it difficult for a threat to take advantage of an application and, consequently, affect the whole operating system. Think of it as strengthening a potential weak link.