Firewall Software For Mac



Question: Q: Firewall software on Mac (G4, Mac OSX 10.2.8) I have set everything in NetBarrier 10.3.6 to block all transfers from and to my computer. According to what I have setup in Netbarrier, no communication with the outside world should be possible (I have checked the option NO NETWORK, in the first section). Way 3: Temporarily Disable Firewall or Security Software. Security software might block the connection between iTunes and Apple servers. If iPhone restore stuck on extracting software, you can try to temporarily turn off firewall and quit third-party security software.

One of the most important tools in your online security arsenal is a firewall. Firewalls block incoming and outgoing network connections and can often be configured to be as strict or as relaxed as you like. You can also usually configure a firewall to prevent your Mac from being “pinged” – where a piece of data is sent to it over the network to check if it’s “there.”

Firewalls can be software or hardware, though most these days are software. macOS has its built-in firewall that can be configured in the Security & Privacy pane of System Preferences and your broadband router probably has one too. Your router’s firewall, if it has one, can be turned on and off in the settings webpage for the router.

Tip
Want to know how to turn on the firewall on your Mac? Just go to System Preferences > Security & Privacy > Firewall and turn it on.

Why download another Mac firewall?

If your Mac already has a firewall built-in, why would you consider a third-party version? Well, for one thing, the macOS firewall only blocks incoming connections; it doesn’t protect you from security threats that come from outbound traffic. Though there are advanced options tucked away, it’s not as configurable as some third-party firewalls.

Did you know?

In addition to a firewall, it’s a good idea to use an anti-malware tool to scan your Mac regularly and keep it safe. CleanMyMac X does just that. You can use it to scan your Mac manually, and it will compare what it finds against a database of known malware. Or set it to monitor your Mac in real-time, so that it protects it automatically. Download CleanMyMac X – a free trial is available.

The best firewalls for your Mac

Little Snitch

Little Snitch has been around for almost as long as macOS. Its goal is to block apps from making outgoing network connections unless you explicitly choose to allow it. This is useful for a couple of reasons.

  1. It stops apps from contacting a server and sending data about you to it.

  2. It alerts you to software that shouldn't be on your Mac i.e., malware, and is trying to connect to a host server.

When an app initiates a connection to a server, Little Snitch alerts you and offers you the opportunity to allow it to connect or to prevent it. It learns from your decisions and creates rules based on them. Neatly, there’s a silent mode that hides alerts so that you’re not bombarded with them – there are a lot of them at first. You can then come back to alerts later to make decisions and create rules.

Lulu

We mentioned earlier that the macOS firewall is good at blocking incoming connections. Lulu complements that by blocking outgoing connections, similarly to Little Snitch. By default, it blocks all outgoing connections. If you decide to allow an app or service to connect, every attempt made by that app or service will be allowed. Lulu’s source code is published on GitHub so anyone can inspect it.

HandsOff

Unlike Lulu and Little Snitch, HandsOff blocks both incoming and outgoing connections. And it allows you to closely monitor and control apps that use internet connection to send information back to a remote server. Besides, HandsOff can also block domain name resolving, multiple subdomains, and offers protection from trojans and worms.

HandsOff’s options are more finely-tuned than most, allowing you to block all outgoing connections from an app or only those to a specific domain, subdomain, or IP address. You can also choose to block the connection once, until the Mac is restarted, or permanently.

Radio Silence

Radio Silence is the simplest and most elegant of the firewalls available for macOS. There’s nothing to configure and no pop-up windows to distract you. One small window is its only user interface element. That window is split into two tabs.

One, titled Network Monitor, displays all the apps that have open network connections. Next to the app is a number showing you how many open connections it has open. Click on that number, and you can see a list of connections.

Murus Pro

Murus Pro consists of two apps, Murus and Vallum. The former will perfectly complement the macOS built-in firewall by providing an interface that allows you to create rules for incoming connections. The latter, Vallum, is similar to Little Snitch and Radio Silence – it allows you to monitor and block incoming connections.

Murus allows you to drag and drop elements to create sets of rules from pre-created presets. Or, you can re-write your own rules from scratch. If what you want is to fine-tune the built-in macOS firewall, Murus could be the ideal tool.

Vallum monitors and intercepts outgoing connections and lets you block them. It sits in the menu bar until you decide to configure it. When you do, like Murus Pro, you can do it by dragging and dropping. For example, to prevent an app from making outgoing connections, you just drag it from the Finder onto the Vallum window. You can modify the firewall rules for each app manually, or use one of the predefined presets.

There are several very good firewall tools available for Macs. Some complement Mac’s built-in firewall and block incoming connections; others are focused on outgoing connections. Whichever you choose, it’s a good idea also to use additional security and Mac maintenance tool such as CleanMyMac X.

You may be surprised at just how many network connections some apps make. And next to that number is a Block button, allowing you to prevent the app from making connections. Press that button, and the app shows up in the other tab, Firewall. That tab lists all the apps you’ve blocked from making connections. It’s a very simple but effective tool that has won praise and rave reviews from some of the most well-known Mac blogs and websites.

Best

26 November 2019

Does Mac have a firewall?

Do I need a third-party firewall?

Can't I just use the built-in Mac firewall?

What is the best firewall for Mac?

These are some of the questions that Mac users ask all the time.

While maintaining privacy and ensuring data security is vital for all Mac users, few do anything about it. If they do, it's usually the bare minimum, which means using the built-in macOS tools found in System Preferences and Safari.

Is that enough?

No!

Let’s explain what a firewall is and why you need it.

1. What is a Firewall and how Does It Work?

A firewall is a barrier or shield that monitors either incoming or outgoing network traffic - or both - sent through your internet connection. As information is sent or received, the firewall filters each packet of data based on a set of rules.

If the data is flagged as having malicious intent, the firewall blocks it to prevent your privacy and data from being put at risk.

2. Do I Need a Firewall for My Mac?

Yes.

While Macs are generally more secure and more difficult to exploit than Windows PCs, they're not unhackable.

According to Macworld, Mac malware grew by 270% in 2017.

Malwarebytes reported an increase in malware attacks in 2019, with 16 million instances recorded in April - four times the previous record!

As Macs grow in popularity and cybercriminals become bolder, greedier, and smarter, new threats are appearing.

These threats include:

Free firewall software for mac
  • Adware
  • Identity theft
  • Malware (designed to gain access to cryptocurrency)
  • Phishing attacks
  • Ransomware
  • Security flaws

As a result, taking steps to protect your Mac is more important than ever.

3. Can I Use the MacOS Built-in Firewall?

Yes. The first step to securing your Mac is to enable the built-in firewall.

While you might expect the built-in macOS firewall to be enabled by default, it's not. We recommend that - if you haven't already done so - you turn on the firewall settings in System Preferences.

To turn on your Mac firewall:

  1. Open System Preferences from the Apple menu at the top left of your screen.
  2. Click on Security & Privacy.
  3. Click on the Firewall tab.
  4. Click on the padlock icon at the bottom left of the window to unlock the system settings (if prompted, type your login password for access).
  5. Check the box beside hat the Turn On Firewall.

For more details on how to turn on and configure your firewall on Mac, visit the macOS User Guide.

4. When do I Need a 3rd Party Firewall?

If you're using your Mac to access any public network - such as in the cafeteria or at the local Starbucks - you need a third-party firewall.

The reason is that while the built-in Mac OS firewall monitors and blocks incoming traffic, it doesn't provide any protection against outbound traffic.

For example, if you download malware - or apps that “phone home” without your knowledge - and they want to send personal data across the internet, the macOS firewall won't stop them.

You need a third-party firewall to complement the macOS firewall to protect you from both incoming and outgoing threats.

5. What are the Top 5 Mac Firewalls as Voted by MacUpdate Users?

What are your best choices? Below is a list of five of the most highly-rated firewalls based on our reader's ratings, including those who offer a free firewall for Mac on a trial basis:

4.9 stars

  • Current Version: 3.3.1
  • System Requirements: OS X 10.11 El Capitan, macOS 10.12 Sierra or higher.
  • Licensing: 30-day free trial, one-time purchase of $15 for a single license, $20 for a five-license family pack (15-day money-back guarantee).

One of the most advanced and best-designed firewall apps available, Vallum complements the macOS firewall by intercepting connections at the application layer and detaining them while you decide what to do.

A custom app list and pre-defined rules can be created to govern which apps are allowed to connect to the internet.

Drag and drop support enables you to either allow or block apps quickly. Outbound connections can also be blocked in a variety of ways, including geo-location, pre-defined schedules, and other methods.

Pros

  • Attractive, icon-based user interface
  • Easy to use with drag and drop functionality
  • Inspects and blocks outbound connections
  • Simple interface for creating rules and filter lists
  • Advanced features for creating complex rules
  • Unobtrusive with notification prompts
  • Lifetime license with free upgrades and updates

Cons

  • Can be overwhelming for beginners

Read all about Vallum for Mac with reviews from our readers on MacUpdate.

  • MacUpdate User Rating: 4.9
  • Version Reviewed: 3.3.1
  • Date Reviewed: 31 August 2019

4.2 stars

  • Current Version: 4.4.3
  • System Requirements: OS X 10.11 El Capitan, macOS 10.12 Sierra or higher.
  • Licensing: 30-day free trial, $45 for a single license, $89 for a family license, $169 for a five-license pack, and $299 for a ten-license pack.

Little Snitch claims to make the invisible visible by informing you whenever an app attempts to establish an outgoing Internet connection.

It allows you to permit or deny the request, define a rule for future requests, or - if you the volume of notifications overwhelming - silence the requests and make decisions later.

The network monitor feature allows you to see exactly where the traffic is coming from or being sent.

Pros

  • Attractive interface
  • Inspects and blocks outgoing connections
  • Silent mode for delayed decision making
  • Network monitor for graphically depicting connections
  • Once set up, runs in the background and requires little interaction
  • Detects network activity related to malware, trojans, and viruses

Cons

  • Potentially complicated for beginners
  • More expensive than other firewalls

Read all about Little Snitch for Mac with reviews from our readers on MacUpdate.

  • MacUpdate User Rating: 4.2
  • Version Reviewed: 4.4.3
  • Date Reviewed: 8 October 2019

4.2 stars

  • Current Version: 4.4.0
  • System Requirements: OS X 10.11 El Capitan, macOS 10.12 Sierra or higher.
  • Licensing: 30-day free trial, $49.99 for a single license.

An easy to use firewall with advanced features and a simple, user-friendly interface.

Hands Off! protects your privacy by enabling sniffing mode, preventing apps and services from accessing remote servers. If an app tries to establish a connection, an alert appears requesting you to either allow or block the connection.

Advanced settings and rules are simple to use.

Pros

  • Flexible configuration options
  • Blocks incoming and outgoing connections
  • Blocks read and write disk access
  • Prevents malware and virus infiltration
  • Identifies trusted applications
  • Simple, user-friendly interface
  • Detailed notifications prompt

Cons

  • Some features may impact performance e.g., disk monitoring
  • More expensive than some other firewalls

Read all about Hands Off! for Mac with reviews from our readers on MacUpdate.

  • MacUpdate User Rating: 4.2
  • Version Reviewed: 4.4.0
  • Date Reviewed: 27 October 2019

4.0 stars

  • Current Version: 2.3
  • System Requirements: OS X 10.10 (Yosemite) or higher.
  • Licensing: 24-hour free trial, $9.00 for a single license. $49 team license with no user limits (30-day money-back guarantee).

Designed for people who don’t want to configure and manage traditional firewalls, Radio Silence allows you to quickly create a list of applications that aren’t allowed access to the internet.

Managed via a user-friendly interface, the firewall also allows you to create custom profiles to prevent groups of apps from accessing the internet. Full visibility into which processes are trying to connect to online servers is available in real-time.

Whenever an app or service tries to make a connection, a notification prompt appears that allows you to allow, inspect, or block the connection.

Pros

Software
  • Easy to use through a user-friendly interface
  • Inspects and blocks outgoing connections
  • Custom profiles for rules and filters
  • Notification prompt for user actions
  • Inexpensive

Good Firewall Software For Mac

Cons

  • None

Read all about Radio Silence for Mac with reviews from our readers on MacUpdate.

  • MacUpdate User Rating: 4.0
  • Version Reviewed: 2.3
  • Date Reviewed: 19 October 2019

Free Firewall Software For Mac

3.6 stars

  • Current Version: 10.9.6
  • System Requirements: OS X 10.8 (Mountain Lion) or higher.
  • Licensing: 30-day free trial, $39.99 for a single, one-year subscription, $59.99 for a one-year subscription for five Macs.

NetBarrier X9 provides thorough protection against threats from both the internet and your local network, constantly filtering activity and automatically alerting you to suspicious activity.

Providing a robust set of features within a simple, user-friendly interface, users choose which network connections are allowed, which apps are permitted to connect to the network, and the data blocked from being sent.

Three preset firewall settings cover most situations encountered during regular use, with graphics animations displaying the effect of applying each profile.

Pros

  • Simple, easy to use graphical interface
  • Active application list to identify network usage
  • Inspects and blocks incoming and outgoing connections
  • Preset profiles for fast setup and configuration
  • Automatic profile switching when the connection changes
  • Location-aware network security

Cons

Firewall Application For Mac

  • Limited functionality with the free trial

Read all about NetBarrier X9 for Mac with reviews from our readers on MacUpdate.

  • MacUpdate User Rating: 3.6
  • Version Reviewed: 10.9.6
  • Date Reviewed: 12 April 2019

6. How Do I Test My Firewall?

It’s a good idea to test your Mac firewall every now and then to make sure it’s working correctly.

To find out whether your Mac is vulnerable to attack by external hackers, you need to understand what it looks like from the Internet.

Port scans conducted from outside your network will identify any weaknesses in your firewall.

Here are three online tools to test whether your firewall is protecting your Mac the way it should:

  1. HackerTarget: Simple and easy to use, this online firewall test mimics the actions of a hacker, attempting to connect with services open to the Internet. It requires that you simply enter your IP address and click on the Begin Firewall Test button. A results box appears to indicate whether your open connections are filtered (protected) or not.
  2. ShieldsUP: After reading the info in the blue box, click on Proceed. On the next page, you have several test options to choose from. Click on the Common Ports button in the blue box. A results page appears indicating whether your system passed or failed the test with detailed results available in the table below.
  3. Pentest-Tools: Insert your IP address in the box at the top of the page, confirm that you have the right to run the test, and click on Scan Now. If the results pane pops up and says: “This host seems to be down,” then your firewall is working correctly. The scan only provides basic information, and only two free scans are allowed every 24 hours.

Note: To find your IP address, open System Preferences and click on Network under Internet & Wireless. Click on the active connection in the left-hand bar (the one with the green dot). Your IP address will appear in the right-hand pane below the Status field.

The Bottom Line

There are many myths about whether you need a firewall on your Mac or not.

Our recommendation?

Don't expose yourself to unnecessary risks!

  1. Activate the built-in macOS firewall to guard against malicious incoming threats;
  2. Purchase a third-party firewall to guard against malicious outgoing connections.

Explore the firewalls our readers recommend.

Choose the one that's right for you.

Install it.