Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
macOS firewall
- Thread starter piattj
- Start date
- Sort by reaction score
It is not necessarily needed, no.
What it does is stop your apps and system apps/processes from receiving inbound connections. Not every app has this functionality (and if they do, usually for a reason; i.e. they need it function properly) and many system processes that have this functionality are disabled by default (in System Preferences → Sharing). Moreover, macOS has other security mechanisms in place, such as sandboxing and limited permissions. If you are using your Mac in a trusted network, such as your own network, you will likely be better protected by a router’s firewall already.
The firewall itself runs with elevated permissions and can be a target for attacks. Vulnerabilities are occasionally found, so it is not a no-risk scenario to enable it. Furthermore, since the application firewall only gives you a choice to block all inbound connections for a particular app/process, it only makes sense to use it if you actually block some of them, otherwise there is no point in using it.
What it does is stop your apps and system apps/processes from receiving inbound connections. Not every app has this functionality (and if they do, usually for a reason; i.e. they need it function properly) and many system processes that have this functionality are disabled by default (in System Preferences → Sharing). Moreover, macOS has other security mechanisms in place, such as sandboxing and limited permissions. If you are using your Mac in a trusted network, such as your own network, you will likely be better protected by a router’s firewall already.
The firewall itself runs with elevated permissions and can be a target for attacks. Vulnerabilities are occasionally found, so it is not a no-risk scenario to enable it. Furthermore, since the application firewall only gives you a choice to block all inbound connections for a particular app/process, it only makes sense to use it if you actually block some of them, otherwise there is no point in using it.
Thanks for that info. My understanding is that the firewall prevents inbound connections that did not originate from within the firewall (simply put, I acknowledge). I am unfamiliar with application-specific firewall functionality so that's a lesson. And I do have a firewall set on the router (Unifi USG) with no open ports, no port forwarding etc so reasonable security at that level. Despite that, I have the macOS firewall turned on, AND with 'block all incoming connections' and, despite various advice against it, I see no hindrance to normal use / internet access etc. So I leave it on. Happy to listen to advice that that is sub-optimal re security. Thanks.
I found these useful:
https://www.howtogeek.com/205108/your-mac’s-firewall-is-off-by-default-do-you-need-to-enable-it/
www.quora.com
https://www.howtogeek.com/205108/your-mac’s-firewall-is-off-by-default-do-you-need-to-enable-it/
Why is the firewall turned off by default on an Apple MacBook?
Answer: Q: Why is the firewall turned off by default on an Apple MacBook? A: That is a great question with an answer that is not obvious. * macOS has an application firewall that protects the entire system * The Application Firewall * * Is always on and is completely effective at protectin...
Thank you. That's very enlighteningI found these useful:
https://www.howtogeek.com/205108/your-mac’s-firewall-is-off-by-default-do-you-need-to-enable-it/
Why is the firewall turned off by default on an Apple MacBook?
Answer: Q: Why is the firewall turned off by default on an Apple MacBook? A: That is a great question with an answer that is not obvious. * macOS has an application firewall that protects the entire system * The Application Firewall * * Is always on and is completely effective at protectin...