Your Mac’s Firewall is Off By Default: Do You Need to Enable It?

By Chris Hoffman on December 20th, 2014

Mac OS X ships with a built-in firewall, but it’s not enabled by default. The Windows firewall has been enabled by default ever since worms like Blaster infected all those vulnerable Windows XP systems, so what gives?

Macs to include a firewall, which you can enable from Security & Privacy in System Settings. Like firewalls on other operating systems, it allows you to block certain incoming connections.

What a Firewall Actually Does

Understanding why the firewall isn’t enabled by default and whether you should enable it first requires understanding what a firewall actually does. It’s more than just a switch you flip to boost your security, as it’s sometimes understood by Windows users.

Firewalls like this one do one thing: They block incoming connections. Some firewalls also allow you to block outgoing connections, but the built-in firewalls on Mac and Windows don’t work in this way. If you want a firewall that will allow you to choose which programs get to connect to the Internet or not, look elsewhere.

An incoming connection is only a problem if there are applications listening for these incoming connections. That’s why a firewall was so necessary on Windows all those years ago — because Windows XP had so many services listening for network connections, and those services were being exploited by worms.

Why It Isn’t Enabled By Default on a Mac

A standard Mac OS X system doesn’t have such potentially vulnerable services listening by default, so it doesn’t need a tacked-on firewall to help protect such vulnerable services from being attacked.

This is actually the same reason why Ubuntu Linux doesn’t ship with its firewall on by default — another thing that was controversial at the time. Ubuntu took the approach of simply not having potentially vulnerable services listening by default, so an Ubuntu system is secure without a firewall. Mac OS X works in the same way.

The Downsides of Firewalls

If you’ve used a Windows PC which has the Windows firewall included by default, you’ll know that it can cause problems. If you run a full-screen application — such as a game — the firewall dialog will regularly pop up behind that window and require Alt+Tabbing before the game will work, for example. The additional dialogs are additional hassle.

Worse yet, any local application running on your computer can punch a hole in your firewall. This is designed to help those applications that require incoming connections work without additional configuration. However, it means that the firewall isn’t actually good protection against any malicious software that would want to open a port and listen on your computer. Once your computer is infected, its software firewall doesn’t help.

When You Might Want to Enable It

So, does this mean you’ll never want to use a firewall? No! A firewall can still help if you’re running potentially vulnerable software you don’t want to be accessed over the Internet. For example, let’s say you’ve installed an Apache web server or other server software and you’re dabbling with it. You could access it entirely on your computer via localhost. To prevent anyone else from contacting this server software, you could simply enable the firewall. Unless you enable an exception for that specific piece of server software, all incoming connections to it from outside your computer will be blocked.

This is really the only situation where you’d get a benefit out of enabling your Mac’s firewall, at least for desktop PCs. If you’re using Mac OS X as a server system that’s exposed directly to the Internet, you’ll obviously want to lock it down as much as possible with a firewall.

But You Can Enable It, If You Really Want

So, if you’re a typical Mac user, you really don’t need to enable the firewall. But, if you’re doubting the advice here or just feel better with it enabled, you’re also free to enable it. Typical Mac users probably won’t notice many (or any) issues after enabling the firewall. Everything should continue working normally.

The default setting is to “Automatically allow signed software to receive incoming connections,” which means all the Apple applications on your Mac, apps from the Mac App Store, and signed apps allowed through your Mac’s GateKeeper protection are allowed to receive connections without your input. (In other words, an app from an “Identified developer” has a valid signature.)

You won’t be blocking much if you enable the firewall with the default settings.

How to Enable and Configure Your Mac’s Built-in Firewall

If you’d like to enable and configure your Mac’s firewall, feel free. Click the Apple menu, select System Preferences, and click the Security & Privacy icon. Click the Firewall tab, click the lock icon, and enter your password. Click Turn On Firewall to turn the firewall on, and then click Firewall Options to configure your firewall options.

From here, you can configure the options and add applications to the list. An application you add to the list can have incoming connections allowed or blocked — your choice.


In summary, a firewall isn’t really necessary on a typical Mac desktop, just as it isn’t really necessary on a typical Ubuntu Linux desktop. It could potentially lead to more hassle with setting up certain network services. But, if you feel more comfortable with it on, you’re free to enable it!

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 12/20/14
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!