You Should Use a Firewall on Your Mac (but Not Apple’s)
A firewall is an essential security tool for your Mac. Not only does it help keep your Mac safe from security threats online, but it also improves your privacy by allowing you to keep an eye on data that's sent and received from the internet. In some cases, this data sharing is essential, such as during a software update for your Mac. In other cases, it could be used by a malicious app to send your private data to servers on the other side of the world. With a firewall, you can stop that from happening.
What is a firewall?
A firewall is a tool that allows you to keep an eye on network traffic that's sent from and received by your computer. You can think of it as a gate between your computer and the internet. Without a firewall, all apps have unrestricted access to the internet, but when you use a firewall, these apps will have to ask for your permission before they can phone home.
A firewall can be a hardware tool or a software utility. Most of us have already used hardware firewalls, because modern routers have firewall features built-in. By default, they can block incoming connections, and some of the more expensive routers even let you block outgoing connections.
Hardware firewalls can protect all devices on your network, and unlike software firewalls, they can't be disabled easily by malware on any one computer. A software firewall, on the other hand, is a gatekeeper between your computer and the internet, which means that it's better suited to controlling connections for individual apps on your computer.
Should I use a software firewall?
Although software firewalls are great for privacy and security, they are not for everyone. I think everyone should use a firewall, but the reality is that some people will find firewalls a bit restrictive because you'll have to approve every single incoming and outgoing connection. That said, you can set up rules to ensure that the firewall doesn't get in the way.
How does a firewall work?
By default, your Mac will allow all network traffic to reach your computer, and it'll allow almost all apps to send data out. When you enable a strong firewall, you'll have to approve nearly every single request for incoming and outgoing traffic. This includes an app's checks for software updates, downloads, uploading data, and pretty much anything that requires you to connect to the internet.
Firewalls support a stealth mode, which follows your preset instructions without any prompts, but even that is restrictive because you may not be able to use the internet as freely as you'd like to. The flip side is that you're far more protected from cybersecurity threats or, at least, you become very well aware of every connection your Mac makes to the internet.
How can I use the Mac's firewall?
Your Mac ships with a firewall, but it is disabled by default and it can only monitor incoming connections to the computer. It doesn't allow you to control outgoing traffic. You can try using your Mac's firewall to see if you like it, but I have recommendations for third-party apps from reputed developers, which make it a lot easier to both use a firewall and enjoy the security and privacy benefits. On your Mac, click the Apple logo in the top-left corner of the screen and go to System Settings. Now, navigate to Network > Firewall and enable Firewall.
You can click the Options button on this page to set up the firewall to your liking: You'll see an option to allow built-in software to receive incoming connections (i.e. Apple's own software), as well as any signed software you've downloaded. Those apps are usually quite safe, since Apple vets the developers that have their apps "signed." You can also choose whether or not to allow incoming connections to a variety of apps and services, but you'll quickly notice that you can't control outgoing connections, which means if a shady app wants to send your data to an obscure server, you can't use the built-in firewall to stop that.
Which firewall apps should I use?
Fortunately, there are some great third-party firewall apps for the Mac. Little Snitch is the one I like the most: It has a solid set of features, such as the ability to monitor and block any kind of traffic on your Mac; blocklists that automatically keep trackers at bay; and a great interface that provides useful information and makes things easy to understand. As much as I like this app, it is pricey at $59, which means it may not be for everyone.
You can also try a cheaper alternative, such as Radio Silence, which Lifehacker has recommended before. It may not have the polished interface and all the features of Little Snitch, but it will do the job a firewall should: let you stop apps from phoning home. The app is good at its job and costs $9, which makes it a great option for those who want a firewall on a budget.
Finally, there's also a completely free firewall app for the Mac called LuLu. I'm usually wary of recommending free apps that serve such a critical security purpose, but LuLu has earned the trust of the community. It's free and open source, and you can take a look at its GitHub page to learn more about the app. It's in active development at the time of writing, which is also a bonus, since sometimes apps like these are abandoned and never updated again. The interface isn't as polished as that of the paid apps I've recommended, but it works well and you can use it to see if a firewall app is for you.