macOS Networking

macOS firewall settings explained

Practical Mac guide: macOS firewall settings explained without the usual guesswork.

10 min read Beginner Updated 9 Jun 2026
macOS library Start the guide

Step-by-step guide

Work through each section in order. Stop when your issue is resolved — you do not need every step for every situation.

What you will achieve

Understand and configure the macOS application firewall without breaking legitimate apps.

The macOS application firewall is inbound-only protection at OS level. It is not a replacement for router security or outbound monitoring. Understanding what it blocks prevents both false confidence and accidental blocking of legitimate screen sharing or dev servers.

1) Enable the firewall

  1. System Settings → Network → Firewall (Ventura+) or Privacy & Security on some layouts.
  2. Turn on Firewall.

2) Block vs allow behaviour

macOS firewall filters incoming connections to apps. Outbound traffic is not blocked like a third-party firewall. Stealth mode hides closed ports from ping scans — enable under Firewall Options if desired.

3) Application rules

Firewall Options lists apps allowed to receive inbound connections. If a server app (dev web server, Plex) fails remotely, allow incoming for that app when prompted.

4) What it does not replace

  • Router NAT/firewall for home network edge.
  • Protection from malware you execute voluntarily.
  • Full port-level control — use pf or hardware firewall for advanced rules.

5) File Sharing and Screen Sharing

Built-in sharing services register with the firewall when enabled in Sharing settings. If remote access fails, check both Sharing toggles and Firewall allow list.

6) Per-interface behaviour

Firewall applies per profile — switching Locations changes which rules active if you maintain work vs home locations. Document custom pf anchors only if you are advanced — easy to lock yourself out remotely.

7) Remote login vs Screen Sharing

SSH (Remote Login) is separate service — enabling SSH does not auto-allow in GUI firewall list the same way. Limit SSH to known users in Sharing → Info.

8) Third-party firewalls

Little Snitch and LuLu add outbound control — may conflict with Apple firewall prompts. Pick one strategy; doubling filters causes mysterious blocks.

Verify

Firewall on; required services still reachable on LAN; no unexpected block dialogs for daily apps.

Additional troubleshooting notes

If steps above do not resolve the issue on the first attempt, reboot once, confirm System Settings → General → Software Update is current, and retry with a second administrator account to rule out profile or keychain corruption in your daily user. Document exact error text from Console.app with timestamp — vague “it still fails” without logs wastes support time. On Apple Silicon, re-test after full shutdown (not just restart) because firmware and Thunderbolt controllers reset only on cold boot. Intel Macs should repeat test in Safe Mode to bypass third-party login items. Before erase or keychain reset, verify Time Machine or clone backup completed — batch 3 guides assume Monterey/Ventura/Sonoma/Sequoia paths in System Settings; search Spotlight for renamed panes if your macOS version labels differ slightly.

Related guides

firewall macos settings

Related guides

Continue with these next if you are building a fuller setup or troubleshooting path.

Networking
Diagnose slow network on Mac
Practical Mac guide: diagnose slow network on Mac without the usual guesswork.
Read guide
Networking
Configure VPN on macOS
Practical Mac guide: configure VPN on macOS without the usual guesswork.
Read guide