How to improve the security of our Mac through the system firewall

All Mac models for several years come with features little known and extremely useful: the firewall. With this tool, we can restrict the applications on our computer that receive network connections, access of vital importance if we are talking about security.

Speaking of firewall, there are third-party solutions that give us much more functions than system firewall, however in this article we will only talk about built-in firewall as it is present on all our computers . . without having to choose, buy or install anything.

By the way, before getting to the heart of the matter, a firewall, which we translate as « firewall », is software that deals with managing the network connections of an operating system. With this software we can establish rules for connections, ports, applications, protocols, etc.

How to activate and configure the firewall

We will first activate the firewall which in some models may come disabled by default. The steps are as follows:

  • In the Apple menu () we choose System Preferences.
  • We entered security.
  • We enter the tab Firewall.
  • We touch Activate the firewall.

Now that the firewall is on, we’ll configure it to give us the best possible protection. We touch Firewall options and we see a series of options, see what they mean and the recommended configuration:

  • Block all incoming connections (disabled): As the name suggests, with this option, we block all incoming connections except those essential to have an Internet connection. Enabling this option keeps the computer to a minimum, so we recommend that you leave it disabled.
  • : In this section we see all the « exceptions » that we have granted to the firewall. This can be to allow access or deny it. The recommendation in this section is that we select any application or service whose name we do not recognize and touch the “-” that appears below to remove it. If the app really needs the connection, it will ask us for permission again.
  • Automatically allow integrated software to receive incoming connections (On): It tells the firewall that all applications and services provided with the computer, that is, those created by Apple, can receive connections without asking us. We enable this option to allow apps like Music, TV, App Store, or Mail, to name a few, to work properly without our permission.
  • Automatically allow downloaded signed software to receive incoming connections (disabled): With this option, we would give network access to any downloaded application, as long as it is signed. We’ve seen in the past that the signing process, while useful, isn’t foolproof either, so we’re going to disable this option and grant permissions manually.
  • Activate infiltration mode (On): Instructs the Mac to ignore or not accept requests to access the computer from the network, from a simple ping to other types of access. We will activate this setting, especially if we are using our computer connected to the work or university network.

Easy, right? With these simple steps, we will have managed to increase the security of our computer without reducing any functionality.