Firewall on Mac

Joined
Jan 18, 2011
Messages
136
Reaction score
1
Points
18
Your Mac's Specs
MPB 2.2 Intel Core Duo 2gb Ram - G5 Tower PPC - iPhone 4 - 2x3GHZ 12gb Ram MacPro Tower, ATV2
Hi

I know Mac's are largely safe from virus's but do I need to get a firewall? Does my Mac come with one?

If I do need one, what is recommended? Any free apps for it? :)

I am running Lion on an early 2009 Mac Mini and also have Lion on a 2007 MBP
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
OP
newby
Joined
Jan 18, 2011
Messages
136
Reaction score
1
Points
18
Your Mac's Specs
MPB 2.2 Intel Core Duo 2gb Ram - G5 Tower PPC - iPhone 4 - 2x3GHZ 12gb Ram MacPro Tower, ATV2
Thank AOIFEEE and BOBTOMAY very help thank you! :)
 
C

chas_m

Guest
Bottom line: it's turned off by default for a reason, and that reason is that your router (if you have one) almost certainly has a far superior hardware firewall already active. Two firewalls do not make double protection, they make double the chance of conflicts. Unless you have a specific reason to turn the Mac firewall ON, leave it OFF.
 
OP
newby
Joined
Jan 18, 2011
Messages
136
Reaction score
1
Points
18
Your Mac's Specs
MPB 2.2 Intel Core Duo 2gb Ram - G5 Tower PPC - iPhone 4 - 2x3GHZ 12gb Ram MacPro Tower, ATV2
Chas - thank you! Very helpful!
 
Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
Bottom line: it's turned off by default for a reason, and that reason is that your router (if you have one) almost certainly has
Bottom line, it's included for a reason, and that reason is that laptop owners (especially) often use public wi-fi networks.

a far superior hardware firewall already active.
For most things, the OS X application-based firewall is superior to the NAT function of a router.

Two firewalls do not make double protection, they make double the chance of conflicts. Unless you have a specific reason to turn the Mac firewall ON, leave it OFF.
The default configuration is pretty well thought out and won't cause any problems with common Mac software, including Apple's included services. (If you're running a server or a third-party remote access service, you might need to do some work to get it set up, but if so, you're probably up to the challenge.)

Unless you have a problem with it, leave it ON. You probably won't ever notice it's there.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
+1. As technologist states - it's there for a reason. I don't agree with the mindset of "turn it off, you don't need it". And, I don't believe it's prudent to advise new users to do so.
 
C

chas_m

Guest
Bottom line, it's included for a reason, and that reason is that laptop owners (especially) often use public wi-fi networks.

This is, I admit, purely anecdotal ... but I checked with all 17 of the public places I use Wi-Fi (asked politely to see their router) and guess what -- every single one of them has a hardware firewall already. Unsurprising these days, really.

There's a LOT of misunderstanding of what a firewall does and does NOT do. It does NOT magically protect you from ... well, much of anything more than a DDOS attack, which would also affect every other user of the Wi-Fi network. Thus, most places that offer it already have a firewall in place.

(If you're running a server or a third-party remote access service, you might need to do some work to get it set up, but if so, you're probably up to the challenge.)

This part I agree with.
 
Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
This is, I admit, purely anecdotal ... but I checked with all 17 of the public places I use Wi-Fi (asked politely to see their router) and guess what -- every single one of them has a hardware firewall already.
Of course they do. But everyone else on that network is behind the firewall, and you're exposed to all of them.

The sweet looking girl at the next table over in your local Starbucks may not be out to get you, but her zombified Dell may well be.

And yes, there is a lot of misunderstanding about what a firewall does. And DDoS attacks are not what a firewall protects you against (some do, but that's not what the OS X firewall does.) Firewalls prevent outsiders from connecting to services on your computer. Not planning to run any network services? Great! Using the firewall won't affect you at all; you'll never even know it's there. Set it and forget it.
 
Joined
Jan 19, 2008
Messages
4,695
Reaction score
73
Points
48
Location
houston texas
Your Mac's Specs
09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3
i have been using both and noticed no difference in what I do but gives me piece of mind when I am away from home also the fact last week forgot to turn in back off when I got home so I left it on still did not notice any difference. So for me on it is.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Technologist is spot on !
Turn the OS X firewall on and forget about it.... roam the internet with peace of mind.

Cheers ... McBie
 
Joined
Dec 9, 2010
Messages
844
Reaction score
49
Points
28
Location
Virginia
Your Mac's Specs
Currently 13" Late 2010 MBA, 4GB/128GB; Early 2011 13" MBP, dual core i7 2.7ghz, 4gb ram, 500gb hd
Just for clarification, a firewall doesn't protect you from the most common form of data piracy - namely packet sniffing. A firewall is comparable to locking the doors and windows on your home, to prevent unauthorized entry. However, if you stand at your front door and yell to your neighbor across the street, there's nothing to prevent your next door neighbor from hearing the conversation. Same with the coffee shop - your wireless signal, if not encrypted, is being "shouted" across the room, and anyone with a mind to can capture that information in plain text. That's why firewalls are good, but they're only one piece of the security puzzle. Ideally, every coffee shop would have a password protected network, with suitable encryption. More and more are moving that way, but it's by no means universal. Be careful with passwords, only access sites with sensitive information on networks you know to be secure, and consider setting up a VPN with your office or home for better security.
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Technologist is DEAD on. It does not hurt at all to run the OSX firewall, especially if you are out and about. I don't care if the Hot Spot's router uses even SPI, that is only for the WAN, not the LAN. Anyone in the area on the LAN is still open to every other system on that LAN.

People can argue this all they want, but I have seen it proven over and over. Some routers only have NAT. A true HardWare firewall uses at least SPI (Stateful Packet Inspection) or even better Deep Packet Inspection (DPI). Any decent Firewall that does not at least have SPI, I will not even bother with. So far only very expensive Firewall appliances have DPI though.

Any doubters out there come here and check my SPI Firewall logs and see exactly what it's blocking. And yes, I have a Firewall appliance. Works great! Picked it up at a Thrift Store for $5. It's worth close to $1000! :D
 
OP
newby
Joined
Jan 18, 2011
Messages
136
Reaction score
1
Points
18
Your Mac's Specs
MPB 2.2 Intel Core Duo 2gb Ram - G5 Tower PPC - iPhone 4 - 2x3GHZ 12gb Ram MacPro Tower, ATV2
Wow! This got a lot more exciting since I came on last!

Bit confused now but I think best practice is leaving it on! Thanks all! :)
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Bit confused now but I think best practice is leaving it on! Thanks all! :)

Smart move. Apple has designed its firewall so that it works and doesn't get in your way. As others have advised, leave it on.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top