A firewall is a piece of software or hardware that monitors incoming and outgoing network traffic using rules set up by the user or administrator. You can go and buy a fancy 3rd-party firewall, but Apple has one built into MacOS. With this built-in software firewall you can set what applications can have incoming and outgoing connections.
Most of the time you don’t have to worry about a firewall because MacOS doesn’t have potentially vulnerable services listening to the outside by default. However, depending on what 3rd-party software you have or if you are running a web server, applications could potentially be communicating in the background with the outside so you might want to limit communication for security reasons.
Your built in firewall settings are found in the Security and Privacy pane in System Preferences. At the most basic level, all you have to do is click the button to turn on the firewall. Now that the firewall is on, click the button Firewall Options. Here you have some options to customize your level of protection. We will be discussing the firewall settings in MacOS Sierra, but the settings are similar for earlier operating systems.
The first is Block all incoming connections which blocks everything except basic internet services. Most of the time you won’t need lock the system down that much, but the option is there.
Next is Automatically allow built-in software to receive incoming connections. This is referring to the apps that are included with MacOS, so this usually a good thing to leave checked as this software has been designed with security in mind by Apple.
The next option is Automatically allow downloaded signed software to receive incoming connections. Digitally signed software is software that contains a code which MacOS uses to verify the developer. Apple maintains a list of developers that it considers trustworthy so this is typically a safe option to leave checked as well.
The last option is Enable stealth mode. When this is enabled your computer will not acknowledge attempts to access this computer from the network by test applications using ICMP (Internet Control Message Protocol) methods such as ping. Enabling this helps keep you safe by making a DOS (Denial of Service) attack method known as PoD (ping of death!) useless to the attacker.
In the middle of the menu box you can see big box with a plus and minus box at the bottom. This is where you can choose specific apps you that want to add or remove network access to or from. This would primarily be used if you have an application that you trust but is not from a trusted developer and you need it to have network access.
Most users don’t have to worry about a firewall. Since the MacOS is so secure most attacks are done through social engineering. This is when someone tricks you into revealing your password, basically making you open the door for them either by fear or manipulation. Software and hardware can help, but only you can prevent this type of security breach by not revealing your password to untrusted persons.