The best firewalls for your Mac

5 min read

One of the most important tools in your online security arsenal is a firewall. Firewalls block incoming and outgoing network connections and can often be configured to be as strict or as relaxed as you like. You can also usually configure a firewall to prevent your Mac from being “pinged” – where a piece of data is sent to it over the network to check if it’s “there.” 

Firewalls can be software or hardware, though most these days are software. macOS has its built-in firewall that can be configured in the Security & Privacy pane of System Preferences and your broadband router probably has one too. Your router’s firewall, if it has one, can be turned on and off in the settings webpage for the router.

Tip
Want to know how to turn on the firewall on your Mac? Just go to System Preferences > Security & Privacy > Firewall and turn it on.

Why download another Mac firewall?

If your Mac already has a firewall built-in, why would you consider a third-party version? Well, for one thing, the macOS firewall only blocks incoming connections; it doesn’t protect you from security threats that come from outbound traffic. Though there are advanced options tucked away, it’s not as configurable as some third-party firewalls.

Did you know?

In addition to a firewall, it’s a good idea to use an anti-malware tool to scan your Mac regularly and keep it safe. CleanMyMac X does just that. You can use it to scan your Mac manually, and it will compare what it finds against a database of known malware. Or set it to monitor your Mac in real-time, so that it protects it automatically. Download CleanMyMac X – a free trial is available.

Malware scan in process

The best firewalls for your Mac

Little Snitch

Little Snitch has been around for almost as long as macOS. Its goal is to block apps from making outgoing network connections unless you explicitly choose to allow it. This is useful for a couple of reasons.

  1. It stops apps from contacting a server and sending data about you to it.

  2. It alerts you to software that shouldn't be on your Mac i.e., malware, and is trying to connect to a host server.

When an app initiates a connection to a server, Little Snitch alerts you and offers you the opportunity to allow it to connect or to prevent it. It learns from your decisions and creates rules based on them. Neatly, there’s a silent mode that hides alerts so that you’re not bombarded with them – there are a lot of them at first. You can then come back to alerts later to make decisions and create rules.

Lulu

We mentioned earlier that the macOS firewall is good at blocking incoming connections. Lulu complements that by blocking outgoing connections, similarly to Little Snitch. By default, it blocks all outgoing connections. If you decide to allow an app or service to connect, every attempt made by that app or service will be allowed. Lulu’s source code is published on GitHub so anyone can inspect it. 

HandsOff

Unlike Lulu and Little Snitch, HandsOff blocks both incoming and outgoing connections. And it allows you to closely monitor and control apps that use internet connection to send information back to a remote server. Besides, HandsOff can also block domain name resolving, multiple subdomains, and offers protection from trojans and worms. 

HandsOff’s options are more finely-tuned than most, allowing you to block all outgoing connections from an app or only those to a specific domain, subdomain, or IP address. You can also choose to block the connection once, until the Mac is restarted, or permanently.

Radio Silence

Radio Silence is the simplest and most elegant of the firewalls available for macOS. There’s nothing to configure and no pop-up windows to distract you. One small window is its only user interface element. That window is split into two tabs. 

One, titled Network Monitor, displays all the apps that have open network connections. Next to the app is a number showing you how many open connections it has open. Click on that number, and you can see a list of connections.

Murus Pro

Murus Pro consists of two apps, Murus and Vallum. The former will perfectly complement the macOS built-in firewall by providing an interface that allows you to create rules for incoming connections. The latter, Vallum, is similar to Little Snitch and Radio Silence – it allows you to monitor and block incoming connections. 

Murus allows you to drag and drop elements to create sets of rules from pre-created presets. Or,  you can re-write your own rules from scratch. If what you want is to fine-tune the built-in macOS firewall, Murus could be the ideal tool.

Vallum monitors and intercepts outgoing connections and lets you block them. It sits in the menu bar until you decide to configure it. When you do, like Murus Pro, you can do it by dragging and dropping. For example, to prevent an app from making outgoing connections, you just drag it from the Finder onto the Vallum window. You can modify the firewall rules for each app manually, or use one of the predefined presets. 

There are several very good firewall tools available for Macs. Some complement Mac’s built-in firewall and block incoming connections; others are focused on outgoing connections. Whichever you choose, it’s a good idea also to use additional security and Mac maintenance tool such as CleanMyMac X.

You may be surprised at just how many network connections some apps make. And next to that number is a Block button, allowing you to prevent the app from making connections. Press that button, and the app shows up in the other tab, Firewall. That tab lists all the apps you’ve blocked from making connections. It’s a very simple but effective tool that has won praise and rave reviews from some of the most well-known Mac blogs and websites.

Follow us
Blog FAQ

MacPaw uses cookies to personalize your experience on our website. By continuing to use this site, you agree to our cookie policy. Click here to learn more.