Say what? The Mac has a firewall? Who knew? Actually, the Mac has had a firewall since forever, yet Apple is so convinced the Mac is truly secure that the built-in software firewall in macOS High Sierra is turned off by default. That’s right. The Mac’s firewall is off. On purpose.
Turning on the Mac’s firewall is easy enough but managing the firewall is not child’s play which might explain why Apple’s default is off. Open System Preferences > Security & Privacy > Firewall. Click, Turn On Firewall. That’s it. Almost. Click Firewall Options to manage specific apps. Or, use a free graphic user interface app called Murus Lite instead.
A Front End For The Back End
Murus Lite is the entry-level firewall management app which is more of a user interface for the Mac’s built-in software firewall. That makes it more capable than the Mac’s firewall user interface, but less so than commercial options, or Murus Pro, which is packed with geeky features. What you get with Murus Lite is a straightforward, drag and drop interface to setup firewall rules. It’s point and click so you won’t have to get bogged down in firewall nomenclature or syntax. Click to view firewall rulesets and to modify the Mac’s built-in firewall to meet your security requirements.
Murus Lite looks inviting once it’s opened, but if you’re new to firewall management, use the few Presets. Otherwise, a click of each icon will reveal a list of options to manage both inbound and outbound (non-free version) ports with specific rules for each app or port. Here’s a visual example of how easy Murus Lite looks when opened, but how complex it can become, so I recommend reading up on macOS High Sierra’s built-in firewall.
They say that only the paranoid survive, and in a dog eat dog world where hackers can find their way into the most secure of secure computing systems and networks, it might pay to put up another line of defense by turning on the Mac’s built-in firewall, and learning how to use it with a GUI front end.
Murus Lite is free but limited to inbound filtering and logging, and five predefined presets. The not-very-expensive Murus Basic adds outbound filters and logs, port knocking and advanced filters, custom rules, a realtime firewall browser, and adaptive options. The even more expensive Murus Pro offers more. In fact, there’s a complete family of utilities designed around the Mac’s built-in firewall.
I love the logging option. You’ll be impressed and then depressed by how many outsiders are trying to get inside your Mac, only to be stymied by the Mac’s firewall.
The thing to understand here is that macOS comes with a capable firewall, but it’s turned off by default. Firewall management options in macOS are nominal at best, and cumbersome to convoluted if you venture into Terminal mode (not for the faint of heart). Murus is a graphical interface fronted for the Mac’s firewall which provides more granular controls for the more paranoid Mac user, but it’s not a replacement for the macOS firewall, just an easier way to make it work for you.