Block connections to your Mac with a firewall
A firewall can protect your Mac from unwanted contact initiated by other computers when you’re connected to the internet or a network. However, your Mac can still allow access through the firewall for some services and apps. For example:
If you turn on a sharing service, such as file sharing, macOS opens a specific port for the service to communicate through.
An app or service on another system can request and be given access through the firewall, or it might have a trusted certificate and therefore be allowed access.
For greater control, you can select apps and services, and specify whether they can have access through the firewall.
Turn on firewall protection
On your Mac, choose Apple menu > System Settings, click Network in the sidebar, then click Firewall. (You may need to scroll down.)
Turn on Firewall.
To specify additional security settings, click Options and do any of the following:
Allow only specified apps and services to connect: Click the Add button , then select the app or service in the dialog that appears.
Allow only essential apps and services to connect: Turn on “Block all incoming connections.”
Automatically allow built-in software to receive incoming connections: Turn on “Automatically allow built-in software to receive incoming connections.”
Automatically allow downloaded signed software to receive incoming connections: Turn on “Automatically allow downloaded signed software to receive incoming connections.”
Make it more difficult for hackers and malware to find your Mac: Turn on “Enable stealth mode.”
Set firewall access for services and apps
On your Mac, choose Apple menu > System Settings, click Network in the sidebar, then click Firewall. (You may need to scroll down.)
Click Options.
If the Options button is disabled, first turn on Firewall.
Click the Add button under the list of services, then select the services or apps you want to add. After an app is added, click its up and down arrows and choose whether to allow or block connections through the firewall.
Blocking an app’s access through the firewall could interfere with or affect the performance of the app or other software that may depend on it.
Important: Certain apps that don’t appear in the list may have access through the firewall. These can include system apps, services, and processes, as well as digitally signed apps that are opened automatically by other apps. To block access for these programs, add them to the list.
When your Mac detects an attempt to connect to an app you haven’t added to the list and given access to, an alert message appears asking if you want to allow or deny the connection over the network or internet. Until you take action, the message remains, and any attempts to connect to the app are denied.