How to Block All Incoming Network Connections in Mac OS X

Aug 28, 2013 - Leave a Comment

The OS X Firewall provides an optional ability to block all incoming network connections, offering a significant security boost to Macs that are located in untrusted networks or hostile network environments.

Block incoming network connections in Mac OS X

Because this is the strictest level of preventative network access possible in OS X through the built-in Mac firewall, the ideal usage is for situations where the default assumption would be to not trust any incoming network connection attempts. Accordingly, this is simply too strict to be practical for average users in most environments, but it is at least worthwhile knowing how to enable the feature should it become necessary at some point.

Blocking All Inbound Network Connections in OS X

This feature is available in all versions of Mac OS X:

  • Open System Preferences from the  Apple menu and choose the “Security & Privacy” panel
  • Select the “Firewall” tab and then click the lock icon in the corner to login and allow changes
  • Choose “Turn On Firewall” if it hasn’t been enabled yet, then choose “Firewall Options”
  • Firewall options allow you to control connection blocking

  • Select the topmost “Block all incoming connections” option

Block all incoming connections in Mac OS X with this firewall option

As noted by the preference panel, when enabled this blocks all network connections to the Mac, including all sharing services, all file sharing through networks, screen sharing, remote access, remote login, and remote connectivity through SSH and SFTP, iChat Bonjour, AirDrop file transfers, iTunes music sharing, ICMP requests and responses – literally everything that is inbound which is not required for basic internet connectivity and servicing.

Blocks Inbound Connections, Not Broadcasts

It’s important to note this setting will not prevent the Mac from broadcasting it’s presence on a network if certain networking features are enabled (like File Sharing, AirDrop, Samba for Windows sharing, etc) and it does nothing to prevent outgoing connections, it will only impact inbound connection attempts from all nonessential internet services. For a specific example; if a user left File Sharing turned ON but blocked all incoming connections with the firewall, the Mac would still show up on network scans, but nobody would be able to connect to it. If blocking the Mac from broadcasting it’s presence on a network is desired as well, simply go to the “Sharing” preference panel and turn off the services that are revealing it’s presence.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: Paul Horowitz in Mac OS X, Security, Tips & Tricks

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates