How to Block All Incoming Network Connections in Mac OS X
The OS X Firewall provides an optional ability to block all incoming network connections, offering a significant security boost to Macs that are located in untrusted networks or hostile network environments.
Because this is the strictest level of preventative network access possible in OS X through the built-in Mac firewall, the ideal usage is for situations where the default assumption would be to not trust any incoming network connection attempts. Accordingly, this is simply too strict to be practical for average users in most environments, but it is at least worthwhile knowing how to enable the feature should it become necessary at some point.
Blocking All Inbound Network Connections in OS X
This feature is available in all versions of Mac OS X:
- Open System Preferences from the Apple menu and choose the “Security & Privacy” panel
- Select the “Firewall” tab and then click the lock icon in the corner to login and allow changes
- Choose “Turn On Firewall” if it hasn’t been enabled yet, then choose “Firewall Options”
- Select the topmost “Block all incoming connections” option
As noted by the preference panel, when enabled this blocks all network connections to the Mac, including all sharing services, all file sharing through networks, screen sharing, remote access, remote login, and remote connectivity through SSH and SFTP, iChat Bonjour, AirDrop file transfers, iTunes music sharing, ICMP requests and responses – literally everything that is inbound which is not required for basic internet connectivity and servicing.
Blocks Inbound Connections, Not Broadcasts
It’s important to note this setting will not prevent the Mac from broadcasting it’s presence on a network if certain networking features are enabled (like File Sharing, AirDrop, Samba for Windows sharing, etc) and it does nothing to prevent outgoing connections, it will only impact inbound connection attempts from all nonessential internet services. For a specific example; if a user left File Sharing turned ON but blocked all incoming connections with the firewall, the Mac would still show up on network scans, but nobody would be able to connect to it. If blocking the Mac from broadcasting it’s presence on a network is desired as well, simply go to the “Sharing” preference panel and turn off the services that are revealing it’s presence.