How to Block All Incoming Network Connections in Mac OS X

Aug 28, 2013 - 1 Comment

The OS X Firewall provides an optional ability to block all incoming network connections, offering a significant security boost to Macs that are located in untrusted networks or hostile network environments.

Block incoming network connections in Mac OS X

Because this is the strictest level of preventative network access possible in OS X through the built-in Mac firewall, the ideal usage is for situations where the default assumption would be to not trust any incoming network connection attempts. Accordingly, this is simply too strict to be practical for average users in most environments, but it is at least worthwhile knowing how to enable the feature should it become necessary at some point.

Blocking All Inbound Network Connections in OS X

This feature is available in all versions of Mac OS X:

  • Open System Preferences from the  Apple menu and choose the “Security & Privacy” panel
  • Select the “Firewall” tab and then click the lock icon in the corner to login and allow changes
  • Choose “Turn On Firewall” if it hasn’t been enabled yet, then choose “Firewall Options”
  • Firewall options allow you to control connection blocking

  • Select the topmost “Block all incoming connections” option

Block all incoming connections in Mac OS X with this firewall option

As noted by the preference panel, when enabled this blocks all network connections to the Mac, including all sharing services, all file sharing through networks, screen sharing, remote access, remote login, and remote connectivity through SSH and SFTP, iChat Bonjour, AirDrop file transfers, iTunes music sharing, ICMP requests and responses – literally everything that is inbound which is not required for basic internet connectivity and servicing.

Blocks Inbound Connections, Not Broadcasts

It’s important to note this setting will not prevent the Mac from broadcasting it’s presence on a network if certain networking features are enabled (like File Sharing, AirDrop, Samba for Windows sharing, etc) and it does nothing to prevent outgoing connections, it will only impact inbound connection attempts from all nonessential internet services. For a specific example; if a user left File Sharing turned ON but blocked all incoming connections with the firewall, the Mac would still show up on network scans, but nobody would be able to connect to it. If blocking the Mac from broadcasting it’s presence on a network is desired as well, simply go to the “Sharing” preference panel and turn off the services that are revealing it’s presence.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: Paul Horowitz in Mac OS X, Security, Tips & Tricks

One Comment

» Comments RSS Feed

  1. A good way is to:

    1. not block all connections.
    2. enable stealth mode.
    3. not allow signed (or built-in starting with Sierra) software to automatically accept incoming connections. This is an insecure luxury and assumes all registered developers are honest people. While most probably are, why take the risk?

    Then specifically allow or disallow connections on request as they come in. You have to do this only once for each application.

    Unless you have compelling reasons to allow them, you may also want to block netbiosd (incoming requests from MS Windows), httpd (incoming requests for your web server which you are probably not running), and gamed (incoming requests from the Apple Game Center).

    I am not a security expert, but have been using the Mac since 1984 and read some about security issues.

    Thanks for your article.

Leave a Reply


Shop on and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks


iPhone / iPad



Shop on Amazon to help support this site