How to Open Firewall Ports on a Mac

Introduction

It can be frustrating when a piece of software has problems getting online, and you're requested to check your networking configuration, or to 'open ports'.

This guide hopes to help demystify network security on your Mac, and help you check what settings are in place, to be certain nothing is causing problems.

macOS Firewall Security.

1 Port-Based vs. App-Based

Today's modern computers no longer rely on you, the user, to know the inner workings of computer networking to setup secure communications. Instead, they work on a 'model of trust' related to the application itself.

IPs and Ports

The way computers talk to each other on the Internet and home networks is through Internet Protocol (IP) addresses and Ports.

An easy way to think of this is a block of office buildings.

  • Each building has an address; just like each home on the Internet has a public IP address.
  • Each business inside the office building has a suite number; just like each computer has a private IP address.
  • Each office or desk in the suite has a number; just like each program has ports it uses.

Example of office building metaphor.

For example, if you wanted to write a letter to someone in Building 101, Suite 300, Office 2, you'd probably put the following on the envelope:

Building 101
Suite 302

The Postal Service would take care of getting the mail to Building 101. From there, the office mail would take care of getting the mail up to the third floor, and into office two.

Computers work in the same way. Each bit of data, or letter, is called a packet. Each packet has an address. For the exact same example, using the computer numbers on the right instead:

34.56.78.101::192.168.0.3:443

Your Internet Service Provider (ISP), would take care of getting that packet to the home network's public IP (34.56.78.101). From there, the router in your home would take care of getting that packet to computer 192.168.0.3. Then, the computer itself would receive it, and any program listening on port 443 would hear the message.

Your computer does this dozens of times for every web page you visit, for example. Once for each image, the page itself, etc. It does it thousands, if not millions, of times for the various bits of the video you watch, or audio you listen to, or game you play.

The Application Firewall Model

Recently, computers have become much, much faster, and the way they work has changed such that they can do multiple tasks at once. This has allowed a new way of looking at network security to become a reality.

Rather than the computer just assuming everything that's running is allowed unrestricted access to network resources, or just allowing everything unrestricted communication, there can be some checks put in place that don't impact how the computer works, or slow things down.

To use our office metaphor: Another person was hired to check the mail on each floor, and weed out the junk mail and malicious packages; a security guard who watches the communication going on.

That security guard keeps track of who's in the office, and if those people are to be trusted, and how much trust to give them. The CEO's mail may go in and out without so much as a second glance, but the temp in accounting would probably fall under a lot more scrutiny and not be allowed to use the company resources quite so freely. The same thing happens under the Application Firewall Model.

On your computer, the firewall no longer assumes you know everything about every program you use and how it communicates. Instead, you can choose to trust the application itself, and what it can and cannot do in general.

For example, a chat application. You want to be able to chat with your friends and family using it. The first time it tries, the firewall steps in and blocks it, but asks you if that's okay, and you allow it. You didn't need to know that the chat application uses ports 2700 and 80, you didn't need to know what endpoints it uses. You didn't need to know to allow those ports only when the chat application was open. The firewall takes care of all of that for you.

What This Means

The big benefit to this is it's now much easier for you to keep safe and secure online, because you just need to tell the firewall, once, what programs are and are not allowed access. You don't have to 'know' how that application works, or what program to visit to allow access on certain ports.

Everything starts out forbidden. When a program opens and makes a request, the firewall checks if the application is on its list.

  • If the application isn't on the list at all, you are asked if it's okay to access things.
  • If the application is already on the list as allowed, it's allowed access without bothering you, based on what you chose before or the defaults if Apple trusts the application.
  • If the application is already on the list but denied, it's denied access without bothering you.

What this means is you no longer have to worry about opening and closing ports to keep safe online. Just watch for the prompts from your firewall, read them, and allow or block access for the application as you need.

2 Firewall Setup

A firewall can help keep other computers from connecting to it when you don't want them to, such as when you're on the Internet or a network. However, it will still allow you to browse the web using Safari, for example.

  1. Choose Apple menu > System Preferences.
    screenshot of apple menu with system Preferences highlighted
  2. Click Security & Privacy.
    system Preferences with Security and Privacy highlighted
  3. Click Firewall at the top, then click the Lock icon in the bottom-left. Enter your administrator password to continue.
    security and privacy Preferences with firewall tab and lock icon highlighted
  4. Click on Turn On Firewall.
    firewall settings with turn on firewall button highlighted
  5. Click on Firewall Options...
    firewall settings with firewall options button highlighted
  6. By default, the Firewall is configured to allow most signed apps (those from Apple and trusted parties), and block unsigned apps. This will allow you to use your computer normally, and give you good protection from most threats. Just make sure the only two options selected are "Automatically allow built-in software to receive incoming connections" and "Automatically allow downloaded signed software to receive incoming connections".
    firewall settings with options for allowing built-in and signed software allowed highlighted
  7. Click OK at the bottom to exit Firewall setup.

We're here to help!

Connect to a Tech Pro

Call or chat with a Tech Pro 24/7.

It can be frustrating when a piece of software has problems getting online, and you're requested to check your networking configuration, or to 'open ports'.

This guide hopes to help demystify network security on your Mac, and help you check what settings are in place, to be certain nothing is causing problems.

macOS Firewall Security.

Today's modern computers no longer rely on you, the user, to know the inner workings of computer networking to setup secure communications. Instead, they work on a 'model of trust' related to the application itself.

IPs and Ports

The way computers talk to each other on the Internet and home networks is through Internet Protocol (IP) addresses and Ports.

An easy way to think of this is a block of office buildings.

  • Each building has an address; just like each home on the Internet has a public IP address.
  • Each business inside the office building has a suite number; just like each computer has a private IP address.
  • Each office or desk in the suite has a number; just like each program has ports it uses.

Example of office building metaphor.

For example, if you wanted to write a letter to someone in Building 101, Suite 300, Office 2, you'd probably put the following on the envelope:

Building 101
Suite 302

The Postal Service would take care of getting the mail to Building 101. From there, the office mail would take care of getting the mail up to the third floor, and into office two.

Computers work in the same way. Each bit of data, or letter, is called a packet. Each packet has an address. For the exact same example, using the computer numbers on the right instead:

34.56.78.101::192.168.0.3:443

Your Internet Service Provider (ISP), would take care of getting that packet to the home network's public IP (34.56.78.101). From there, the router in your home would take care of getting that packet to computer 192.168.0.3. Then, the computer itself would receive it, and any program listening on port 443 would hear the message.

Your computer does this dozens of times for every web page you visit, for example. Once for each image, the page itself, etc. It does it thousands, if not millions, of times for the various bits of the video you watch, or audio you listen to, or game you play.

The Application Firewall Model

Recently, computers have become much, much faster, and the way they work has changed such that they can do multiple tasks at once. This has allowed a new way of looking at network security to become a reality.

Rather than the computer just assuming everything that's running is allowed unrestricted access to network resources, or just allowing everything unrestricted communication, there can be some checks put in place that don't impact how the computer works, or slow things down.

To use our office metaphor: Another person was hired to check the mail on each floor, and weed out the junk mail and malicious packages; a security guard who watches the communication going on.

That security guard keeps track of who's in the office, and if those people are to be trusted, and how much trust to give them. The CEO's mail may go in and out without so much as a second glance, but the temp in accounting would probably fall under a lot more scrutiny and not be allowed to use the company resources quite so freely. The same thing happens under the Application Firewall Model.

On your computer, the firewall no longer assumes you know everything about every program you use and how it communicates. Instead, you can choose to trust the application itself, and what it can and cannot do in general.

For example, a chat application. You want to be able to chat with your friends and family using it. The first time it tries, the firewall steps in and blocks it, but asks you if that's okay, and you allow it. You didn't need to know that the chat application uses ports 2700 and 80, you didn't need to know what endpoints it uses. You didn't need to know to allow those ports only when the chat application was open. The firewall takes care of all of that for you.

What This Means

The big benefit to this is it's now much easier for you to keep safe and secure online, because you just need to tell the firewall, once, what programs are and are not allowed access. You don't have to 'know' how that application works, or what program to visit to allow access on certain ports.

Everything starts out forbidden. When a program opens and makes a request, the firewall checks if the application is on its list.

  • If the application isn't on the list at all, you are asked if it's okay to access things.
  • If the application is already on the list as allowed, it's allowed access without bothering you, based on what you chose before or the defaults if Apple trusts the application.
  • If the application is already on the list but denied, it's denied access without bothering you.

What this means is you no longer have to worry about opening and closing ports to keep safe online. Just watch for the prompts from your firewall, read them, and allow or block access for the application as you need.

A firewall can help keep other computers from connecting to it when you don't want them to, such as when you're on the Internet or a network. However, it will still allow you to browse the web using Safari, for example.

  1. Choose Apple menu > System Preferences.
    screenshot of apple menu with system Preferences highlighted
  2. Click Security & Privacy.
    system Preferences with Security and Privacy highlighted
  3. Click Firewall at the top, then click the Lock icon in the bottom-left. Enter your administrator password to continue.
    security and privacy Preferences with firewall tab and lock icon highlighted
  4. Click on Turn On Firewall.
    firewall settings with turn on firewall button highlighted
  5. Click on Firewall Options...
    firewall settings with firewall options button highlighted
  6. By default, the Firewall is configured to allow most signed apps (those from Apple and trusted parties), and block unsigned apps. This will allow you to use your computer normally, and give you good protection from most threats. Just make sure the only two options selected are "Automatically allow built-in software to receive incoming connections" and "Automatically allow downloaded signed software to receive incoming connections".
    firewall settings with options for allowing built-in and signed software allowed highlighted
  7. Click OK at the bottom to exit Firewall setup.
We use cookies on our website to enhance your experience, analyze site usage and support our marketing efforts. To learn more, visit our Privacy Policy. By clicking “Accept”, you agree to our use of cookies and similar technologies.
Accept