A: Well, before I answer, let us take a step back to discover what a firewall does.
A firewall may be a hardware box located on your network, or software installed on your device. The purpose of a firewall is to block unwanted traffic from entering the network or device, while allowing wanted traffic to pass in both directions.
The advantage of a hardware firewall is performance. It is able to manage vastly greater traffic than a software firewall, which is usually needed to protect a network of devices as is found in a home or business. However, it is also vastly more expensive with prices starting at around $500. Most internet modems and routers include a hardware firewall.
The advantages of a software firewall is cost and ease of use. They often are included with the device, and if they have a user interface, it usually is simple enough for even an untrained user to configure. macOS and Windows include a software firewall.
By “unwanted traffic” I mean traffic that has no reason to be present on your network or device. If it is present, at best the additional traffic will slow down your network or device, and at worst may be spying on the existing traffic (including usernames and passwords).
There are fundamentally two types of firewalls (for the pedantic amongst us, yes, I know there are many other types of firewalls, but let’s not get lost in the weeds).
The older type is rule-based. The network administrator manually configures settings based on the type of traffic (such as TCP or UDP–don’t sweat the details here), and the ports the traffic may or may not be granted access to. As there are 65,535 logical ports available, this can be a daunting task for any but highly trained administrators.
The newer type is a bit intelligent, usually called a Stateful Packet Inspection Firewall. It generally blocks any incoming traffic except for that which the user or device has already extended a welcome. For example, if the user opens a browser to Facebook, the Facebook servers can stream FB data back to the browser.
BACK TO THE ANSWER
For macOS, perhaps the best firewall for the device comes free with the operating system. macOS uses a stateful packet inspection firewall that requires minimal (if any) configuration. In fact, for most users, the only thing that need be done is to turn the firewall on! In my 37 years of IT consulting, I haven’t seen a need for another device firewall.
How to Enable the macOS 13 Firewall
- Open Apple menu > System Settings > Network > Firewall.
- Tap the switch to Enable the Firewall.
- Exit the System Settings.