15 June 2021
Best overall: Little Snitch
Best value: Lulu
Easiest to use: Radio Silence
Most powerful: Murus
Best balance of cost and features: Vallum
1.磊 Avira Free Antivirus for Mac — Best for Overall macOS Protection in 2021. Avira Free Antivirus for Mac is my favorite free antivirus for Mac — it provides lightweight cloud-based malware scanning as well as more free features than any other brand on this list, including real-time protection, intuitive system tuneup tools, a surprisingly good password manager, and even a VPN! What is a firewall? Firewalls are software programs or hardware devices that filter and examine the information coming through your Internet connection. They represent a first line of defense because they can stop a malicious program or attacker from gaining access to your network and information before any potential damage is done. Lockdown is the world's first Open Source firewall for iOS - and now available on Mac! Lockdown allows you to block any connection to any domain and protecting your privacy across the web. — FEATURES — - Block any domain / service - Works for all apps, not just the browser - Useful preco.
Before buying a firewall for your Mac, you first have to decide whether you actually need one. Instinctively, you might think so. But macOS comes with a firewall built in - and by default, it’s turned off. Has Apple lost its mind or something?
The answer is ‘something’. Specifically the fact that Mac users generally don’t need any extra firewall software to be enabled. That’s partly due to the fact macOS doesn’t run services that listen for network connections. On top of that, your router will also have its own firewall, so in most cases you don’t need any extra protection. The combination of these factors is why Apple doesn’t make a big deal about the macOS firewall.
But there are times when a firewall app can be a handy thing to have on your Mac. One such case is when you’re connected to a public network - for example, if you hook your MacBook up to wi-fi in a hotel. In that scenario, you might be at risk of poor security or even a fake network.
Another good reason to use a firewall is to control which Mac apps can connect to the internet. That includes malware, which may try to send your data to hackers. The macOS firewall isn’t built to do this, but it is possible with PF (Packet Filter), macOS’s more advanced firewall that can only be controlled via the Terminal command line. If you want something more user friendly, you’ll need a third-party firewall.
Install Little Snitch, and whenever an app tries to connect to the internet, you’ll get a notification. You can then choose whether to allow the connection or to block it. And you can apply that decision once, or until you restart your Mac, quit the app or log out. You can also set it for a certain period of time or permanently.
When you choose to block or allow an app access to the internet, Little Snitch creates a rule. You can then edit these rules in the Little Snitch client. These rules are based not only on the app that’s trying to connect to the internet but also the domain it’s trying to connect to. So you could allow an app to connect to certain servers but not others.
Using Little Snitch’s built-in Network Monitor, you can view and analyze any processes that are showing network activity. And you want to avoid notifications, you can run Little Snitch in Silent Mode, which will allow or deny all connections. Although the focus is very much on outgoing connections, Little Snitch can also control incoming connections to a lesser degree.
The only snag is the price. It’s a little expensive but worth it if you need total control.
Little Snitch at a glance:
Pros: Lots of options that put you in control
Cons: A bit pricey and maybe too advanced for beginners
Price: From $45 for a single license
Trial: 30-day demo
Developer: Objective Development
Official website:obdev.at
Lulu works in pretty much the same way as Little Snitch. When it’s enabled, you receive notifications whenever an app tries to connect to the internet. You can then block or allow the connection, either temporarily or permanently. Lulu can either apply the rules based on processes or on the domain level.
After that, you can head into the app to edit your rules. As well as changing the block or allow status, you can delete rules altogether or add domains or ports to the rules. You also get a network monitor, so you can keep an eye on what Mac apps are doing what in real-time
Make no mistake: Lulu doesn’t offer the same level of control as in Little Snitch. But it also doesn’t cost $45. In fact, it costs nothing at all. It’s a completely free, open-source app.
Lulu is only meant to block outgoing connections, but you could pair it with the macOS firewall if you’re worried about incoming connections. It can run in a few different modes: Passive, Block and no icon. Block stops all traffic, while passive applies only existing rules.
Lulu at a glance:
Pros: Does a good job and is completely free
Cons: Not much control over temporary rule
Price: Free
Trial: N/A
Developer: Objective-See
Official website: objective-see.com
As its name implies, Radio Silence doesn’t make a big fuss. There are no notifications, prompting you to block or allow apps to access the internet. Instead, this stripped-back app does two things: it enables you to see what apps and processes are running on your Mac, and it lets you block them.
Once you’ve blocked an app, you go into the settings and delete the rule. But that’s pretty much it. You can’t edit the rules in any way, and you can’t apply them under set conditions. Apps are either allowed to go online or they’re not.
Although limited, Radio Silence is ideal if you only want to block one or two apps and allow everything else through. Plus it’s cheap, with a single licence costing just $9. Pay $49 for the team licence, and there’s no limit on users.
Radio Silence at a glance:
Pros: Simple and cheap
Cons: Very basic blocking features
Price: From $9
Trial: 24 hours
Developer: Juuso Salonen
Official website: radiosilenceapp.com'
Just like Little Snitch and Lulu, Vallum intercepts outgoing connections from your Mac’s various apps. But you can also set rules for inbound activity too.
When an app tries to connect to the internet, you get a notification. As with Little Snitch, you can apply rules once, forever or for preset times, like five minutes, the rest of the day or until reboot You can also configure elements of your rule, like target hostname or IP, port, protocol, and even the user. Once a rule has been created, you can edit and apply more advanced criteria. Stick to the basics, though, and it’s not difficult to use Vallum effectively.
Vallum’s interface is a little confusing, but it’s a powerful app, and it comes at a great price. Starting from $15 for a single licence, it’s much cheaper than Little Snitch, despite sharing many of the same features. It can also be bundled with its sister app, Murus, a powerful front-end for macOS’s built-in firewall and Packet filter.
Vallum at a glance:
Pros: Powerful despite the relatively low price
Cons: A bit confusing to get set up
Price: From $15
Trial: Unlimited trial, with popup reminder every four hours
Developer: Murus.it
Official website:vallumfirewall.com
Murus is much more than just a simple connection blocker. The free Lite version only deals with inbound connections, but upgrade to Murus Basic or Pro, and it’s a completely different ball game. Not only can you configure rules for inbound and outbound connections, you have access to advanced filtering, port management, bandwidth management and much more.
If anything, Murus Pro is too powerful. The number of features and settings in the pro version is dizzying. While some users may benefit from features like port knocking, adaptive firewall, NAT and so on, most ordinary uses risk being overwhelmed. The Network Filter Configuration wizard helps a bit, though. And to be fair to Murus, it’s much easier to use than typing commands into Terminal.
Provided you know what you’re doing, though, Murus Pro is definitely worth checking out - especially as it comes with Vallum bundled in with it. It’s certainly not for the light-hearted, but if you want serious control over your Mac’s inbound and outbound connections, Murus Pro could be right for you.
Before you buy either Murus Pro or Vallum, though, you should know Murus.it has also released a hybrid firewall app called Scudo. This is designed as an alternative to both Muros and Vallum. At the moment, it’s in beta, so you might want to wait for a full release before buying it.
Murus Pro at a glance:
Pros: A rich feature set at a good price
Cons: Possibly too complicated for beginners
Price: From $10
Trial: Unlimited trial, with saving disabled
Developer: Murus.it
Official website: murusfirewall.com
What to look for in a Mac firewall
Firewalls For Mac Computers
When choosing a Mac firewall, one of the first things you should consider is what you need it for. Key things to think about include:
- Whether you want to control inbound, outbound, or both types of connection. The macOS firewall is focused on inbound connections, and you need to use Terminal commands or a third-party app if you want to do more.
- Ease of use. If you can set up new rules without digging through tons of different menus, that’s ideal. More advanced software is great, but if you don’t know what you’re doing, it’s only likely to confuse you.
- How much control you get over rules. Some apps only let you block apps, with no more options than that. Others enable you to see more specific rules, like particular domains that are blocked or allowed.
- Cost. If you’re happy with the features in a free or low-cost firewall for your Mac, why spend more?
Which Mac firewall is the best in 2021?
Because Mac users don’t usually need firewalls to protect them from inbound connections, application-level firewalls that stop outbound connections are generally the best choice. Little Snitch is excellent but expensive. Radio Silence, meanwhile, is cheap and easy to use but offers limited control. Vallum does a good job too, and it’s substantially cheaper than Little Snitch. For many people, however, Lulu is more than good enough, and it’s completely free.
That said, none of these Mac firewalls are overly expensive, and they’re all great in their own particular ways. They all have free trials, and we strongly recommend trying them out before making a purchase.
FAQ
Do Mac owners need to use a firewall?
Usually, no. That’s why the built-in one is turned off by default. macOS isn’t generally vulnerable to rogue incoming connections, and most people have a firewall enabled on their router anyway.
How do you enable the macOS firewall?
To turn on the macOS firewall, head to System Preferences, and select Security & Privacy. Click the Firewall tab, then click the padlock near the bottom. Enter your username and password, so you can make changes in System Preferences. Now click Turn On Firewall. You can configure it by clicking the Firewall Options and Advanced buttons. You can also control Packet Filtering using text commands in Terminal.
There are a lot of firewall options out there, and deciding which is best for your home or network is a daunting task filled with advertising, reviews, and annual commitments. It is very time consuming trying to pick the best solution for any given home or home network.
Congratulation, the firewall on the Apple Mac OS X is now enabled. Mac Computers Fall Prey to Flashback Trojan. With the ever-growing volume of malicious software attacks on Mac computers, Mac users no longer feel their computers are safe from Internet security risks. The Flashback Trojan virus has affected over 700,000 users. Make sure you have updated to Mac OS X v10.5.1 or later. Then, use these steps to enable the application firewall: Choose System Preferences from the Apple menu. Click the Firewall tab. Choose what mode you would like the firewall to use. Firewalls monitor and regulate the data moving on and off your computer or network. They can keep criminals out while allowing legitimate network traffic in. Mac OS X comes with not one but two. Download Network Firewall Software Mac Software Advertisement ProteMac NetMine v.2.0.49 ProteMac NetMine is a network firewall for Mac OS X which control applications network activity on Your Mac!
The first decision that you have to make is whether you want a hardware firewall or a software firewall. A hardware firewall is a physical device that is attached to your network while a software firewall is installed on each of your computers, phones, or tablets.
You can have both a hardware firewall and a software firewall at the same time for increased security at the cost of increased maintenance as well as a possible performance penalty. More on that later.
Hardware Firewalls
A hardware firewall is a lot like a router, but with many more features. Indeed many routers have a hardware firewall built in, but the vast majority of them are severely lacking in their depth of control and features.
Hardware firewalls are great because they allow you to protect your entire network with a single device. They are physically installed on your network and can be made very tamper proof by physically locating them somewhere that is difficult to access. Installing a hardware firewall is usually accomplished by disconnecting a network cable between your cable modem and your router and putting the hardware firewall in between. That way the hardware firewall forms a physical barrier between your home network and the internet able to block both incoming and outgoing packets as needed. Since a hardware firewall is a dedicated networking device it is usually very fast at passing network data and should not have any negative performance impact on the speed of your network.
However, since hardware firewalls are not installed on your computer or phone they are not able to actually inspect the traffic that is flowing through them. As more and more sites move to HTTPS most internet traffic is highly encrypted, which means that a hardware firewall is not able to examine the content that is being pulled. This means that while a hardware firewall is excellent at blocking certain sites based on a blacklist it is usually a very poor choice for filtering traffic based on the actual content.
Hardware Firewalls
- Can a hardware firewall block all of facebook.com? Yes.
- Can a hardware firewall block pages that contain the word facebook? No.
If your primary concern for a firewall is to prevent snooping by modern Smart TVs or other nefarious little monitoring devices that seem to be showing up everywhere then a hardware firewall is an excellent choice. Since the firewall sits between your network and the internet it is able to block connections from any device you own without any modifications to that device. You can setup allowed and disallowed devices and rest in peace knowing that there is no way that your smart refrigerator is sharing your seedy kitchen banter with the NSA.
Another feature of hardware firewalls is that they are frequently free to use after the initial purchase. This does depend on the feature set that you are looking for. The more complex hardware firewalls come with a variety of online components and updates that will usually have an annual or monthly fee, but the more simple devices that offer basic whole network protection do not have a monthly fee since there is no real service integration.
This lack of a monthly fee can be a good thing and it can be a bad thing. Of course it’s a great thing that there’s no monthly fee, but it might be easy to forget about the firewall and have the rules get out of date. A firewall that was setup a few years ago may not be aware of today’s threats. A firewall service agreement ensures that your hardware firewall is kept up to date without any maintenance on your part.
When it comes to protecting kids by limiting their access on the internet a hardware firewall is a bit of a challenge to use correctly. While it’s easy to block certain websites it’s impossible to block all restricted content due to the nature of encrypted traffic. A hardware firewall offers excellent time of day blocking and total daily access limits to individual devices, but not to individual users.
In addition, more creative kids are able to bypass a hardware firewall by either disabling their Wi-Fi or switching to cellular data, or by hoping on a neighbors open Wi-Fi connection. If protecting your kids is highest on your list for a firewall feature, then a hardware firewall is most likely not the right choice.
Here’s a rundown of what a hardware firewall is good and bad at:
Hardware Firewalls - The Good
- In control of 100% of the traffic on your network.
- Excellent at blocking entire websites and categories of websites.
- Able to restrict access on gaming consoles, phones, Smart TV, and your kitchen refrigerator if you have that fancy of a kitchen refrigerator.
- Relatively easy to install since there is a single device that needs to be physically added to your network.
- Possibly cheaper because they frequently do not have monthly or annual fees.
- Almost impossible to hack or disable if physically located in a secure spot.
- Exceptionally fast and should not affect network performance at all.
- Very good at limiting a devices total internet time or traffic.
- A single point of installation means less overall maintenance in the long run.
- Can also function as a whole house ad block.
Hardware Firewalls - The Bad
- Not able to filter network traffic based on content.
- Not able to restrict access based on user, only based on device.
- While usually easy to install some networks may be setup in a way that prevents installation challenges since the devices physical location must be between the internet and the home network.
- Easy to bypass on roaming devices like tablets and phones.
- Usually offer very limited logs and very limited instant alerts based on user activity.
Remember that a router does not count as a hardware firewall.
The vast majority of the time a router is not a proper hardware firewall. It is a common misconception that just because you have a router on your network you do not need a firewall. This is not true. All routers are very good at preventing unwanted incoming connections due to the way that implement routing in a process called NAT, or Network Address Translation. While this is not truly considered a firewall it is an exception piece of automatic security that your network gets when you add a router.
Software Firewalls
Mac Firewall Settings
A software firewall is a product that is installed on your computer, phone, or tablet. Since it is installed locally on the device it has much better access and control over what your device can and cannot do.
While hardware firewalls block traffic that attempts to leave your network software firewalls block traffic that attempts to leave your device. This means that software firewalls can be used to prevent certain users or devices from accessing devices on your network, not just devices on the internet. If you want to limit access to a printer then a software firewall might be the best choice.
Windows 7 and later and Mac OS X all contain a built in software firewall that is very capable of blocking software from accessing the internet based on time of day, which user is logged in, or which application program is attempting to talk on the network. These built in firewalls lack many of the advanced features that people need for managing their home network so it is common to supplement or replace them with aftermarket solutions.
More advanced, and usually expensive, software firewalls are able to offer a significantly greater granularity of control over what kind of access a device or user is allowed. Since they are located on the device they are able to inspect all traffic, including encrypted HTTPS traffic, and filter which data is allowed through based on content. Where a hardware firewall is only capable of blocking by website or domain name, a software firewall can block offending content based on keywords contained in that content.
Software Firewalls
Apple Mac Firewall
- Can a software firewall block all of facebook.com: Yes.
- Can a software firewall block pages that contain the word facebook: Yes.
If your primary concern for a firewall is cyber security for yourself or your kids then a software firewall makes an excellent choice. They almost always come with a subscription service that renews either monthly or annually, and many of them come with a family pack option that allows you to install them on up 10 or more computers.
Most cyber security suites offer a great web portal to manage all of your users, devices, and rules either from home or abroad. This makes it pretty easy to manage the protection on your devices once the software has been installed and setup properly. Many of these packages include excellent log analysis and user monitoring, including features like sending an alert to your phone when an attempted access is blocked. The sense of connectivity and awareness in a full cyber security suite is certainly one of the bestselling points for this type of firewall setup.
However, if you are interested in blocking access to the internet for gaming consoles, Smart TV, or other connected devices then a software firewall simply is not able to help with that. Since a device on your network contacts the internet directly through your router there is no way for software on your computer to block that access. The software would have to be installed on the device that you want to block and that’s just not available on most devices.
In addition many software firewall products are not compatible with Windows, Mac, Android, Chrome Os, Kindle, and iOS devices. This means that if you have a variety of devices in your house, which many people do, you might have to install different products on different devices which can get not only costly but quite inconvenient to maintain. Imagine rounding up all of your kid’s phones, tablets, Chromebooks, and laptops and installing or updating their firewall software, rules, and settings for multiple products. It’s a very large time commitment to keep everything working. Hardware firewalls are starting to look a lot better all of a sudden.
Many software firewalls are resource intensive and can have a huge performance penalty on your device. Fast computers and laptops may not notice as much but the limited resources of Android and iOS devices are especially susceptible to slowdowns after installing a software firewall.
You are not going to find any good software firewalls with cyber security type features built in for free. If you go the software firewall route then plan on a monthly or annual fee. The most expensive packages are in the $10 / month range, while the cheapest are going to set you back about $30 / year. This fee is for maintain the rules and definitions that your firewall needs to know what sites and content to block, as well as offering the web based portal to manage all of your devices from a central location.
Here’s a brief summary of the good and bad parts of a software firewall:
Software Firewalls - The Good
- Much greater granularity of control because it is installed on each device.
- Has ability to block based on not only site name but also content.
- Usually has excellent reporting and alerts.
- Much better for cyber security with kids.
Software Firewalls - The Bad
Software Firewall For Mac
- Needs to be installed on every single device you own.
- May not be supported on every device.
- Not available for gaming consoles, Smart TV, or other network devices.
- Can make your computer or device run slower, sometimes much slower.
- Tend to be more costly in the long run.
Software Firewalls
Which Firewall is the Best
Now that you have an idea of what each type of firewall does best at you are ready to decide which firewall is right for you. For that head over to our guide How to Choose a Firewall for more information on what type of firewall is the best choice for your network.
Application Firewall Free Mac
Software Firewall For Mac
One more thing to keep in mind is that you can always run both a hardware firewall and a software firewall at the same time. The hardware firewall will not slow your computer down at all, and it will add protection to gaming consoles and other network devices, as well as provide a whole house ad blocker. Each computer, tablet, or phone can add on its own dedicated software firewall to offer content based protection. This is a popular option for parents who may not need or want much filtering on their own devices but feel the need to protect their children from various dangers on the internet.