Choosing the 'right' firewall settings in OS X
While the firewall in OS X is meant to be straightforward and simple, the idea of which settings are preferred can be a little confusing.
We recently wrote about Mac OS X's various security options. After we published those articles, a few readers asked if we could tell them what settings they should routinely use for OS X's firewall. While the firewall in OS X is supposed to be straightforward and simple to use, the idea of selecting preferred settings can be confusing.
In a comment on one of our articles, reader "orgrsl" asks:
"I've always been baffled by the various Firewall settings...Right now I've got the firewall turned on and set to 'block all incoming connections' and 'stealth mode', which sounds the safest to me, but I don't really know. Everything seems to work just fine and and I've had no problems at all accessing any websites, but I really don't know if that's the 'right' setting for me. (I currently don't share anything on my Mac, but I know that I have to deselect 'block all incoming connections' if I need to.)"
The simple answer is that the right setting is the one that enables the most firewall features while still allowing you to do what you need to do. The easiest way to do this is to enable the firewall and put it on its highest security settings. You then only reduce these settings if you run into problems with programs that need to access the network.
10.6 Snow Leopard:
Go to the Firewall tab of the Security system preferences. Make sure the Firewall is on. Click "Advanced..." (you may need to authenticate with your username and password first), then check the box that says: "Block all incoming connections." The reason this is not the default setting is that you will prevent many network applications from functioning; however, it is the safest setting.
Go to the Firewall tab of the Security system preferences and click the middle option to allow only the essential services. You can also enable "Stealth Mode" by clicking the Advanced button.
With these settings enabled, try running the programs and services you use to see if you run into problems. If you do, you can change the settings to allow only specific services and applications.
To do this in 10.6 Snow Leopard, uncheck the option to "Block all incoming connections" and then remove all applications in the list. In 10.5 Leopard, you will need to select the last option to set access for specific services and applications. You will not be able to remove system sharing services, which are listed above the horizontal line, directly from the firewall. However, you can disable them in the Sharing system preferences.
After the firewall is set up with no applications added, close the system preferences and continue to use your system as usual. If an application needs to access the network, OS X will prompt you to add it to the firewall. We recommend that people use this setting, which is the default for OS X, and then periodically examine the list of approved applications in the firewall settings and remove any you don't use or recognize. This will lets you maintain a little control over what is being granted network access on your system.