Is Apple's Firewall Still Valid

pcarrington · December 23, 2025, 3:34pm

I’ve seen written that Apple’s Firewall is not needed to be active any more. That sounds antithetical to logic. Any thoughts are appreciated as macOS has gotten to be more mysterious moving forward. Thank you. Patrick

ddmiller · December 23, 2025, 5:00pm

Almost everyone is using a Mac behind a NAT router (e.g., a router typically set up to share a single public IP address from an internet service provider with multiple computers and devices with private addresses within a local area network), and these routers have very effective firewalls. If for some reason your Mac is directly connected to the internet, then activating the firewall in MacOS is probably critically important. Otherwise, probably not so much.

Halfsmoke · December 23, 2025, 5:30pm

If you want to do some testing of your setup with and without the macOS firewall, a browser-based, long-standing port scan test is Shields Up:
https://www.grc.com/shieldsup

Shamino · December 23, 2025, 9:14pm

But NAT is only for IPv4. If your ISP issues you an IPv6 address block (as Comcast/XFinity does), macOS will work with your router to generate a global IPv6 address, which is not translated.

Now, given the size of IPv6 blocks (Comcast gives me a 64-bit block), nobody is going to find your IP address by brute force, but a malicious or compromised web server can take your address (that you used to request a page) and try to attack you via that address.

I assume this is rare, or we’d be hearing about it in the news, but as far as I’m concerned, that’s enough to make me keep my firewall turned on.

Also note that even with IPv4, if you connect to a publicly-accessible LAN (e.g. a coffee shop, or hotel or school network), you may be visible to other people on that LAN.

MacDrew2000 · December 26, 2025, 4:37pm

And if you don’t have a separate guest Wi-Fi network (that is isolated from your primary Wi-Fi network), any friend/family member who connects to your network with a compromised device would then pose a risk to your Mac if you have the firewall turned off. (I would stronly recommend having a separate, isolated guest Wi-Fi network.) I don’t have any reason to trust that all of my relatives have laptops that are malware free.

mschmitt · December 26, 2025, 6:35pm

If you turn on a VPN, you lose the router’s protections.