Contribute
Register

What is a good firewall for MacOS?

Joined
Aug 27, 2011
Messages
48
Motherboard
Gigabyte Aorus Gaming 7 Z370
CPU
i7 8700k
Graphics
GTX 1070
Mac
iMac
Mobile Phone
Android
I have been trying to figure out what is good firewall for MacOS that will allow me to Allow or Deny incoming/outgoing connections as needed for programs, etc.

Is Little Snitch any good? What about Hands Off? They are both comparable in prices. Little Snitch is $45 versus Hands Off being $50.

What is your take on which one is better? Any advice would be great.

Thanks.
 
Joined
Aug 27, 2011
Messages
48
Motherboard
Gigabyte Aorus Gaming 7 Z370
CPU
i7 8700k
Graphics
GTX 1070
Mac
iMac
Mobile Phone
Android
Just general protection for incoming/outgoing connections. I don't particularly care for programs, etc. that keep sending outgoing connections or trying to connect incoming. I have nothing to hide... I just don't prefer the apps that do this all the time when it isn't needed.

I have been reading up on both. I am leaning towards purchasing Little Snitch. It sounds like a really good one and an easy interface to deal with. I especially like that it will let you choose each connection or auto deny.
 

jaymonkey

Moderator
Joined
Aug 27, 2011
Messages
2,615
Motherboard
ASRock-Z97 EX6
CPU
i7-4790K OC @ 4.8GHz
Graphics
Vega 64LC + HD4600
Mac
MacBook Air, MacBook Pro
Mobile Phone
Android, iOS
+1 for Little Snitch

Been using it for years across many different versions of OSX/MacOS on multiple hackingtosh systems and genuine Macs.
Always very reliable and stable, low on resources and very easy to use ... highly recommended.

Cheers
Jay
 
Joined
Mar 31, 2019
Messages
18
Motherboard
ASROCK Z370M PRO4
CPU
i5-8500
Graphics
570 RX
Mac
MacBook Pro
@bradmoye another option is a hosts file or something like pihole (I know, weird name). You can stop the requests right on your machine or network before they go anywhere, and you don't have to click accept/deny or manually curate rules all the time. It's crazy keeping up with some of these apps and what they load!
 
Joined
Nov 12, 2016
Messages
20
Motherboard
Gigabyte Z170x Designare
CPU
Intel i7-6700k
Graphics
Gigabyte Aorus GeForce GTX-1080 ti extreme
Mac
iMac
Mobile Phone
iOS
+1 for Pi-hole. I run it on a dedicated Raspberry Pi to which the router directs all DNS requests. The Pi then passes on whitelisted requests upstream and puts everything else in the sinkhole. That way all devices on your LAN/WLAN are filtered through the Pi-hole without having to install (or license) any software on your devices. It "just works" and, subjectively, many ad-heavy sites run faster.

You can always whitelist sites that don't use ads excessively (such as this one, which I have whitelisted!).
 

pastrychef

Moderator
Joined
May 29, 2013
Messages
8,986
Motherboard
Asus ROG Strix Z370-G Gaming (Wi-Fi AC)
CPU
i9-9900K OC'd @ 5.0GHz
Graphics
Vega 56
Mac
MacBook, Mac Pro
Classic Mac
iBook, Power Mac, PowerBook
Mobile Phone
iOS
Just general protection for incoming/outgoing connections. I don't particularly care for programs, etc. that keep sending outgoing connections or trying to connect incoming. I have nothing to hide... I just don't prefer the apps that do this all the time when it isn't needed.

I have been reading up on both. I am leaning towards purchasing Little Snitch. It sounds like a really good one and an easy interface to deal with. I especially like that it will let you choose each connection or auto deny.
If you just want to block apps from making connections, I think something like Radio Silence, Focus, or Murus is better than Little Snitch or Hands Off!.

Personally, I found both Little Snitch and Hands Off! to be really annoying. When first setting it up, it kept asking me to give permissions for access. It got tired real fast. I assume that it would lessen over time once most settings have been established, but I found simply blocking apps a much less intrusive and less disruptive way to do it.
 
Joined
Sep 21, 2013
Messages
446
Motherboard
GA-Z370 AORUS Gaming 7-F13v2
CPU
i7-8700K OC 4.5 GHz
Graphics
RX 580
Mac
MacBook, MacBook Pro, Mac mini
Classic Mac
Classic, iBook, Performa, Power Mac
Mobile Phone
Android, iOS
My $0.02 USD: Before you connect your computer to the innerwebs, turn on Apple's built-in firewall. It's the first thing I do whenever I do an OS install. If you're running a DAW setup on 10.13.x or higher, run ethernet instead of WiFi. -I'm also using an Airport (AEBS) as a router that also has a firewall. I've disabled a lot of built-in data mining options in the OS. You can go into System Preferences<Security & Privacy and set that up. Disable Spotlight Suggestions and the same in Safari; really anything that's prefetching data. If you're a Firefox user, there are some great hardening options to employ, including No Script.

The Pi Hole option is a favorite. You can also turn an old Mac into a VPN. I haven't done that yet. I do miss "Snort" an NIDS that I can still run on a PPC Mini and Tiger 10.4.11.
 

Attachments

Last edited:
Top