What is a MIDI Network Directory, and why is the connection refused?
Solution 1:
There are two categories of participants or contacts that will show in the window labelled "Directory". In one category are all the computers automatically discovered on the local network using Apple's Bonjour, a.k.a. mDNS or Zeroconf. These are displayed with a green dot icon. In the other category are computers added manually as contacts using the '+' button. These are displayed with the icon of a Rolodex-type contacts card (though on some versions of macOS, this icon may not display).
Though it's not explained very well, the setting "Only computers in my Directory" refers only to the latter, manually-added contacts. This provides some level of security, so that not just anyone on your local network can join your MIDI session, which would be the case if all automatically-discovered computers were allowed, as happens with the "Anyone" setting.
Whether the "Anyone" setting is safe depends on your threat model. If you were giving a concert at a club, using its shared public WiFi connection, an audience member could join their laptop and control your equipment during the performance. Whether that's a bad or good thing is a matter of opinion.
There is no setting for "Only computers in my local network". The "Anyone" setting would allow anyone on the Internet to connect, if the session's port is open or forwarded in the router. Again, this may or may not be what you want. There aren't any known vulnerabilities in Apple's MIDI Network tools that would allow a remote computer to take over your computer or network, so barring that, they only thing they can do is send and receive MIDI.
In order for the "Only computers in my Directory" setting to work, you must manually add the other computer to your Directory, even if you already see it via Bonjour. In that case, you'll end up with two entries for the same computer/port, one with a green dot, and one with a contact card icon and a "reconnect" checkbox. The other computer must also manually add your computer to its Directory. You can put whatever you want in the "Name" field. Typically you'll be using a private network (e.g. 192.168.*.*) and not have domain names, so you need to enter the IP numbers in the "Host" field. This can be a problem if you're using DHCP to obtain the IP numbers, and the numbers change. You can't use the Bonjour names like myMac.local, presumably because anyone on the local network can set their own Bonjour machine name and thus could gain access to your MIDI session.
The system provides only a rudimentary type of authentication using IP numbers rather than passwords or keys. This keeps it simple, and the risks are relatively low, because generally the worst that could happen is some intruder could ruin your music performance. It is not recommended to use the MIDI Network to control hospital equipment, nuclear reactors, or giant robots, though I've done at least one of those things.