Firewall for outgoing connections

macos firewall

Is there a firewall for OSX Lion, that allows controlling of outgoing connections? The built in firewall handles only incoming connections, apparently.


Solution 1:

Please see the 2020 and 2021 edits below.

The original answer, unchanged:

What you are referring to as "the built-in" firewall is actually the built-in Application Firewall.

There two other built-in firewalls in OS X Lion, pf and ipfw (the latter is being replaced by pf, but still exist in Mountain Lion). These can handle both incoming and outgoing connections and are typically controlled through command line scripts and settings. However, there are third party GUIs for these firewalls, e.g. IceFloor (for pf); WaterRoof and NoobProof (for ipfw). All these GUIs are free.

There is also third party software that can work as firewall, but doesn't use the built-in OS X firewalls. Examples are Litte Snitch and Hands Off (both paid). These can handle both incoming and outgoing connections.

You should be aware that there is some learning curve for these pieces of software, as their settings are not as simplified as the built-in Application Firewall. Little Snitch or Hands Off could be easier to use compared to pf or ipfw or their GUIs.

2020, first edit: ipfw is not being used in the current versions of MacOS. New (since the original answer from 2013) frontend of pf is Murus firewall (has free version with basic functionality, but the more advanced versions are paid). New application firewall is Vallum (paid). Some kind of light hybrid combination of Murus and Vallum is Scudo. Hands Off! is available at a new site. Free application firewall for outgoing connections is LuLu. And of course, Litte Snitch is still available.

2020, second edit: As of macOS Big Sur, Apple apps can bypass the third party firewalls. There are some workarounds available, but these include disabling SIP (not recommended) or enabling kernel extensions that may be disabled during macOS updates.

2021 It seems that the firewall bypass in Big Sur will be removed in version 11.2 and third-party firewalls will be able to monitor and filter all of Apple's software.

Related

Is there a way to save your custom keyboard shortcuts in a config file?
How can I tell Mobile Safari to stop remembering to never remember my password?
How to spoof a USB-Ethernet adaptor's MAC address in OS X
Can I disable macOS Sierra's sticky window edges?
App Store purchases and updates
What's the structure behind Apple version numbers / build numbers?
Permanently set microphone input to MBP Mic
What is Macintosh HD - Data - Data?
VirtualBox does not work after upgrading to Big Sur
Software to convert CHM files to EPUB/Kindle
How to bypass web URL filtering service to access blocked websites (proxy) [closed]
Can you run SAS drive from SAS backplane to SATA on mobo?