Free: A GUI for your Mac’s firewall

“What? The Mac has a firewall? Who knew? Actually, OS X has had a firewall since forever, and Apple is so convinced the Mac is truly secure the built-in software firewall is turned off by default,” Jeffrey Mincey writes for Mac360.

“Turning on the Mac’s firewall is easy enough but managing it is not. Open System Preferences > Security & Privacy > Firewall. Click, Turn On Firewall. That’s it. Almost. Click Firewall Options to manage specific apps,” Mincey writes. “Or, use Murus Lite instead.”

Mincey writes, “Murus Lite is the entry-level app which is more of a user interface for the Mac’s built-in software firewall.”

More info and screenshots in the full article here.


  1. A couple points:

    1) DUH OS X has a firewall. The BIG problem is that Apple ship their Macs as well as install new versions of OS X with the firewall OFF. That’s terrible! I’ve bent Apple’s ear on this subject for years, as have many others. Without it on, the user ends up depending on whatever firewall their current router is using, if any.

    2) There have been GUIs for OS X’s firewall for many years. It’s nothing new. Here are two long standing alternatives:

    Icefloor <- Works with OS X 10.7 – 10.10.

    Waterroof <- Works with OS X 10.5 – 10.8. There's an older version for 10.4.

    But note: hanynet, who developed Icefloor and Waterroof, recommends using Murus with OS X 10.9 Mavericks and 10.10.x Yosemite for better functionality!

        1. I wish I could tell you and I ought to know. But despite owning Intego’s firewall (via NetBarrier), I’ve never bothered with it except to play with its ‘reverse firewall’. I played with it enough to know that it was OK but Little Snitch is a genius by comparison.

          I’d be happy to play around with Intego’s firewall and report back, if you’re really interested. Please let me know!

          1. I own a copy of Little Snitch that came along with a software bundle but have never used it.

            The Intego firewall came along with AV software and has sadly been dumbed down in it’s recent versions. Seems to work OK as far as I can tell.

            With the ongoing decline of QA at Apple in software, maybe it is time for someone to write a full roundup of Mac Security.

            1. The best person I know of writing about Mac security is my net friend Thomas Reed. His site is The Safe Mac. Recently, he started providing what has turned out to be the definitive anti-adware application, AdwareMedic.


              Thomas and I tend to focus our writing in order to cover all the bases of ongoing Mac security issues. Thomas has a great following, far more than my blog, and is terrific at helping his readers.

              My Mac security blog is linked in my ID here at MDN. I’ll post it here as well:


              Last night I wrote up an article about the latest MacHeist, which features both VirusBarrier and Little Snitch plus potentially eight other applications for a mere $15. The Heist runs through about January 18, 2015. For anyone who already has a VirusBarrier license, this is a cheap way to extend it for another year, plus get some kewl other loot.

    1. Thanks, Derek. I’ve managed the firewall from the command line in the past. Not sure why I never thought to look for a GUI front-end, but better late than never I suppose.

    2. Derek,
      Actually the developer of IceFloor, WaterRoof and Murus (me) recommends learning pf and setting it up using the command line. 🙂
      I developed Murus because i believe people may find it useful to learn pf.

  2. I realize that there are developers who create silly graphical representations that duplicate or slightly extend Mac OS capabilities. Is this one? I don’t know. What I do know is that the beginner Mac switcher wouldn’t be able to easily figure out many advanced functions, including important security features like this firewall, without 3rd-party help or hours of searching Apple’s poorly organized online website and forums.

    It seems to me that in the last several years, more and more people have been looking for tools to make their Macs more intuitive, more legible, and more attractive. Apple has received significantly negative reviews in its own Mac app store for its latest releases of OS X and essential applications like iTunes. And though Apple has made it a pain in the butt to install software from anywhere BUT Apple’s online store, Apple has made no headway in competing against industry-leading apps that compete with its own consumer and professional software. Coincidence? I think not. Apple needs to spend less time squishing its GUI into a flat gray ugliness and make significant more effort on performance, intuitiveness, click minimization, full and customizable toolbar availability, and so forth.

    Apple desperately needs to improve its customer focus. Many issues on the Mac OS that were forgivable 5+ years ago have lingered too long (unintuitive control panels, for example), and recent changes have only made the OS worse in one way or another (efficiency, for example). Mac users DO NOT want something that looks like iOS. They want the most powerful, intuitive, secure, EFFICIENT desktop OS possible. At this time, Snow Leopard remains Apple’s high point. It’s time for Apple to get its software act together.

    1. Beginner users don’t need a firewall. I think there is alot of misunderstanding of what a firewall is, it’s certainly not a magical security device and doesn’t protect much more than simply having as many services as possible disabled (which Apple also does, eg it doesn’t have VNC or SSH enabled)

      A firewall on their machine will however break things in ways beginners will never understand (who then will blame Apple because the firewall is blocking ports some application needs).

      This is for pro users and when I say Pro users I mean ones for whom the console is no stranger.

      1. I agree with your reasoned outlook; however, turning on the Mac’s built-in firewall helps to protect you from apps doing things without your knowledge (specifically, they can’t open a listener without getting your consent). But your point about confusing the Mac’s target audience still stands supreme. I just turned on my 10.10 firewall and up popped two “are you sure” alerts, one of which is telling me that the application “” wants to accept incoming network connections. Now I have to go figure out what that erstwhile perl script wants to be listening for!!! [Update: that script is a part of Apple’s OS X distribution and “safe” to allow to accept incoming network connections — although I doubt it ever will in most homes]

    1. Hello, I’m the developer of Murus, IceFloor, WaterRoof ( Using Murus there is no “third party control for your traffic”, sir. Murus is a front end. Traffic is handled by the OSX built-in open source PF firewall, not by Murus. Murus creates only plain text configuration files for PF. Murus is not spyware.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.