From System Preferences > Security & Privacy > Firewall help:
The Firewall pane of Security & Privacy preferences
You can use the firewall in OS X to prevent unwanted connections from the Internet or other networks.
Certain shared services can connect through the firewall when they are turned on in Sharing preferences. For additional security, you can prevent connections to these incoming services by turning off the service in Sharing preferences. For more information about sharing, see this help topic:
Share your Mac with others on your network
OPTION | DESCRIPTION |
---|
Turn On Firewall | If Firewall is turned off, click Turn On Firewall to turn on firewall protection. To modify firewall settings, click Firewall Options. |
Firewall Options | The Firewall Options button lets you change firewall settings. |
Block all incoming connections | To have the firewall prevent incoming connections to nonessential services and apps, select “Block all incoming connections.” Basic Internet services are a set of apps that allow your computer to find services provided by other computers on the network. This setting prevents connections to all other sharing services. |
Add ➕ | To add an app, click Add (+), select the app in the list, and then use the Up Arrow and Down Arrow keys to set the limits for the app. |
Delete ➖ | To remove an app, select it in the list and then click Remove (-). |
Automatically allow signed software to receive incoming connections | This setting allows apps and services that are signed by a valid certificate authority to be automatically added to the list of allowed apps, rather than requiring you to authorize them. For example, iTunes is signed by Apple, and so it is automatically allowed to receive incoming connections through the firewall. |
Enable Stealth Mode | Stealth mode prevents your system from responding to probing requests that can be used to reveal its existence. The system still answers requests from authorized apps, but unauthorized requests such as ICMP (ping), get no response. |
See especially the "Block all incoming connections" writeup.
Incoming network connections are required for numerous reasons. Among them:
- See if there are pending updates for iOS apps, or iTunes itself.
- Update Genius data.
- Update purchases made on other devices.