For the AirPort
By default all IPv4 ports on an AirPort base station are closed (not "hidden") to inbound traffic from the Internet as the base station employs a simple NAT-based "firewall." However, all ports are open going outbound.
If you are using a service on the Internet which you send traffic to, the return traffic will access the specific ports that application tells it to, to complete the loop. If your goal is to "close" that loop, then you will need to port forward that return traffic to a non-existent local network client as a potential workaround. Not sure how successful your application will be with certain communications being blocked.
Regardless, the workaround is to port forward the undesired inbound ports to a local IP address that is outside of the DHCP scope of the network. By default, the AirPort's DHCP service provides addresses in the 10.0.1.2 - 10.0.1.200 range. You would then port forward to address starting with 201, up to 254.
For example, if you want to block port 800, you would set up a port map in the AirPort Utility as follows:
- Run the AirPort Utility.
- Select the base station, and then, select Edit.
- Select the Network tab.
- Select the "+" plus button under Port Settings.
- Enter a description in the Description box.
- Public UDP Ports: 800
- Public TCP Ports: 800
- Private IP Address: 10.0.1.201
- Private UDP Ports: 800
- Public TCP Ports: 800
For your Mac
To block all incoming connections for a specific application, you would use System Preferences, as follows:
- System Preferences > Security & Privacy > Select the "+" plus button to add the application.
- Select the "Block incoming connections" option for that application.
- Select OK.
Note: If you want more control over the OS X software firewall, you will need to look into a third-party application that does this. A few are: Murus and Little Snitch