If you have a broadband, always-on connection, you’re open to the Internet 24 hours a day. It’s theoretically possible for some cretin to use automated hacking software to flood you with data packets or take control of your machine. OS X’s firewall feature puts up a barrier to such mischief. To turn it on, click the on the Firewall pane in the Security & Privacy section of System Preferences, authenticate yourself, and then click Start.
You don’t need to turn on this firewall if your Mac connects to the Internet through a wired or wireless router (including the AirPort base station). Virtually every router already has a built-in firewall that protects your entire network. (Similarly, if you’re using the Internet Sharing feature described on Making the Switch, turn on the firewall only for the first Mac, the one connected right to the Internet.)
In short: Use the firewall only if your Mac is connected directly to a cable modem, DSL box, or dial-up modem.
Fortunately, it’s not a complete barrier. One of the great joys of having a computer is the ability to connect to other computers. Living in a cement crypt is one way to avoid getting infected, but it’s not much fun.
Therefore, you can turn the firewall on by opening System Preferences→Security→Firewall tab, authenticating, and clicking Turn On Firewall. But you can also fine-tune the blockade.
To do that, click Firewall ...