How to Open a Port on a Windows or Mac Firewall

Quickly solve your computer or router connectivity issues

What to Know

  • In Windows Defender Firewall, select Allow an app or feature through WD Firewall > Advanced Settings > Inbound Rules > Port.
  • Follow steps from there depending on your needs.
  • Before you start, be sure traffic is running through your router.

This article explains how to open a network port on Windows or Mac and why this is sometimes required. It also addresses what to do with routers.

How to Open a Network Port in Windows

When you install certain software on Windows, the installation wizard may automatically set up any required firewall rules for you. But if you do install something and find you're having trouble using it, take the following steps:

  1. Hit the Windows key, type "firewall," then select Windows Defender Firewall.

    The Windows Defender Firewall Entry in the Start Menu.
  2. The window that appears will allow you to select a particular app by selecting Allow an app or feature through Windows Defender Firewall. Using this tool you can simply select an installed app and open it any networks you have set up.

    The Windows Defender Firewall Entry in the Start Menu.
  3. But assuming you want to open a port directly, select Advanced Settings from the left-hand menu.

    The Windows Defender Firewall Settings Screen.
  4. When opening a port, it's most likely you'll want to accept incoming connections (again, your OS should allow all but the most unusual outgoing connections). Select the Inbound Rules item from the panel on the left and then click New Rule from the right-hand panel.

    Windows Defender Firewall with Advanced Security tool.
  5. In the first screen of the New Inbound Rule Wizard, select the Port option to open a specific port or set of ports, then click Next.

    New Inbound Rule Wizard's "Port" Option.
  6. On the next step, select whether you want to open a TCP or UDP port, depending on the requirements of your app.

  7. Then choose to either open All local ports (this is very risky!) with this rule or a Specific local port or range. Click Next.

    New Inbound Rule Wizard's Protocol and Port Selection.
  8. Firewall rules allow you to explicitly allow or block connections. In this case we're looking to "open" the port, so you can select either of the first two options here. The first one (Allow the connection) is more likely to succeed unless you know for sure that your service is using IPSec authentication. Click Next when you're done.

    New Inbound Rule Wizard's Action Selection.
  9. You can also limit the rule to only certain networks, such as a corporate (Domain) or home network (Private), in addition to the internet at large (called Public in this dialog). Select whichever of these make sense for your app; if you're unsure, select them all. Click Next.

    New Inbound Rule Wizard's Profile Selection.
  10. Finally, give the rule a name and optionally a description. Then click Finish to create your rule.

How to Make a Port Open on a Mac

Opening a port on macOS is overall simpler but in some ways more difficult than on Windows. Firstly, by default the macOS firewall is disabled, so out of the box, you don't even need to use these steps, as your Mac should accept any incoming connection attempts.

But if you've turned the firewall on (you'll know because the System Preferences > Security & Privacy > Firewall screen is showing Firewall: On), you'll need to make a small addition to the firewall's configuration file to open your specific port.

The Firewall Toggle in macOS System Preferences.

After you've checked that your firewall is on, then follow these steps:

  1. Open the Terminal app.

  2. Enter the following at the prompt to stop the pf (packet filter) firewall if it's active:

    sudo pfctl -d
  3. Next, use the nano text editor to open the configuration file for pf:

    sudo nano /etc/pf.conf
  4. The editor will show the contents of the default config, which contains some important stuff. You can add your custom rule, but make sure you do so below any existing configurations.

    A Custom Firewall Rule Added to the pf.conf File.
  5. If you want to open port 12044, for example, enter the following at the bottom of the file. To break this down, you're allowing (pass) incoming (in) TCP (inet proto tcp) traffic from any machine to any other machine (though in this context it means just your machine) on port 12044 with no state inspection.

    pass in inet proto tcp from any to any port 12044 no state
  6. Press Ctrl-x to exit nano, and press Y and Enter on the way out to confirm that you want to save the file with the same name.

  7. Issue to the following at the prompt to re-load the firewall's configuration from the file you just edited:

    sudo pfctl -f /etc/pf.conf
  8. Finally, enter the following at the terminal to re-start the firewall:

    sudo pfctl -E

Why Do You Need to Open a Port?

Cloud and network apps running on your computer are designed to communicate over a particular network port (or set of ports). And the machine on the other end of that connection will be sending and receiving your data over prescribed ports as well.

But the issue is that most operating systems, and "consumer" operating systems, in particular, can be set up to refuse some or all incoming network communication. So you may encounter a situation where your app sending something to a cloud service, and the service is sending something back, but the firewall built into your router or OS is blocking that data. In this case, you should open the network port and let that traffic through to your app.

Opening a Port on Your Router

Before you address your PC or Mac, you should make sure the traffic can get through your network's router. In this case, you're not just opening a port, you're also telling the router where to send this data within the local network. To do that, you need to set up port forwarding. But whether you need a port forward or not, the first step is to open the corresponding port(s) on your PC or Mac (above).