All PCs & Macs have a built-in firewall, which works alongside any external firewalls (including the integrated one in your ISP's gateway). What does it do, and should you leave it on?
The firewall on your device, we'll be using Macs for screenshots & examples in this article - but the same applies to PCs & most major Linux distributions, which is known as a software firewall.
A software firewall performs security functions such as, but is not limited to:
Packet filtering – Packet information is checked against a set of preset filters. If the packet is prohibited by any filter, it is discarded.
Proxy services – incoming information is held by the firewall until it can be verified by the requesting computer.
Stateful inspection – key identifiers in each packet are compared against a database of approved senders. If the packet info doesn’t match any of these trusted sources, it gets discarded.
Trusted sources, like your favorite website or cloud storage, get recorded and information from them is allowed through your firewall. But any suspicious Internet packets that were never requested by your computer are simply cut off.
There are a few other common things that Macs' utilize, such as "Stealth mode" where your Mac will not respond to ICMP requests (Ping) or automatically allow the download of files with a known good file certificate.
Leave it on or not?
The simple answer is yes, always yes. Newer firewalls on PCs, Macs & most Linux distros check each packet in microseconds, so they don’t have much drag on system resources. Turning them off won’t give you any real benefit, so it’s better to leave them on and have that extra layer of protection.
The only time we could really see any value in turning it off is if you have an external firewall placed within your network. Even then - software firewalls are (generally) pretty good with not interfering with network (or physical) firewalls & the added layer of protection will never hurt.