Available in macOS 10.12 and later. A Firewall payload manages the Application Firewall settings accessible in the Security Preferences pane. Note these restrictions:
- The payload must exist in a system-scoped profile.
- If more than one profile contains this payload, the most restrictive union of settings will be used.
Apple claims that: The “Automatically allow signed downloaded software” and “Automatically allow built-in software” options are not supported, but both will be forced ON when this payload is present. However those options are not changed when the payload is installed. Only the UI is greyed out.
Required. Whether the firewall should be enabled or not.
Block All Incoming
Optional. Corresponds to the “Block all incoming connections” option.
Enable Stealth Mode
Optional. Corresponds to “Enable stealth mode.”
Optional. The list of applications
Each item in the applications list contains these keys:
Identifies the application