Firewall

../../_images/com.apple.security.firewall.png

Template

Available in macOS 10.12 and later. A Firewall payload manages the Application Firewall settings accessible in the Security Preferences pane. Note these restrictions:

  • The payload must exist in a system-scoped profile.
  • If more than one profile contains this payload, the most restrictive union of settings will be used.

Warning

Apple claims that: The “Automatically allow signed downloaded software” and “Automatically allow built-in software” options are not supported, but both will be forced ON when this payload is present. However those options are not changed when the payload is installed. Only the UI is greyed out.

Summary

PayloadType:com.apple.security.firewall
Supervised Only:
 N/A
macOS:10.12
macOS Deprecated:
 N/A
iOS:N/A
iOS Deprecated:N/A
Highlander:N/A

Keys

EnableFirewall

Enable Firewall

Required. Whether the firewall should be enabled or not.

Type Default Required Regex iOS macOS Supervised
boolean N/A N/A N/A N/A N/A N/A

BlockAllIncoming

Block All Incoming

Optional. Corresponds to the “Block all incoming connections” option.

Type Default Required Regex iOS macOS Supervised
boolean N/A N/A N/A N/A N/A N/A

EnableStealthMode

Enable Stealth Mode

Optional. Corresponds to “Enable stealth mode.”

Type Default Required Regex iOS macOS Supervised
boolean N/A N/A N/A N/A N/A N/A

Applications

Applications

Optional. The list of applications

Type Default Required Regex iOS macOS Supervised
array N/A N/A N/A N/A N/A N/A

Each item in the applications list contains these keys:

BundleID

Bundle ID

Identifies the application

Type Default Required Regex iOS macOS Supervised
string N/A always N/A N/A N/A N/A

Allowed

Allowed

Specifies whether or not incoming connections are allowed

Type Default Required Regex iOS macOS Supervised
boolean N/A always N/A N/A N/A N/A