Firewall configuration (macOS device policy)

With the Firewall configuration you define settings for the application firewall included in macOS.

Setting

Description

Turn on application firewall

The application firewall is turned on.

Block all incoming connections

Sharing services, such as File Sharing or Screen Sharing, are not allowed to receive incoming connections.

This does not affect the following system services:

  • configd (DHCP and other network configuration services)
  • mDNSResponder (Bonjour)
  • racoon (IPSec)

Use stealth mode

The computer ignores unexpected requests, such as ping requests.

Automatically allow built-in apps

Built-in apps, such as iTunes, are added to the list of apps allowed to receive connections.

You can’t turn this setting off.

Automatically allow signed downloaded apps

Apps signed by a valid certificate authority are added to the list of apps allowed to receive connections.

You can’t turn this setting off.

Allowed connections

An app group containing apps allowed to receive connections.

For other apps, users can choose to allow or deny a connection.

Denied connections

An app group containing apps not allowed to receive connections.

For other apps, users can choose to allow or deny a connection.