Create Firewall profile for macOS
From macOS X 10.12, Apple provides a program firewall which enables you to control connections on a program basis (rather than on a port basis). This allows the benefits of firewall protection to be more easily utilized and prevents unwanted programs from taking control of network ports that are open for legitimate programs.
Note! This option is not available for devices that have been embedded via User Enrollment.
- Select Firewall as the profile you wish to add. The following dialogue will open.
Make the following settings:
- Profile name: Specify a name for the profile.
- Enable: Specify, whether the firewall should be enabled or not.
- Block all incoming connections: Selecting this option prevents all sharing services, such as File Sharing and Screen Sharing from receiving incoming connections. The system services that are still allowed to receive incoming connections are:
- configd, which implements DHCP and other network configuration services
- mDNSResponder, which implements Bonjour
- racoon, which implements IPSec.
- Stealth mode: You can activate stealth mode with this option. This makes it difficult for hackers and malware to discover the macOS devices. In stealth mode, your users’ macOS devices will neither react to ping requests nor to connection attempts from a closed TCP or UDP network.
- Bundle ID: Here you can determine which apps are allowed or blocked from connecting to the macOS devices. Use the Bundle ID of each app for this and select Allowed or Not allowed.
You’ll find out here how to distribute the new profile (see section Assign profile).