Firewall (com.apple.security.firewall)

com.apple.security.firewall

The payload that configures the firewall.

macOS(10.12)

Branch: release

Settings (11)

Setting	Type	Required	Default	Manual Install	Supported OS
EnableFirewall EnableFirewall If `true`, the system enables the firewall.	boolean	required	—	✓Yes	macOS (10.12+)
BlockAllIncoming BlockAllIncoming If `true`, the system enables blocking all incoming connections.	boolean	optional	—	✓Yes	macOS (10.12+)
EnableStealthMode EnableStealthMode If `true`, the system enables stealth mode.	boolean	optional	—	✓Yes	macOS (10.12+)
Applications Applications The list of apps with connections that the firewall controls. 1 subkey	array	optional	—	✓Yes	macOS (10.12+)
└─ Applications ApplicationsItem 2 subkeys	dictionary		—	✓Yes	macOS (10.12+)
└─ └─ Application Identifier BundleID The bundle identifier for the app.	string	required	—	✓Yes	macOS (10.12+)
└─ └─ Allow connections Allowed If `true`, the system allows connections for the app.	boolean	required	—	✓Yes	macOS (10.12+)
EnableLogging EnableLogging Deprecated (macOS 15.0) If `true`, the system enables logging. Available in macOS 12 through macOS 14.6.	boolean	optional	—	✓Yes	macOS (12.0 - 15.0)
LoggingOption LoggingOption Deprecated (macOS 15.0) The type of logging. Available in macOS 12 and through macOS 14.6.	string	optional	—	✓Yes	macOS (12.0 - 15.0)
AllowSigned AllowSigned If `true`, the system allows built-in software to receive incoming connections. Available in macOS 12.3 and later. > Note: > The system ensures that `AllowSigned` always has a value. If missing from the payload, the system sets it to `true`.	boolean	optional	`true`	✓Yes	macOS (12.3+)
AllowSignedApp AllowSignedApp If `true`, the system allows downloaded signed software to receive incoming connections. Available in macOS 12.3 and later. > Note: > The system ensures that `AllowSignedApp` always has a value. If missing from the payload, the system sets it to `true`.	boolean	optional	`true`	✓Yes	macOS (12.3+)