When I try to save custom settings on Firewall to block the connection to some apps, settings are not saved, or saved for some minutes, and then automatically all permissions are enabled.
This is a very important security problem, how did you solve? Tks
MacBook Pro 16″, macOS 13.0
I have same issue with a brand new Mac Studio before installing one app. This is 100% an Apple IOS bug/glitch.
It’s pretty pathetic this is still an issue. I’m guessing way less staff, way less of a priority, no one cares, etc.
I have same issue with a brand new Mac Studio before installing one app. This is 100% an Apple IOS bug/glitch.
It’s pretty pathetic this is still an issue. I’m guessing way less staff, way less of a priority, no one cares, etc.
Same issue here. The only way I could fix it was to use the socketfilterfw executable directly, with sudo privileges, on the command line. You can check out the help information for the executable by running:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw -h
which explains what options are available and their general use.
For a specific example, I was able to then use the --remove <path> option which would be the same as using the "-" button to remove something from the list of individual applications that have individual rules set on them:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /Applications/Firefox.app
Actually, Terminal is required otherwise by GUI you will lost settings after closing System Settings.
You need to use socketfilterfw command.
That is in usr/libexec/ApplicationFirewall/socketfilterfw
Example to test the socketfilterfw command.
If you are in your_user folder then paste:
sudo ../../usr/libexec/ApplicationFirewall/socketfilterfw -h
Option to turn on firewall (this options works also by GUI).
sudo ../../usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
For the other options follow these commands or the attached image.
Block all incoming connections:
Allow built-in software connections:
Block downloaded app connections:
Block acknowledge attempts (ex. ICMP):
I already read this in the online help, but this repetition doesn't solve the problem that probably is a bug.
if I set a custom permission to an app, as said in 4 and 5 points, the settings is not saved. If I deny a permission to an app (red), reopening the settings after a few minutes, the permission becomes green.
When I remove an app from my iMac I use AppCleaner. It works very well but one has to be careful and read the warning below. Like for PowerPhotos 2.0 this is what would be removed:
WARNING: If you use AppCleaner on an app that you have other apps from the same developer, like Adobe, you must be extremely careful checking all checkboxes and deleting. Some for those files may support other apps from the same developer and deleting them can mess them up. Adobe apps is a primary example. I know from experience. For singular apps from a developer it's safe.
It does get rid of a lot of excess junk.
Hello medialp,
Welcome to Apple Support Communities!
If we understand your post correctly, your Firewall settings are not being saved. We're here to help!
"A firewall can protect your Mac from unwanted contact initiated by other computers when you’re connected to the internet or a network. However, your Mac can still allow access through the firewall for some services and apps.
For example:
For greater control, you can select apps and services, and specify whether they can have access through the firewall.
Turn on firewall protection
> System Settings, click Network 
in the sidebar, then click Firewall. (You may need to scroll down.)
, then select the app or service in the dialog that appears.Set firewall access for services and apps
> System Settings, click Network in the sidebar, then click Firewall. (You may need to scroll down.) under the list of services, then select the services or apps you want to add. After an app is added, click its up and down arrows 
and choose whether to allow or block connections through the firewall.Block connections to your Mac with a firewall
Let us know if you have any questions.
Thank you for using Apple Support Communities.
Take care!
It's a long shot but give this a try: boot into Safe Mode according to How to use safe mode on your Mac and test to see if the problem persists. Reboot normally and test again.
NOTE 1: Safe Mode boot can take up to 3 - 5 minutes as it's doing the following;
• Verifies your startup disk and attempts to repair directory issues, if needed
• Loads only required kernel extensions (prevents 3rd party kernel/extensions from loading)
• Prevents Startup Items and Login Items from opening automatically
• Disables user-installed fonts
• Deletes font caches, kernel cache, and other system cache files
NOTE 2: if you have a wireless keyboard with rechargeable batteries connect it with its charging cable before booting into Safe Mode. This makes it act as a wired keyboard as will insure a successful boot into Safe Mode.
Just some food for thought. First, there is no reason to ever install or run any 3rd party "cleaning", "optimizing", "speed-up", anti-virus, VPN or security apps on your Mac. This documents describe what you need to know and do in order to protect your Mac: Effective defenses against malware and other threats - Apple Community and Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support.
There are no known viruses, i.e. self propagating, for Macs. There are, however, adware and malware which require the user to install although unwittingly most of the time thru sneaky links, etc.
Anti Virus developers try to group all types as viruses into their ad campaigns of fear. They do a poor job of the detecting and isolating the adware and malware. Since there are no viruses these apps use up a lot of system resources searching for what is non-existent and adversely affect system and app performance.
There is one app, Malwarebytes, which was developed by a long time contributor to these forums and a highly respected member of the computer security community, that is designed solely to seek out adware and known malware and remove it. The free version is more than adequate for most users.
Personally I wouldn't let CMM anywhere near my Macs. It may not be involved in your current problem but it certainly isn't doing you any good.
Sorry but, that doesn't work for me. My procedure was:
Have I missed something ?
I went and tried to shut off accept incoming connections from to an app and sadly I could not save it either.
There are 3rd party apps that help block what Apple has allowed over a users consent, I say this because a company called Acustica Audio said to of discovered pirated software on a customer's computer while monitoring their screen with out their knowledge., this company later realised the customer had purchased a used computer and the data they discovered could not be erased from the machine history even after erasing the SSD soldered unto the mother board., a m1 machine running Ventura, till Samona.
The user decided to consult an attorney because they paid for the products and found it shocking that Acustica Audio invaded their privacy and where confident the customer will accept their banning them after spending $650 on their plugins., until the attorney advised the user to demand where the proof of the pirated software is to have the legal right to respond, be it defence or a settlement..the Attorney later reports that the company recorded not only the screen of the customer but had access to the customer's root drive, computer everything but the user agreement for the software indicated this (the right to access the computer using the password provided to install their products, the microphone, the camera etc etc)...so the attorney advised the client to make it public..but acustica justified it by sharing screenshots of the users network firewall settings..settings in this thread no one can change..even if the pop up menu asks the user to allow or not (for example) logic to have incoming connections..the firewall ignores anything the user wants and lets it..
Go to your apple menu on the top left, choose about this Mac/Choose Network, then Firewall..you will see things in there that are NOT at all int he firewalls allow or no list.
Some of these apps where removed..yet this info stays in the About this Mac info..
So how can we stop or allow if the firewall does not let us?
I don't use the Firewall as my iMac is at home behind a secure router running WPA2 Personal security. If I had a laptop then I'd use the Firewall whenever I left home and used pubic access points.
Have you installed and run any "cleaning", "optimizing", "speed-up", anti-virus or VPN apps on your Mac?
I'm having this exact same issue. I'll open up Network > Firewall > Options. I'll switch something to Block incoming connections, close out window. Then if I reopen it will have it as Allow incoming connections. This is very frustrating. Is there a bug fix coming soon for this? Wish I never updated...
I’m having many issues with Ventura and there still hasn’t been a patch. Laggy mouse, firewall not working, new settings screen is awful. I just bought a brand new Mac Studio and can’t tell if it’s acting up or Ventura.
But one thing is malware/viruses, another thing is junk from previous installations, settings on library of removed apps, temporary files never removed and so on.
When you remove an app dragging it on the bin, the library (both main and user library) remains full of old settings and I can assure you that there is a lot of waste left behind.
Same for autorun apps (e.g. Adobe cloud, many autoupdates demons) that take up a lot of memory and there is no way to remove them other than manually, as the operating system never bothers with these cleanings.
I can confirm that this macOS bug is still present in Ventura 13.2. I'm currently stuck with all incoming connections blocked and no way of turning it off. As with OP, I can make the change but within a few minutes, the settings revert to an older previously saved setting.
I only looked at this issue because every user account on my Mac used to get a pop-up dialog asking whether to allow "mediasharingd" to accept incoming connections. The pop-up would disappear in less than a second. Of course, I don't have any media sharing services turned on.
Firewall settings not saving
