The internal Ventura firewall doesn't work at all. All applications listed in the firewall windows with incoming connections set to disabled (red flag) after a restart of the System Setting app will have incoming connections automatically enabled (green flag). All applications listed in the firewall windows with incoming connections set to disabled (red flag) allow incoming connections just as the red flag was instead green.
1 - Restart in Safe Mode. This will perform a Disk Repair, clear cache files and only load Apple Software, extensions and fonts. The boot up will be slow and can take some time - Normal.
2 - Safe Mode will also eliminate Third Party Software, extensions and drivers from loading. It will only load the Minimum amount of Core Apple Processes to allow the the computer to function at a reduced Level of Performance
3 - Does the issue present in this mode ?
4 - Sometimes a Safe Boot followed by a Normal Boot will just put things right.
5 - If not - there could be something in the main User Account playing up. To further isolate this - Set up users, guests, and groups on Mac. Then log out of the Main User account and log into the dummy account and test again if the issue persists.
6 - If the issue is present in the dummy account - then, this appears to be a System Wide issue on the computer.
Step 7 below is optional but at the sometime will give us a more complete overview of this machine
7 - Download the Application Etrecheck directly from the Developer.
This is a Diagnostic Tool that makes no changes to the computer.
It makes a coherent and readable inventory of both the Hardware and Software used on the computer
The application is free or paid from added features.
The Report will Not Reveal Any Personal Information.
Post back the Full Report - copy and paste - >>>> using the Additional Text Icon ( 3rd Icon to last ) <<<<
1 - Restart in Safe Mode. This will perform a Disk Repair, clear cache files and only load Apple Software, extensions and fonts. The boot up will be slow and can take some time - Normal.
2 - Safe Mode will also eliminate Third Party Software, extensions and drivers from loading. It will only load the Minimum amount of Core Apple Processes to allow the the computer to function at a reduced Level of Performance
3 - Does the issue present in this mode ?
4 - Sometimes a Safe Boot followed by a Normal Boot will just put things right.
5 - If not - there could be something in the main User Account playing up. To further isolate this - Set up users, guests, and groups on Mac. Then log out of the Main User account and log into the dummy account and test again if the issue persists.
6 - If the issue is present in the dummy account - then, this appears to be a System Wide issue on the computer.
Step 7 below is optional but at the sometime will give us a more complete overview of this machine
7 - Download the Application Etrecheck directly from the Developer.
This is a Diagnostic Tool that makes no changes to the computer.
It makes a coherent and readable inventory of both the Hardware and Software used on the computer
The application is free or paid from added features.
The Report will Not Reveal Any Personal Information.
Post back the Full Report - copy and paste - >>>> using the Additional Text Icon ( 3rd Icon to last ) <<<<
Thanks for the response. I was pretty mad when when I wrote it. One user mentioned Settings app not having privileges to "edit" firewall settings. Found that to be half-true since sometimes something works, sometimes not so much.
Anyways, found a way to edit firewall settings as sudo and it does seem to work.
If anyone cares, here's solution to that:
echo " Enable Firewall"
sudo /usr/libexec/ApplicationFirewall/socketfilterfw \
--setblockall off \
--setallowsigned on \
--setallowsignedapp on \
--setloggingmode on \
--setstealthmode on \
--setglobalstate on
In Ventura it does work, no idea about any other release.
I just want fw to block all incoming non-essential traffic, don't care about anything else since it's...well, non-essential...
Kept delving myself and found the Solution for me.
Culprit is the com.apple.alf.plist File you find in /Library/Preferences.
Edit the File (don't forget to make a Backup of this File first,jic).
Search for
<dict>
<key>alias</key>
<data>
[snip...]
</data>
<key>reqdata</key>
<data>
[snip...]
</data>
<key>state</key>
<integer>2</integer>
</dict>
(This should be above
<key>exceptions</key>
<array>
etc.etc.)
All <integer>2</integer> are the red flagged ones.
Set to zero(0) and the flag will be green.
Save your edit.
of-the-stack wrote:
There is no way in **** to enable stealth mode or to block all incoming.
This is the default behaviour for 99.999% of all internet users.
Reinstalled macOS multiple times and it's still the same.
Reinstalling macOS is never going to fix a problem like this. The only time a user would need to reinstall the operating system is when the user has completely corrupted it with misconfigurations and/or low-level system modifications that cannot be uninstalled. So don’t do that.
Posted about this multiple times, seen multiple posts about it and usually there is now solution.
That’s because there is no problem. The Application Firewall never did what people think it does. It was always a useless, do-nothing app. Most users don’t need any kind of firewall at all, even a functional one. No one needs the Application firewall.
The only benefit it provides is possibly making a user think they have some extra protection and that they don’t need to install some 3rd party malware/scamware.
No-one gives a rats *** about it.
Correct.
Like the most severe of issues - security issue, is not addressed at all by apple or anybody and it bothers me.
Apple promptly corrects all severe security problems. But Apple has its own engineers to evaluate the severity and risk of any issue. Just because you read about something on the internet doesn’t make it a severe issue, or even true at all in many cases.
Those "Community Specialist" never respond.
Community Specialists only respond if no one else does. They don’t do anything but post links to support articles anyway. They would never tell you the the Application Firewall is just a do-nothing, “security theatre” app to prevent people from installing a 3rd party app that would be infinitely worse.
Is there a list of issues that they have to keep quiet about since tampering with security settings of device without user consent seems like a problem?
Community specialists are only going to respond when they can post a link to an Apple Support article. Although Apple does have a couple of security articles about Security getting devices, lockdown mode, and personal safety, my guess is that Apple employees would avoid any thread where there is an obvious mental health concern.
Matti Haveri wrote:
So the built-in macOS Firewall is not really needed even if I happen to use some open public Wi-Fi, right?
The important thing to remember here is that the built-in firewall does nothing. No matter what scenario you can construct, the fact that the default behaviour of the firewall is to allow connections means that it fundamentally does not work.
A public wifi is not that much of a risk to begin with. You are still on a private network. Only the other people on the network could theoretically contact your computer. And a good wifi network won't even allow connections between clients. But even if you were on a lower-quality wifi network, your risk is limited by the small number of people within wifi range. You are very unlikely to ever be in wifi range of someone with the desire and ability to hack your Mac.
But let's put it all out there. Say you are on a big, fast wifi network that isn't like the typical ones where you can barely even check e-mail. Let's say it is at a hacker convention or something - sunglasses, dark hoodies, and "property of US government" stickers everywhere you look. What are they going to hack? In addition to the firewall being turned off by default, all sharing services are turned off too. You have to make a point to turn some of those on. And it's not like sharing services just broadcast your data or anything. They still require passwords.
But if you are at a hacker convention, and you've enabled some services, and made sure your password is something like "pass123" or something, what happens if you turn on the firewall? Nothing. Nothing happens. The firewall allows connections to all of those sharing services. That "stealth mode" isn't going to help. While it may block pings, it isn't going to block remote login, SMB, or anything else. In fact, your Mac will be advertising those services. But oh yeah, it's blocking all those ping packets. 😄
But might want I turn it ON even if I happen to use some 3rd party network app??
You can always turn it on if you want. But realistically speaking, you could do something else, like changing your accent colour or screensaver. That would have a greater impact on your security than the firewall. At least changing the screensaver or accent colour isn't going to make anyone think that they are improving their security.
https://www.howtogeek.com/205108/your-mac’s-firewall-is-off-by-default-do-you-need-to-enable-it/
That story is surprisingly good. My only complaint is the one, halfway-plausible case for using the firewall - doing local web developing using Apache.
For example, let’s say you’ve installed an Apache web server or other server software and you’re dabbling with it. You could access it entirely on your computer via localhost. To prevent anyone else from contacting this server software, you could simply enable the firewall. Unless you enable an exception for that specific piece of server software, all incoming connections to it from outside your computer will be blocked.
Sadly, this isn't true. The author is actually giving the built-in firewall too much credit. If you've enabled Apache and "simply" turned on the firewall, it will not block the web server. Even if you disabled signed 3rd party software and built-in software using the firewall options, it still doesn't work. You have to completely block all connections in order to disable external access to Apache. But yeah, if you turn on the firewall, configure it to block all connections, then you can safely do your web development at the hacker convention. But then again, you could also do this inside Apache itself. I include that Apache security setting in my Mac web development User Tip: Setting up a local web server on macOS 13… - Apple Community
Hello RobbiOne,
Thanks for checking the troubleshooting article and all your settings.
Looks like you need to contact Apple Support to have them check into this further with you. They will do everything they can to help solve it, or may need to gather info from your device to see what is going on.
Thanks.
of-the-stack wrote:
I just want fw to block all incoming non-essential traffic, don't care about anything else since it's...well, non-essential...
Honest question - do those settings actually do that?
Here is what those settings are doing...
--setblockall off - this basically turns off blocking.
--setallowsigned on - enables all built-in apps to listen for connections.
--setallowsignedapp on - enables all 3rd party apps to listen for connections.
--setloggingmode on - I challenge you to find these logs.
--setstealthmode on - does not rely to ping requests.
--setglobalstate on - this enables the firewall, subject to other configuration settings. In your case, you are blocking incoming connections to ping and any unsigned software.
Most people do not have a direct connection to the internet, so I will skip talking about data centres and internet exchanges. It is possible that you've setup your Mac as a DMZ on your home network. I don't recommend that. If you haven't configured your Mac to be the DMZ, then really none of this applies at all. All network requests come into your router. You would have to configure the router to direct certain requests to your Mac. Otherwise, the router will simply ignore them. A DMZ would direct all external requests directly to your Mac. You don't want to do that. So in most cases, the firewall is essentially protecting your Mac from any other computer that is also connected to your WiFi. That's it.
But let's assume you did configure your Mac to be a DMZ. This is more interesting. Let's look at what the firewall is actually doing. Since you have enabled "stealth mode", it is blocking ping requests. OK. I don't know how your WiFi is configured, but mine already doesn't respond to ping requests.
However, you are allowing all other built-in apps to listen for incoming network connections. You are even allowing all signed 3rd party apps to listen for incoming network connections. Unsigned software is blocked. This would include malware, because it is usually unsigned. But malware typically doesn't listen for connections to begin with. Malware assumes you are on a WiFi connection so it is going to initiate connections to its command-and-control server. Probably the only software that would be blocked is open source software that you've compiled on your own machine. This is often server software for running some kind of server on your home computer. In short, the only software that is likely to be blocked is the software that, if you have it, you most likely don't want blocked at all.
So do you see what this is useless? It literally isn't blocking anything. What little it does block is probably already blocked even if the firewall is turned off. If you did have your Mac configured as a DMZ, it is wide open. Any external connection you make could be logged and tracked. And those logs you are leaving all across the internet are much easier to read than the firewall logs that you've enabled. If someone wants to explore your computer, they aren't going to use ping. They are going to use any one of the few hundred well-known ports. Those are the same ports that, with your configuration, your Mac is listening for.
no after a restart, just afters relaunch again the System Setting app: all red flag becomes green automatically. That happen on a macbook pro 13" last 2017 and on a new macbook 14" M1 pro, both with Ventura 13.1.
Here you have an example.
Firewall with rules set by user:
and firewall just after relaunch of the System Settings app: all rules are becomes green.
As already explained, I'm sorry for you Bob but that's false: I need it (and it seems Deane is too)! And why shouldn't it be useful?
This is a technical forum used also to report bugs and if possible to get help in order to solve them, therefore those who cannot provide useful information for trying to solve the bugs should avoid writing useless platitudes that not only do not solve anything but do not even correspond to the truth because e.g. it has been very useful to me since 2007 and it still would be if it worked as it should.
I report here the firewall bug certainly not to hear people say not to use it, but for finding useful suggestions or solutions because I would like to be able to use it and since it's there it simply has to work, otherwise if even Apple (like some here in the forum) thinks it is no longer needed then it must be eliminated completely (a bad solution but a solution nonetheless).
Fortunately, Apple doesn't think so: I've been on the phone several times with Apple's technical support manager, providing him with all possible reports to help him find a solution to this Ventura security bug; unfortunately for now I have not received any good news, as soon as I have news about it I will report it on the forum.
In order to help someone for solving the bug I have found the reported bug is also present in Ventura 13.2, however I noticed that only the denial rules (red) added by clicking on the "+" are erroneously always modified in "allow"(green), while the denial rules added via the warning window automatically generated by the macOS remain always correctly red as set by the user.
RobbiOne wrote:
The internal Ventura firewall doesn't work at all. All applications listed in the firewall windows with incoming connections set to disabled (red flag) after a restart of the System Setting app will have incoming connections automatically enabled (green flag). All applications listed in the firewall windows with incoming connections set to disabled (red flag) allow incoming connections just as the red flag was instead green.
Re-Reviewing the entire thread on this question, it appears that the above issue has somehow be sidelined by other issues.
For this I apologize for being apart of this too.
Let us get back to the above and attempt to sort this out.
How has the User determined that the Inbound Connections, from the listed Application Block list, is in fact receiving Inbound Traffic ?
Has there been some Third Party Disk Cleaning or Disk Optimizer applications installed and used on this computer ?
Has there been any Third Party Security Software been installed and used on this computer ?
Added, has the update to Ventura 13.2 released Jan 23, 2023 been applied to this computer ?
EDITED - added question
P. Phillips, thanks for your questions, I try to answer briefly:
1) Because all applications added clicking on "+" in the firewall windows and set to incoming connections disabled (red flag) after a restart of the System Setting app automatically has been changed to enabled (green flag).
2) Ventura was just fresh installed after complete SSD initialization on Macbook 13 pro late 2017 and also rechecked on Macbook 14 pro late 2021 updated to Ventura. Before Ventura the Apple firewall worked fine on both with the same apps.
3) None.
4) On Ventura 13.2 that bug still persists (sob!).
Maxlù: yep, the sudo command works; as "dog782" suggested, Apple R&D team forgot to enable sudo write privileges for firewall GUI when they eliminate the password to manage the System Setting app (as it always had before Ventura MacOS).
We are still waiting for the Apple R&D team to read these comments in order to fix the bug definitely and to enable again the password for changing system settings.
RobbiOne wrote:
etresoft: the apps listed in the firewall are just for a demo of the bug, I use the much better Little Snitch.
That said Apple firewall must work correctly or must be deleted al all; until Ventura it worked fine and, yes, it is still useful for many users that do not want to spend 45€ for a better firewall. It is not pointless at all.
Ket be through some " Fat on the Fire "sort of speak
Even if the user hated to remove the Builtin Application or Service that comes with Ventura macOS 13
The Operating System resides in a Sealed and Read Only Volume that can not be opened by the User.
Presto, the builtin Apple Firewall is here to stay.
Then, perhaps the User chose to use a Third Party Firewall is better for their usage needs
P. Phillips, you can also block incoming and outcoming traffic of your computer with a software firewall installed on your computer. For MacOS Little Snitch is a very good choice but you have to pay for it, on the other hand the firewall present by default in MacOS is only a half firewall because it only blocks incoming traffic but since it's free it's always better than nothing.
A centralized firewall for the whole network e.g. the one always present on routers (which, however, is generally not very configurable and does not block LAN connections) or on dedicated hardware (Opnsense, Pfsense, Ubiquity, Fortinet, Cisco) is more difficult to be configured (may block useful traffic for all the network device). Hardware firewall may cost a lot because they must to be able to handle all the LAN traffic without degrading the Internet throughput to much.
Dude, It' s been how long Ventura is out now and Firewall issue is still there. There is no way in **** to enable stealth mode or to block all incoming. After you quit settings app Firewall resets itself. Reinstalled macOS multiple times and it's still the same. Posted about this multiple times, seen multiple posts about it and usually there is now solution. No-one gives a rats *** about it. Like the most severe of issues - security issue, is not addressed at all by apple or anybody and it bothers me. Those "Community Specialist" never respond. Is there a list of issues that they have to keep quiet about since tampering with security settings of device without user consent seems like a problem?
Ventura internal Firewall (v13.1)
