I have noticed when I make changes to firewall setting in my Macbook air, the changes revert back without my consent. What is happening?

Hi Drkatzjr,

Thank you for using the Apple Support Communities! To confirm, are these the steps you are following below:

Block connections to your Mac with a firewall

Turn on firewall protection

1. On your Mac, choose Apple menu  > System Settings, click Network  in the sidebar, then click Firewall. (You may need to scroll down.)

2. Turn on Firewall.

3. To specify additional security settings, click Options and do any of the following:

* Allow only specified apps and services to connect: Click the Add button , then select the app or service in the dialog that appears.

* Allow only essential apps and services to connect: Turn on “Block all incoming connections.”

* Automatically allow built-in software to receive incoming connections: Turn on “Automatically allow built-in software to receive incoming connections.”

* Automatically allow downloaded signed software to receive incoming connections: Turn on “Automatically allow downloaded signed software to receive incoming connections.”

* Make it more difficult for hackers and malware to find your Mac: Turn on “Enable stealth mode.”

Set firewall access for services and apps

1. On your Mac, choose Apple menu  > System Settings, click Network  in the sidebar, then click Firewall. (You may need to scroll down.)

2. Click Options.

3. If the Options button is disabled, first turn on Firewall.

4. Click the Add button  under the list of services, then select the services or apps you want to add. After an app is added, click its up and down arrows  and choose whether to allow or block connections through the firewall.

5. Blocking an app’s access through the firewall could interfere with or affect the performance of the app or other software that may depend on it.

6. Important: Certain apps that don’t appear in the list may have access through the firewall. These can include system apps, services, and processes, as well as digitally signed apps that are opened automatically by other apps. To block access for these programs, add them to the list.

7. When your Mac detects an attempt to connect to an app you haven’t added to the list and given access to, an alert message appears asking if you want to allow or deny the connection over the network or internet. Until you take action, the message remains, and any attempts to connect to the app are denied.

Thank you.

Drkatzjr wrote:

What would this indicate?

It's a known bug in the Application firewall.

That being said, the Application firewall isn't really a functional app, even without this bug. If you don't want other people to have access to your Mac, then turn off all sharing services.

Drkatzjr wrote:

Well - It should be a “functional app”

It's complicated, in more ways than one.

Network administration is a difficult concept. There actually is a functional firewall app installed, but most people don't know about it. Learning how to use it would be beyond the technical abilities of most people. People want something they can enable with a click of a button. But if it breaks things, then they complain. Therefore, we have an app that users can enable with a click of a button and doesn't break anything. It doesn't actually do anything either, but no one knows that.

If Apple didn't provide this tool, users would still want something they could enable with a click of a button. They would go off and install some expensive, 3rd party scamware tool instead. That tool also wouldn't be functional, but would reduce security and open people up to malware, still more scams, and tracking of personal information. This is how the consumer software market works, especially where security is concerned.

It is unfortunate that Apple introduced this bug and opened up these kinds of uncomfortable discussions. Such is the world today. Can't fix it. It's broken. Both the world and the app.

Drkatzjr wrote:

But I should be able to at least turn on "Stealth" in the firewall.

No clue. But as I said above. Even if you could turn on “stealth” mode, it isn’t going to have any effect. Stealth mode only blocks one specific type of network packet. In virtually all cases, you would never encounter that network packet anyway.

All of these Firewall “protections” aren’t protecting you against people on the internet, they are protecting you against potential hacking from your family. That might sound like a joke, but that’s really what is going on. Your WiFi router probably already blocks all outside connections. The ICMP packets that stealth mode is going to block could only come from people already connected to your WiFi. Probably the only reason said packets would ever occur would be if you were trying to debug some WiFi problem and you were the one sending them.

And no, I’m not done yet! As you may recall, the default behaviour of the firewall is to allow connections to all Apple software and all signed 3rd party software. No hacker would need to bother with ICMP “ping” packets while your computer is already advertising and providing actual services on all those well-known ports.

If not...Apple is not what I thought it was.

What did you think Apple was? Apple isn’t evil or malicious. Apple barely even qualifies as being sneaky. Apple is a consumer electronics company. They sell products to end users who do not understand any of these technical details. “Stealth mode” is a big deal at Apple. Apple tries very hard to keep its users as safe, happy, productive, and inspired as they are in those Apple TV commercials. They sincerely want that. But in order to make that happen, they have to hide most of the complexity and the dangers.

I’m sure you’ve heard about hackers. Apple is always in the news about some new exploit for which you must update your devices TODAY! Yeah, that’s all fake. Apple knows it. They used to try to fight it, but not anymore. It drives updates and new product sales.

What you don’t know about are the massive amounts of scams. Scams aren’t hacks. Scams are totally legal. Because of this, Apple has to be sneaky about protecting you from them. Apple doesn’t want you to know how corrupt the world is. The “Application firewall” is part of that. It is unfortunate that you were paying attention closely enough to notice a bug. Now I have to tell you the truth about Santa Claus. It’s just an app to prevent you from getting scammed. All that I’ve written here is just the briefest of summary about network security and the consumer software market. Reality is much more complex. Please don’t look at this minor failure on Apple’s part and go to the scammers for help.

Drkatzjr wrote:

You state that the firewall Mac offers its users is basically an impotent feature, except to assuage

the possibility of "family members" hacking or accessing personal information without consent.

No. I did not say that.

The application firewall is a non-feature. It doesn't do anything. I may have ranted about some edge case theoretical, impossible aspect about something that might have potentially happened in an alternative universe. But don't take that literally. The app does nothing.

Could you expand how this can be accomplished in firewall given whatever I change or alter is literally reverted back?

To reiterate again, the app does nothing. It also has a serious bug. While doing nothing, it accidentally tells the user that it is doing nothing. Then the user gets worried that the app might actually be doing nothing. Surprise! The app does nothing. Never has.