Sequoia firewall: unable to edit some entries

gunnarstahl wrote:

I just came back from a support call with apple support. And they confirmed exactly what I said. The application firewall should be enabled and active. And when I have to choose between some random guy on the 'net and an apple support person, well I know whom to trust.

It's not a matter of trust. In this case, if that's what they told you, then Apple Support is factually incorrect. The firewall is disabled by default. It's Apple that ships it turned off. If Apple Support has a problem with that, they should take it up with Apple.

Currently it seems that the application filter is broken and that it is a critical bug apple is working on. It is expected to be solved in an update.

Oh, it's most definitely broken. Is it a critical bug? Is Apple working on it? Will it be solved in an update? I'm very skeptical about all of those.

In order to make the application firewall something that is better than its current state of "worse than useless", it would need a fundamental re-write from top to bottom. That's definitely not happening. The problem might not even be in the firewall. It could be a lower-level problem with networking. Apple never noticed this during development because nobody at Apple runs the application firewall.

The fix for the current problem is clear - disable the firewall. This does not harm your security in any way. This is the default setting. You can certainly try it again whenever Apple releases an update. Apple has publicly said that 15.1 is going to be released in October. Maybe they will include a fix with that build.

I just came back from a support call with apple support. And they confirmed exactly what I said. The application firewall should be enabled and active. And when I have to choose between some random guy on the 'net and an apple support person, well I know whom to trust.

Currently it seems that the application filter is broken and that it is a critical bug apple is working on. It is expected to be solved in an update.

I am having this issue aswell. I was able to remove the unmodifiable "sshd-keygen-wrapper" entry by using the terminal command "sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /usr/libexec/sshd-keygen-wrapper" but when I use that same command with lets say "com.apple.garageband" with this command "sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove com.apple.garageband" the command executes then the "com.apple.garageband" entry remains.

etresoft wrote:

gunnarstahl wrote:

I just came back from a support call with apple support. And they confirmed exactly what I said. The application firewall should be enabled and active. And when I have to choose between some random guy on the 'net and an apple support person, well I know whom to trust.

It's not a matter of trust. In this case, if that's what they told you, then Apple Support is factually incorrect. The firewall is disabled by default. It's Apple that ships it turned off. If Apple Support has a problem with that, they should take it up with Apple.

Currently it seems that the application filter is broken and that it is a critical bug apple is working on. It is expected to be solved in an update.

Oh, it's most definitely broken. Is it a critical bug? Is Apple working on it? Will it be solved in an update? I'm very skeptical about all of those.

In order to make the application firewall something that is better than its current state of "worse than useless", it would need a fundamental re-write from top to bottom. That's definitely not happening. The problem might not even be in the firewall. It could be a lower-level problem with networking. Apple never noticed this during development because nobody at Apple runs the application firewall.

The fix for the current problem is clear - disable the firewall. This does not harm your security in any way. This is the default setting. You can certainly try it again whenever Apple releases an update. Apple has publicly said that 15.1 is going to be released in October. Maybe they will include a fix with that build.

Yes, it is a matter of trust. In fact, I urge anyone having a valid AppleCare contract to use the support hotline so that they can confirm how to deal with the firewall. And to be quite frank: I find your take on the firewall not only to be wrong but rather to be harmfull. Whether or not you like the apple firewall settings or be under the impression that it does not help, the fact that you try to make others turn their firewall off is irresponsible.

Yes, currently it doesn't work as intended. And Apple's decission to deliver the firewall in a turend-off setting is questionable, to say the least. But going on a public forum and urging people to generally turn the firewall of is ridiculous.

I will not answer any more to this discussion, since I've made myself sufficiently clear.

gunnarstahl wrote:

In fact, I urge anyone having a valid AppleCare contract to use the support hotline so that they can confirm how to deal with the firewall. And to be quite frank: I find your take on the firewall not only to be wrong but rather to be harmfull.

The firewall is off by default. If you have a problem with that, take it up with Apple. That's Apple's decision, not mine. If I'm out here telling you to turn off a default security setting, then you can complain. Why should you disable this default setting? I'm not doing that. I'm telling you to use default settings. If you are claiming that Apple's default security settings are inadequate, then you are the one that needs to support that claim with evidence. And no, if a first-tier Apple Support phone rep told you to does not count.

Yes, currently it doesn't work as intended. And Apple's decission to deliver the firewall in a turend-off setting is questionable, to say the least. But going on a public forum and urging people to generally turn the firewall of is ridiculous.

The is a user-to-user support forum. It is not a forum to debate security practices, Apple decisions, or even low-level network routing. It's a place where people come to get help with their Apple devices. Recent changes in macOS Sequoia are causing many people to experience various networking problems if they have turned on the built-in application firewall. The solution is unequivocal. Turn off the firewall. That's the solution. Problem solved. Zero harm done.

This issue still persists in 15.1.1, when will Apple fix this?

/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/<ApplicationName>.app

This command works as a workaround to ALLOW incoming connection, but there is no equivalent to REMOVE/BLOCK that would work. This issue introduces Security risks, and it is ridiculous that Apple, did not address it yet!

Turn it off until Apple fixes the bug in it.

I'm having this problem also. Turning the firewall off resolves the issue of some applications being blocked, but it can't be the solution. Luckily it works as a temporary workaround while waiting for an actual resolution.

gotenks wrote:

The firewall is broken in Sequoia.

Its always been broken.

causing a lot of pain to the average Joe.

Average Joes shouldn't be using a firewall. Firewalls are for network administrators. The built-in Apple firewall is useless. It's not that it doesn't work per se. It's that it simply has no functionality for a consumer device. The default behaviour is to allow connections. But even if you restrict connections, you aren't actually restricting anything.

the only solution is to disable the firewall

That is the appropriate solution.

The built-in firewall only applies to the local network. You're protecting your Mac from your phone or maybe your printer. Unless you have an extraordinarily unusual network, no outside connections will even reach your device for the firewall to block them (or allow them).

The only meaningful functionality that the built-in firewall provides is giving people some switches to click on in hopes they will do that instead of downloading one or more of the dozens of scam "security" apps.

Unfortunately, in recent years, the built-in firewall has been so riddled with bugs that people who have fallen for this social media misinformation and are running it in the first place are going to see these bugs and then be even more likely to install 3rd party scam apps.

gotenks wrote:

While I agree with most of the statements, I would still expect an OS feature offered by Apple to work as intended.

Agreed.

This is a serious bug they should look into.

Agreed.

However, this is a user-to-user tech support forum. We can't force Apple to make changes. But we also don't like dealing with internet misinformation. We would prefer to just give people the information they need to have a better experience with their devices. For anyone who has enabled the built-in Application firewall, that means turning off the Application firewall.

As a workaround to improve safety, if disabling the internal Apple firewall, I would, if possible, try to install the free, open-source firewall Lulu instead. It is very stable and greatly customisable, both for in- and outgoing traffic.

https://techcrunch.com/2024/09/19/apples-new-macos-sequoia-update-is-breaking-some-cybersecurity-tools/

I just turned it off since it was conflicting with Little Snitch

Apple’s built-in macOS firewall breaks third-party firewalls

aoimame wrote:

Since upgrading to Sequoia, I noticed some entries in the Network > Firewall > options... are no longer editable: some apps are stuck, I'm unable to change their settings to allow/block, or delete the entries. the command line `/usr/libexec/ApplicationFirewall/socketfilterfw` also does not work on these apps, see the screen shot, apps like zoom, and Things do not have the ↕️ next to allow/block, and for them the delete - and right click also does not work.

The release notes said that the firewall has some deprecation changes and the settings are no longer in the alf plist, where are they now so I can reset the settings? Thanks!

https://discussions.apple.com/content/attachment/0f4d5bf3-e481-4f7e-a639-d188ab2f4fc2

If you are behind your Network router I would turn off the Firewall and compare your results.

see if there is more here—

closing open ports on a MAC, - Apple Community

Unfortunately, I also have this problem.

In addition, there is another problem with the MacOS firewall: When MacOS automatically adds an app with the permission “Allow incoming connections” confirmed by the user (me), all incoming connections for this app are still blocked. With “block incoming connections” of course also. Also, a change is not registered with the automatically generated entries.

If the entry is created manually via the “plus”, an entry works as desired.