Sequoia firewall: unable to edit some entries

gunnarstahl wrote:

Reality is, that regardless of what you deam to be the 'average joe' the system is required to work as expected.

That assumes that whoever is making those expectations has reasonable and accurate ones. I can expect that my car will always get the miles per gallon that manufacture said it could get. But, if I only do stop and go city driving, it will never get the highest numbers. The problem is not with the car. It's with my expectations.

As a workaround to improve safety, if disabling the internal Apple firewall, I would, if possible, try to install the free, open-source firewall Lulu instead. It is very stable and greatly customisable, both for in- and outgoing traffic.

Besides potential fixes described already by others: Browsing with Firefox should not require any incoming connections. This is by definition outgoing traffic only.

That statement is patently false. The HTTP protocol works on a request/response basis. You request a webpage from somewhere and it responds by sending you data. There is no way you could read anything if something wasn’t sent back to you.

Unless you’re running a web server, it is not listening for unsolicited communications.

Second: A client requests something and the response is sent back to the client - every firewall can handle this (return) traffic. This communication is very different to an "incoming connection", where a listener service is running and waiting for a connection (server behavior). A typical client computer can keep all (incoming) ports closed on the firewall and it will work perfectly fine. In difference you will of course open a port on the firewall when you want to e.g. share data with another computer.

Yes, that’s why I mentioned all of that.

The issue is, when you do not allow incoming traffic, also outgoing traffic is blocked.

As with everyone else’s, my NAT router blocks unsolicited incoming connections.

TheOtherKat wrote:

If the firewall is " a joke" what do you suggest us "Average Joe" do to protect from hackers and outsiders etc

In addition to etresoft's excellent advice, see this:

Effective defenses against malware and ot… - Apple Community

The best defense is between your ears.

This is a serious bug they should look into.

I believe they are putting in all the effort they believe it deserves.

If the firewall is " a joke" what do you suggest us "Average Joe" do to protect from hackers and outsiders etc

I am having this issue aswell. I was able to remove the unmodifiable "sshd-keygen-wrapper" entry by using the terminal command "sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /usr/libexec/sshd-keygen-wrapper" but when I use that same command with lets say "com.apple.garageband" with this command "sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove com.apple.garageband" the command executes then the "com.apple.garageband" entry remains.

Turn it off until Apple fixes the bug in it.

Patch 15.0.1 don't fix the problem.

Unfortunately, I also have this problem.

In addition, there is another problem with the MacOS firewall: When MacOS automatically adds an app with the permission “Allow incoming connections” confirmed by the user (me), all incoming connections for this app are still blocked. With “block incoming connections” of course also. Also, a change is not registered with the automatically generated entries.

If the entry is created manually via the “plus”, an entry works as desired.

etresoft wrote:

Average Joes shouldn't be using a firewall. Firewalls are for network administrators. The built-in Apple firewall is useless. It's not that it doesn't work per se. It's that it simply has no functionality for a consumer device.

Kinda disagree. The built-in Apple firewall has just enough functionality for the average joe. Though average Joe should try not to install too many apps that act as a server listening to the outside world.

The built-in firewall only applies to the local network. You're protecting your Mac from your phone or maybe your printer. Unless you have an extraordinarily unusual network, no outside connections will even reach your device for the firewall to block them (or allow them).

My home network is kinda ordinary. Streaming devices, NAS, what have you. But believe it or not, I also use my computer outside my home network. Say at a cafe or a hospital or a train. Public networks tend to have more actors than just my phone or a printer. But maybe that is just me and my special needs for my laptop.

The only meaningful functionality that the built-in firewall provides is giving people some switches to click on in hopes they will do that instead of downloading one or more of the dozens of scam "security" apps.

I'd be happy with all my outbound facing ports closed, but for some reason a whole bunch of apps I use are curious to the outside world.

jjohanss wrote:

Barney-15E wrote:

Most apps would have no function without being "curious to the outside world."

You could not use a web browser unless it was "curious to the outside world."

I'm not a native english speaker so maybe it wasn't obvious I was trying to refer to server processes listening to the outside world, waiting for others to initiate contact. For the most part I'm fine with initiating contact myself. For some reason.

Yes, you could install those. I would hope you know what you are installing.

I have the same issue:

Firewall was enabled in the past and incoming connections only allowed where I really needed and expected it. Now after the update to macOS15.0 many applications are only working when the firewall is disabled. As far as I can tell, the same applications cannot be edited in the firewall settings.

Besides potential fixes described already by others: Browsing with Firefox should not require any incoming connections. This is by definition outgoing traffic only.

/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app

(with or without sudo)

is not working for me. I changes the rule from red to green, functionality does not change. Only a disabled firewall does the job. My Firefox is using a proxy server, maybe I am not allowed to use the proxy in the local network? Where can I check this configuration?

Half of what you write is correct. First it is not HTTP protocol specific, it is valid for all protocols.

Second: A client requests something and the response is sent back to the client - every firewall can handle this (return) traffic. This communication is very different to an "incoming connection", where a listener service is running and waiting for a connection (server behavior). A typical client computer can keep all (incoming) ports closed on the firewall and it will work perfectly fine. In difference you will of course open a port on the firewall when you want to e.g. share data with another computer.

Remember: The macOS firewall has a checkbox: Block all incoming connections. And this is exactly what should do the job for 99% of the users who are running a stand-alone computer - when they are using a macOS version lower than 15.0 - because in this version there is an issue.

The issue is, when you do not allow incoming traffic, also outgoing traffic is blocked.