From macOS X 10.12, Apple provides a program firewall which enables you to control connections on a program basis (rather than on a port basis). This allows the benefits of firewall protection to be more easily utilized and prevents unwanted programs from taking control of network ports that are open for legitimate programs.
- First proceed as described here.
- Select Firewall as the profile you wish to add. The following dialogue will open:
Make the following settings:
- Profile name: Specify a name for the profile.
- Enable: Specify, whether the firewall should be enabled or not.
- Block all incoming connections: Selecting this option prevents all sharing services, such as File Sharing and Screen Sharing from receiving incoming connections. The system services that are still allowed to receive incoming connections are:
- configd, which implements DHCP and other network configuration services
- mDNSResponder, which implements Bonjour
- racoon, which implements IPSec.
- Stealth mode: You can activate stealth mode with this option. This makes it difficult for hackers and malware to discover the macOS devices. In stealth mode, your users’ macOS devices will neither react to ping requests nor to connection attempts from a closed TCP or UDP network.
- Bundle ID: Here you can determine which apps are allowed or blocked from connecting to the macOS devices. Use the Bundle ID of each app for this and select Allowed oder Not allowed.
Now you can distribute the newly created profile to users / groups / devices.
- To do this, select the desired profile in the left-hand column of the management console and click Assign.
- Now select the users, group templates or devices to whom you want to assign this profile.
Note! You can also assign the profiles under Control Panel→ Users or Group Templates.