+9Hello!
We currently do not enforce the firewall on macOS but will be doing so shortly. A few questions. 1. What is the industry trend? I assume it’s locking down ALF with a configuration profile and not with PF.
Any thoughts or insights? I’ve been researching a lot but coming up with little. Thank you in advance for ANY info.
+9Formatting got funky but there are two main questions.
What is the industry trend? I assume it’s locking down ALF with a configuration profile and not with PF.
If ALF, what is the best method to manage rules and exception? We do this via on-prem AD GPO on windows devices.
+9We enable the firewall, we don't manage rules or exceptions. Our users are admin's so they can add their own rules.
+8We're managing rules/exceptions with pf through Jamf. ALF does not really allow you to set up traditional firewall rules or handle exceptions, it only controls whether applications will allow inbound connections or not. Check out Jason Miller's talk on pf at Macadmins 2016 to get a good overview of pf on MacOS.
pf has its limitations but compared to some of the third party endpoint security/firewall solutions I've had to support on Macs, it's so much simpler to manage.
+31We just enable the FW via config profile and enable both strict and silent mode, so it just blocks all incoming connections, makes it easy
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.