Managing firewall exceptions on Monterey

user-gyWlUuuekn
New Contributor II

We have a configuration profile which enables the builtin firewall for the devices. It happens from time to time that developers are testing some applications and would accidentally deny the prompt for allowing access due to various reasons. Now, in previous macOS versions I would just fix the issue with socketfilterfw, however on Monterey macs I see the following:

bash-3.2# /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
Firewall settings cannot be modified from command line on managed Mac computers.

So, now I have to move the device out of scope of the config profile, allow the blocked connection manually, then move the device back to scope. Furthermore, allowing exceptions on Jamf seems possible only if you have both the name and bundle ID, which is not available for a significant portion of command line tools as far as I am aware, only for signed apps. How are people handling firewall exceptions in an environment where people mostly do not have admin rights on their machines?

2 REPLIES 2

DBrowning
Valued Contributor II

Would love to know if anyone has workflows for this.

tkimpton
Valued Contributor II

i've just come across this same problem, its a real pain and not sure how to resolve this.