Posted on 01-28-2022 02:44 AM
We have a configuration profile which enables the builtin firewall for the devices. It happens from time to time that developers are testing some applications and would accidentally deny the prompt for allowing access due to various reasons. Now, in previous macOS versions I would just fix the issue with socketfilterfw, however on Monterey macs I see the following:
bash-3.2# /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate Firewall settings cannot be modified from command line on managed Mac computers.
So, now I have to move the device out of scope of the config profile, allow the blocked connection manually, then move the device back to scope. Furthermore, allowing exceptions on Jamf seems possible only if you have both the name and bundle ID, which is not available for a significant portion of command line tools as far as I am aware, only for signed apps. How are people handling firewall exceptions in an environment where people mostly do not have admin rights on their machines?
Posted on 04-22-2022 12:08 PM
Would love to know if anyone has workflows for this.
Posted on 09-16-2022 07:40 AM
i've just come across this same problem, its a real pain and not sure how to resolve this.