Posted on 04-20-2023 07:19 AM
I have been asked to implement Jamf to manage the local Firewall - security would like the Firewall to be enabled, user restricted from making changes, and block all incoming connections ASIDE from built in Apple or signed software. I can do this locally by just making sure the right buttons are selected, but when managing this through Jamf there is no way to allow built in Apple software. These services would include AirDrop, AirPlay and hand off from iOS devices to macOS. Jamf has two options: block ALL incoming connections (which prevents AirPlay etc) and "Control incoming connections for specific apps". The second option allows the user to select whether to allow or deny an incoming connection - and the message doesn't convey that the connection they are allowing is actually related to AirPlay, so I foresee a lot of tickets as a result.
I've done googling for this and it looks like this used to be able to be fixed with scripting, but that isn't an option since Monterey dropped. How are y'all managing your Firewall settings with Monterey & Ventura?
Posted on 04-20-2023 09:57 AM
You may need to review the pf firewall commands. There is a JNUC video floating around and a slack channel
Posted on 04-20-2023 10:10 AM
May want to try and use your own upload of the com.apple.security.firewall. There are key's for allowing signed and built-in apps.
https://developer.apple.com/documentation/devicemanagement/firewall
Posted on 04-21-2023 06:54 AM
For consideration, would a restriction profile disabling AirDrop, AirPlay, HandOff directly be an easier approach.