riginally introduced in Mac OS X Leopard (10.5.1), the built-in macOS Firewall limits incoming connections on a per-application basis (as opposed to a per-port basis). Disabled by default, this Automox Worklet™ enables the macOS firewall.

Automox Worklet: Enable Firewall on macOS

To deploy this endpoint hardening worklet, do the following:

  1. Log in to your Automox Console.
  2. Navigate to the System Management page, and click Create Policy in the upper right-hand section of the screen.
  3. Choose macOS under Worklet.

Create policy within the Automox console
  1. On the create Worklet page, enter a worklet title in Name under Policy Info. For example, "Enable-Firewall-macOS."
  2. Copy and paste the Evaluation and Remediation code scripts from below. The evaluation code keeps you aware of each device’s ongoing compliance, as well as flags the device for remediation. The remediation code enforces this setting on the schedule you define.

    IMPORTANT NOTE: Change the values as described in the code so that they match your needs.



# helper function to check if a command exists
function command_exists {
type "$1" &> /dev/null

# only evaluate if the socketfilterfw command is available
if command_exists /usr/libexec/ApplicationFirewall/socketfilterfw; then
# check if the firewall is enabled
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate | grep -q 'enabled'

# yes? no?
exit $?

# socketfilterfw command is not available, move along
exit 0



# turn the firewall on
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

# how did we do?
exit $?

6. After you paste and update the evaluation and remediation codes for your needs, click Create Worklet.
7. Assign the worklet to a group or multiple groups, and click Save Changes.
8. Execute the worklet by clicking the Execute Policy Now button.

There you have it, the application firewall is enabled on all Mac endpoints running on OS X v10.5.1 and later.

If you need technical assistance, contact our support team at support@automox.com.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.