[Bug]: Firewall Stealth Mode is reported as disabled, even though it is enabled

Question

[Bug]: Firewall Stealth Mode is reported as disabled, even though it is enabled

kirby opened this issue 2 years ago · 2 comments

kirby commented 2 years ago

What happened?

Firewall Stealth Mode is reported as disabled, even though it is enabled

https://paretosecurity.com/auditor/checks/firewall

macOS 13.2.1 (22D68)

Enabled Firewall Stealth Mode
Run Checks

Version

Pareto Security 1.7.6.0 - 5221

Relevant log output

No response

Answer 1 · 2023-02-27T19:00:32.000Z

Hi, this is usually not a bug but a broken firewall config.

Verify with and report back:

/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate --getblockall --getallowsigned --getstealthmode

You can force the settings with:

sudo /usr/libexec/ApplicationFirewall/socketfilterfw \
  --setblockall off \
  --setallowsigned on \
  --setallowsignedapp on \
  --setloggingmode on \
  --setstealthmode on \
  --setglobalstate on

Answer 2 · 2023-02-28T18:30:33.000Z

That did it, I had to reset using CLI.

Thank you

/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate --getblockall --getallowsigned --getstealthmode
Firewall is enabled. (State = 1) 
Block all DISABLED! 
Automatically allow signed built-in software ENABLED 
Automatically allow downloaded signed software ENABLED 
Stealth mode disabled

sudo /usr/libexec/ApplicationFirewall/socketfilterfw \
  --setblockall off \
  --setallowsigned on \
  --setallowsignedapp on \
  --setloggingmode on \
  --setstealthmode on \
  --setglobalstate on
Password:
Block all DISABLED! 
Enabled allow signed built-in applications automatically 
Enabled allow signed downloaded applications automatically 
Stealth mode enabled 
Firewall already enabled 
Turning on log mode 
Log mode is already on