Firewall: unable to change some app settings

[moiraine_sedai]

Since the release candidate came out, I upgraded to Sequoia yesterday (15.0 (24A335)). One issue I found is that in the Firewall > options..., some apps are stuck and I'm unable to change their settings to allow/block, or delete the entries. the command line `/usr/libexec/ApplicationFirewall/socketfilterfw` also does not work on these apps, see the screen shot, apps like zoom, and Things do not have the ↕️ next to allow/block, and for them the delete - and right click also does not work.

The release notes said that the firewall has some deprecation changes and the settings are no longer in the alf plist, where are they now so I can reset the settings? Thanks!

 

[proalorrs]

Same here ... updated yesterday and Zoom did not work anymore. Found out that build in firewall rules are not editable so only workaround solution was to turn off mac firewall

 

[Baggy Spandex]

Same issue here

 

[Doug_in_the_UK]

Same problem here after upgrading to Sequoia. The only solution (for me) was to turn off the Mac firewall.

 

[manofthematch]

This is a serious bug. I hope there will be a quick fix soon.

 

[Kompost]

Unfortunately, I also have this problem.

In addition, there is another problem with the MacOS firewall: When MacOS automatically adds an app with the permission “Allow incoming connections” confirmed by the user (me), all incoming connections for this app are still blocked. With “block incoming connections” of course also. Also, a change is not registered with the automatically generated entries.
If the entry is created manually via the “plus”, an entry works as desired.

 

[proalorrs]

if i add an entry oder delete one manually, the next time i go into firewall settings -> all manually added entries are gone

 

[manofthematch]

If the entry is created manually via the “plus”, an entry works as desired.

... until you close/reopen settings. Then it is gone again.

My rules list additionally features apps which I uninstalled long ago and I cannot delete these entries.

Come on, Apple. Who has forgotten to test this?

 

[Kompost]

Ups, your are right. Ok, then the only workaround to deactivate the firewall until 15.0.1 hopefully.

 

[PotentPeas]

Similar issue here.
Just upgraded to Sequoia (maybe against my better judgement). Firefox won't work unless I disable the firewall globally! Isn't this only supposed to be blocking *inbound* connections?
Other browsers & apps seem to work fine.
I can see Firefox in the list (firewall settings) and it is set to "Block incoming connections" ... Can't change it (similar to the issue described above), can't remove it from the list with the "minus" button either.

Guess I'm running with the firewall off until the next update comes out.

[Edit]
Found this terminal snip on Reddit which allowed me to get Firefox working with the firewall still turned on.
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app

This also set Firefox to "allow incoming connections" in the firewall section of system settings. (Still can't change it from there.)

 

[Ready-for-Apple]

First 4 entries couldn't been changed anymore
sshd-keygen-wrapper is macOS own process if sharing is activated - BUT there's NO sharing activated!?!

Any ideas ?

 

[manofthematch]

sshd-keygen-wrapper is macOS own process if sharing is activated - BUT there's NO sharing activated!?!

That this daemon is listed here does not mean that it is running.

I have the same entry in the firewall rules but there is no process sshd-keygen-wrapper.

 

[PotentPeas]

I see this popping up in the "news" now.

Security Bite: macOS Sequoia's firewall is disrupting security tools [Update: Fixed] - 9to5Mac

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe...

9to5mac.com

Apple's new macOS Sequoia update is breaking some cybersecurity tools | TechCrunch

On Monday, Apple released its latest computer operating system update called macOS 15, or Sequoia. And, somehow, the software update has broken the

techcrunch.com

Blog post with solution for web browsing -- exact same terminal line that I posted above.

macOS firewall blocking web browsing after upgrading to Sequoia

(Image: UPDATE 2024-10-29: I have no longer been experiencing the connectivity issues described in this post since updating to Sequoia 10.1, maybe even 10.0.1. If you are experiencing issues with I…

waclaw.blog

 

[interstella]

I run some apps for amateur radio that need to talk to each other and found that the firewall appears to block the required UDP ports despite the apps all having incoming connections allowed. The only way round this was to disable the firewall.

 

[alexanderlindo]

I got "sshd-keygen-wrapper" entry removed using the terminal command "sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /usr/libexec/sshd-keygen-wrapper" however entries that are present or were presnt in the Applications folder don't seem to go away using "sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove <path-to-app>" command.

 

[dmi_pi]

The 15.1 update does not fix this issue.

 

[alexanderlindo]

The only way to clear unmodifiable entries in macOS Sequoia's firewall is to "Reset" your computer via System Settings > General > Transfer or Reset. This will clean the OS of all added files, apps and settings, restoring macOS to an out-of-box state. Create a Time Machine backup, reset macOS and then manually add back your apps, files and content from the Time Machine backup. After doing this, the firewall becomes functional and you will also discover that macOS Sequoia runs faster than Sonoma and Ventura.

 

[Doug_in_the_UK]

I now use Norton's firewall.

 

[PotentPeas]

The only way to clear unmodifiable entries in macOS Sequoia's firewall is to "Reset" your computer via System Settings > General > Transfer or Reset.

This will work, but there's got to be a way to just reset the firewall configuration to default without having to do a whole system reset.

 

[ai-pdn]

I asked ChatGPT and was told to boot into recovery mode, disable system integrity protection, reboot, remove firewall config file, re-enable SIP, reboot.

Is anyone brave enough to try this?

 

[bogdanw]

I asked ChatGPT and was told to boot into recovery mode, disable system integrity protection, reboot, remove firewall config file, re-enable SIP, reboot.

As always, that garbage generator is wrong.
You don’t have to disable SIP. From Recovery, you can simply delete the preference files:

cd /Volumes/Macintosh\ HD/Library/Preferences/

rm com.apple.networkextension.*