Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

moiraine_sedai

macrumors newbie
Original poster
Oct 15, 2020
5
5
Since the release candidate came out, I upgraded to Sequoia yesterday (15.0 (24A335)). One issue I found is that in the Firewall > options..., some apps are stuck and I'm unable to change their settings to allow/block, or delete the entries. the command line `/usr/libexec/ApplicationFirewall/socketfilterfw` also does not work on these apps, see the screen shot, apps like zoom, and Things do not have the ↕️ next to allow/block, and for them the delete - and right click also does not work.

The release notes said that the firewall has some deprecation changes and the settings are no longer in the alf plist, where are they now so I can reset the settings? Thanks!



Screenshot 2024-09-10 at 14.45.13.png
 

proalorrs

macrumors newbie
Nov 12, 2020
13
2
Same here ... updated yesterday and Zoom did not work anymore. Found out that build in firewall rules are not editable so only workaround solution was to turn off mac firewall
 

Kompost

macrumors newbie
Dec 6, 2009
8
1
Germany
Unfortunately, I also have this problem.

In addition, there is another problem with the MacOS firewall: When MacOS automatically adds an app with the permission “Allow incoming connections” confirmed by the user (me), all incoming connections for this app are still blocked. With “block incoming connections” of course also. Also, a change is not registered with the automatically generated entries.
If the entry is created manually via the “plus”, an entry works as desired.
 

manofthematch

macrumors regular
Feb 24, 2021
110
191
If the entry is created manually via the “plus”, an entry works as desired.
... until you close/reopen settings. Then it is gone again.

My rules list additionally features apps which I uninstalled long ago and I cannot delete these entries.

Come on, Apple. Who has forgotten to test this?
 
  • Like
Reactions: proalorrs

PotentPeas

macrumors member
Jun 25, 2023
75
105
Similar issue here.
Just upgraded to Sequoia (maybe against my better judgement). Firefox won't work unless I disable the firewall globally! Isn't this only supposed to be blocking *inbound* connections?
Other browsers & apps seem to work fine.
I can see Firefox in the list (firewall settings) and it is set to "Block incoming connections" ... Can't change it (similar to the issue described above), can't remove it from the list with the "minus" button either.

Guess I'm running with the firewall off until the next update comes out.

[Edit]
Found this terminal snip on Reddit which allowed me to get Firefox working with the firewall still turned on.
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app

This also set Firefox to "allow incoming connections" in the firewall section of system settings. (Still can't change it from there.)
 
Last edited:

Ready-for-Apple

macrumors regular
Oct 19, 2014
249
197
Germany
First 4 entries couldn't been changed anymore
sshd-keygen-wrapper is macOS own process if sharing is activated - BUT there's NO sharing activated!?!

Any ideas ?

1726669635942.png
 

manofthematch

macrumors regular
Feb 24, 2021
110
191
sshd-keygen-wrapper is macOS own process if sharing is activated - BUT there's NO sharing activated!?!

That this daemon is listed here does not mean that it is running.

I have the same entry in the firewall rules but there is no process sshd-keygen-wrapper.
 

PotentPeas

macrumors member
Jun 25, 2023
75
105
I see this popping up in the "news" now.

Blog post with solution for web browsing -- exact same terminal line that I posted above.
 

interstella

macrumors 6502
Sep 29, 2013
304
188
Suffolk, England
I run some apps for amateur radio that need to talk to each other and found that the firewall appears to block the required UDP ports despite the apps all having incoming connections allowed. The only way round this was to disable the firewall.
 

alexanderlindo

macrumors newbie
Dec 21, 2023
17
7
I got "sshd-keygen-wrapper" entry removed using the terminal command "sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /usr/libexec/sshd-keygen-wrapper" however entries that are present or were presnt in the Applications folder don't seem to go away using "sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove <path-to-app>" command.
 

alexanderlindo

macrumors newbie
Dec 21, 2023
17
7
The only way to clear unmodifiable entries in macOS Sequoia's firewall is to "Reset" your computer via System Settings > General > Transfer or Reset. This will clean the OS of all added files, apps and settings, restoring macOS to an out-of-box state. Create a Time Machine backup, reset macOS and then manually add back your apps, files and content from the Time Machine backup. After doing this, the firewall becomes functional and you will also discover that macOS Sequoia runs faster than Sonoma and Ventura.
 

PotentPeas

macrumors member
Jun 25, 2023
75
105
The only way to clear unmodifiable entries in macOS Sequoia's firewall is to "Reset" your computer via System Settings > General > Transfer or Reset.
This will work, but there's got to be a way to just reset the firewall configuration to default without having to do a whole system reset.
 

ai-pdn

macrumors newbie
Sep 16, 2008
6
4
I asked ChatGPT and was told to boot into recovery mode, disable system integrity protection, reboot, remove firewall config file, re-enable SIP, reboot.

Is anyone brave enough to try this?
 

bogdanw

macrumors 603
Mar 10, 2009
6,141
3,041
I asked ChatGPT and was told to boot into recovery mode, disable system integrity protection, reboot, remove firewall config file, re-enable SIP, reboot.
As always, that garbage generator is wrong.
You don’t have to disable SIP. From Recovery, you can simply delete the preference files:

Code:
cd /Volumes/Macintosh\ HD/Library/Preferences/

rm com.apple.networkextension.*
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.