mirror of
https://github.com/apple/device-management.git
synced 2026-07-10 21:13:42 +02:00
117 lines
3.1 KiB
YAML
117 lines
3.1 KiB
YAML
title: Firewall
|
|
description: The payload that configures the firewall.
|
|
payload:
|
|
payloadtype: com.apple.security.firewall
|
|
supportedOS:
|
|
iOS:
|
|
introduced: n/a
|
|
macOS:
|
|
introduced: '10.12'
|
|
multiple: true
|
|
devicechannel: true
|
|
userchannel: false
|
|
requiresdep: false
|
|
userapprovedmdm: false
|
|
allowmanualinstall: true
|
|
userenrollment:
|
|
mode: forbidden
|
|
tvOS:
|
|
introduced: n/a
|
|
visionOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
content: |-
|
|
Manages the Application Firewall settings (e.g. Security pref pane -> Firewall).
|
|
Notes:
|
|
* The payload must exist in a "system" scoped profile.
|
|
* If more than one profile contains this payload, the most restrictive union of settings will be used.
|
|
payloadkeys:
|
|
- key: EnableFirewall
|
|
type: <boolean>
|
|
presence: required
|
|
content: If `true`, the system enables the firewall.
|
|
- key: BlockAllIncoming
|
|
type: <boolean>
|
|
presence: optional
|
|
content: If `true`, the system enables blocking all incoming connections.
|
|
- key: EnableStealthMode
|
|
type: <boolean>
|
|
presence: optional
|
|
content: If `true`, the system enables stealth mode.
|
|
- key: Applications
|
|
type: <array>
|
|
presence: optional
|
|
content: The list of apps with connections that the firewall controls.
|
|
subkeys:
|
|
- key: ApplicationsItem
|
|
title: Applications
|
|
type: <dictionary>
|
|
subkeys:
|
|
- key: BundleID
|
|
title: Application identifier
|
|
type: <string>
|
|
presence: required
|
|
content: The bundle identifier for the app.
|
|
- key: Allowed
|
|
title: Allow connections
|
|
type: <boolean>
|
|
presence: required
|
|
content: If `true`, the system allows connections for the app.
|
|
- key: EnableLogging
|
|
supportedOS:
|
|
macOS:
|
|
introduced: '12.0'
|
|
deprecated: '15.0'
|
|
removed: '15.0'
|
|
type: <boolean>
|
|
presence: optional
|
|
content: If `true`, the system enables logging.
|
|
- key: LoggingOption
|
|
supportedOS:
|
|
macOS:
|
|
introduced: '12.0'
|
|
deprecated: '15.0'
|
|
removed: '15.0'
|
|
type: <string>
|
|
presence: optional
|
|
rangelist:
|
|
- throttled
|
|
- brief
|
|
- detail
|
|
content: The type of logging.
|
|
- key: AllowSigned
|
|
supportedOS:
|
|
macOS:
|
|
introduced: '12.3'
|
|
type: <boolean>
|
|
presence: optional
|
|
default: true
|
|
content: |-
|
|
If `true`, the system allows built-in software to receive incoming connections.
|
|
|
|
> Note:
|
|
> The system ensures that `AllowSigned` always has a value. If missing from the payload, the system sets it to `true`.
|
|
- key: AllowSignedApp
|
|
supportedOS:
|
|
macOS:
|
|
introduced: '12.3'
|
|
type: <boolean>
|
|
presence: optional
|
|
default: true
|
|
content: |-
|
|
If `true`, the system allows downloaded signed software to receive incoming connections.
|
|
|
|
> Note:
|
|
> The system ensures that `AllowSignedApp` always has a value. If missing from the payload, the system sets it to `true`.
|
|
notes:
|
|
- title: ''
|
|
content: |-
|
|
The payload needs to exist in a system-scoped profile.
|
|
|
|
If more than one profile contains this payload, the system uses the most restrictive union of settings.
|
|
examples:
|
|
- title: Profile example
|
|
files:
|
|
- file: examples/mdm/profiles/com.apple.security.firewall/example1.plist
|