The Apple Firewall Policy allows administrators to configure and enforce macOS firewall settings across managed devices.
This policy enhances endpoint security by controlling incoming connections, managing app-level permissions, and enforcing firewall logging behaviors.
By using this policy, organizations can ensure consistent firewall configurations on all company-managed macOS devices.
Overview
The macOS Application Firewall monitors and controls incoming network connections to your Mac.
The Apple Firewall Policy gives IT administrators centralized control over these firewall settings through Swif MDM, ensuring devices remain protected from unauthorized access and comply with organizational security requirements.
Requirements
Minimum OS version: macOS 10.12+
Management type: Device must be supervised or enrolled via Swif.ai MDM
Some logging options: Available on macOS 12+; removed in macOS 15+
Configurable Settings
Below is a breakdown of all settings available in the Apple Firewall Policy.
Applications
A list of apps for which firewall connection rules are enforced.
Admins can add multiple applications and define how they behave with the macOS firewall.
Block All Incoming Connections
|
|
Description | When enabled, macOS blocks all incoming network connections, regardless of app permissions. |
Minimum Requirement | macOS 10.12+ |
Recommended Use | High-security environments or devices exposed to public networks. |
Allow Incoming Connections to macOS Bundled Software
|
|
Description | Allows Apple’s built-in software (e.g., Facetime, AirDrop services) to receive incoming network connections. |
Minimum Requirement | macOS 12.3+ |
Notes | Useful when blocking all incoming connections but allowing trusted system apps. |
Allow Incoming Connections to Downloaded Signed Apps
|
|
Description | Allows third-party signed applications to receive incoming connections. |
Minimum Requirement | macOS 12.3+ |
Notes | Recommended when an organization needs certain apps (e.g., remote access tools, secure messaging apps) to work properly. |
Enable Stealth Mode
|
|
Description | Prevents the Mac from responding to probing requests (e.g., ping). Protects against network reconnaissance. |
Minimum Requirement | macOS 10.12+ |
Recommended Use | Security-sensitive environments and public networks. |
Enable Firewall (Required)
|
|
Description | Toggles the macOS firewall on or off. This setting must be enabled for other firewall features to take effect. |
Minimum Requirement | macOS 12+ |
Notes | If set to False, all other firewall settings are ignored. |
Enable Logging
|
|
Description | Enables macOS firewall logging to capture firewall events (allowed/blocked connections). |
Minimum Requirement | macOS 12+ |
Note | Removed by Apple in macOS 15+. |
Logging Option
|
|
Description | Specifies the firewall log detail level (e.g., brief or detailed logging). |
Minimum Requirement | macOS 12+ |
Note | Removed by Apple in macOS 15+. |
Best Practices
Enable Firewall across all managed Macs to ensure a baseline level of protection.
Use Block All Incoming Connections for high-security devices such as developer machines, servers, or devices connecting to public Wi-Fi.
Enable Stealth Mode to prevent reconnaissance attacks or unsolicited communication attempts.
Allow incoming connections only for trusted, signed applications required for business operations.
Enable and tune logging (macOS 12–14) to support incident investigations and compliance audits.
How to Configure
Go to Swif Admin Console → Policies → Create New Policy
Select Apple Firewall Policy
Configure the desired firewall settings
Add applications (optional) for custom incoming connection behavior
Click Continue to assign the policy to specific devices or device groups
Review and confirm the policy
The policy will be applied automatically the next time macOS devices sync with Swif MDM.
Compliance & Security Benefits
Enforces consistent firewall behavior across the organization
Reduces exposure to unauthorized network connections
Supports compliance frameworks like SOC 2, HIPAA, PCI DSS, and ISO 27001
Enhances network security posture for remote, hybrid, and on-prem environments
Provides auditability via firewall logging (macOS 12–14)