Control macOS Firewall

Controls user network traffic using macOS Network Extension.

  • Allows and blocks inbound and outbound traffic according to rules.
  • Network traffic can be controlled by utilizing rules such as App BundleID, App Path, protocol, port, and remote IP.

Control macOS Firewall Options Configuration

  1. Rule Selection: You can select between General Rules and Internet Kill Switch Rules.
  2. General Rules: Allows all internet connections except for blocking rules. Operates in Blacklist mode.
  3. Connection Block Rules: Select the conditions for the rule to be controlled using direction, app path, app bundle ID, protocol, remote IP, port, etc.
  4. Notification Message: Displays a pop-up message to the user when traffic is blocked due to matching a rule.
  5. Prevent Duplicate Message Notifications: Does not display duplicate notification messages if multiple traffic events occur within a short interval.
  6. Duplicate Message Notification Prevention Time: Does not display duplicate notification messages for the specified time.

Configuring Network Blocking Policy via Node Policy

  1. Go to Policy in the top menu.
  2. In the left Policy menu, go to Policy > Node Policy > Node Action.
  3. In the Node Action management window, find and click macOS Firewall Control.
  4. Enter Condition Settings and options.
  5. In the left Policy menu, go to Policy > Node Policy.
  6. Click the node policy to configure the network blocking policy.
  7. Find Node Action Settings and click Assign.
  8. In the Available items, find macOS Firewall Control and drag it to the Selected items.
  9. Click the Add button.
  10. Click the Update button.
  11. Click the Apply Change Policy button in the top right.

Configuring Network Blocking Policy via Enforcement Policy

Step 1. Create Control Target Node Group

  1. Go to Policy in the top menu.
  2. In the left Policy menu, go to Group > Node.
  3. Click Select Tasks > Create.
  4. Click the Add button.
  5. Configure the conditions for the control target and click the Add button.
  6. Click the Create button.

Step 2. Create Control Action

  1. In the left Policy menu, go to Policy > Enforcement Policy > Control Action.
  2. Click Select Tasks > Create.
  3. In the Plugin selection item, select the macOS Firewall Control plugin.
  4. Enter Condition Settings and options.
  5. Click the Create button.

Step 3. Create Enforcement Policy

  1. In the left Policy menu, go to Policy > Enforcement Policy > Enforcement Policy.
  2. Click Select Tasks > Create and complete the Enforcement Policy Wizard.
  3. In the Policy General tab, enter the Policy ID to use in the ID field.
  4. In the Node Group Settings tab, select the newly added node group and move it to the Selected item.
  5. In the Permission Assignment and Control Options tabs, enter the desired options.
  6. In the Control Action Settings tab, find the created Control Action and move it to the Selected item.
  7. Click the Complete button.
  8. Click Apply Change Policy in the top right.