2.5.5 Review Application Firewall Rules

Information

A firewall is a piece of software that blocks unwanted incoming connections to a system. Apple has posted general documentation about the application firewall.

http://support.apple.com/en-us/HT201642

A computer should have a limited number of applications open to incoming connectivity.

Rationale:

A firewall minimizes the threat of unauthorized users from gaining access to your system while connected to a network or the Internet. Which applications are allowed access to accept incoming connections through the firewall is important to understand.

Solution

Perform the following to remove unnecessary firewall rules:

Open System Preferences

Select Security & Privacy

Select Firewall Options

Select unneeded rule(s)

Select the minus sign below to delete them

Terminal Method:
Run the following command to remove specific applications:

$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove </path/application name>

Application at path ( </path/application name> ) removed from firewall

The </path/application name> is the one to be removed from the previous listing
example:

$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps
ALF: total number of apps = 3

1 : /System/Library/CoreServices/RemoteManagement/ARDAgent.app
( Allow incoming connections )

2 : /Applications/Chess.app
( Allow incoming connections )

3 : /Applications/Contacts.app
( Block incoming connections )

$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --remove /Applications/Chess.app

Application at path ( /Applications/Chess.app ) removed from firewall

See Also

https://workbench.cisecurity.org/files/3013

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12), CSCv6|9.2

Plugin: Unix

Control ID: 02ea29f5147e676300c2c26dc695ce7801a4cb88fc41603fefd0a252dbbe2817