macOS13.2.1 防火墙设置修改方法

因为未知的原因，macOS13.2.1 中在设置中无法修改防火墙的配置，具体表现为对防火墙设置如“Enable stealth mode”打开后，重新打开设置发现该设置并未开启，并且通过 ICMP 报文进行测试会发现依旧可以回应 PING 。联系苹果售后给出的解决方案只有“重装系统”，这个方法太麻烦了，并不想使用这个办法。 经过研究，发现通过 /usr/libexec/ApplicationFirewall/socketfilterfw 可以进行控制。以开启“隐身模式”为例：

/usr/libexec/ApplicationFirewall
❯ sudo ./socketfilterfw --setstealthmode on
Password:
Stealth mode enabled
❯ sudo ./socketfilterfw --getstealthmode
Stealth mode enabled

这样进入设置就可以发现防火墙可以被正确设置了。

同样，其他的设置也可以采用同样的方式解决，其对应的完整命令如下：

❯ ./socketfilterfw -h
usage: ./socketfilterfw [-d] [-l] [-k] [--getglobalstate] [--setglobalstate on | off] [--getblockall] [--setblockall on | off] [--listapps] [--getappblocked <path>] [--blockapp <path>] [--unblockapp <path>] [--add <path>] [--remove <path>] [--getallowsigned] [--setallowsigned] [--setallowsignedapp] [--getstealthmode] [--setstealthmode on | off] [--getloggingmode] [--setloggingmode on | off] [--getloggingopt] [--setloggingopt throttled | brief | detail]
firewallapp is used to control Application Firewall socket filter.
The command takes the following options that are evaluated in order,
and several options may be combined:
 -h        display this help and exit
 -d        turn on debugging
 -l        do logging and run in daemon mode
 -k        kill daemon
 --getglobalstate                display if the firewall is enabled or not
 --setglobalstate on | off       turn the firewall on or off
 --getblockall                   show whether block all is enabled or not
 --setblockall on | off          enable or disable block all option
 --listapps                      display a list of paths of added applications
 --getappblocked <path>          show whether connections are blocked or not for
                                 the application at <path>
 --blockapp <path>               block the application at <path>
 --unblockapp <path>             unblock the application at <path>
 --add <path>                    add the application at <path> to the firewall
 --remove <path>                 remove the application at <path> from the
                                 firewall
 --getallowsigned                show whether built-in and downloaded signed applications are to
                                 automatically receive incoming connections
 --setallowsigned on | off       set whether built-in signed applications are to
                                 automatically receive incoming connections or not
 --setallowsignedapp on | off    set whether downloaded signed applications are to
                                 automatically receive incoming connections or not
 --getstealthmode                show whether stealth mode is on or not
 --setstealthmode on | off       set stealth mode on or off
 --getloggingmode                show whether logging is on or not
 --setloggingmode on | off       set logging to on or off
 --getloggingopt                 show logging option
 --setloggingopt throttled |     set logging option
                     brief |
                    detail