12
Enable the application firewall via
defaults write /Library/Preferences/com.apple.alf globalstate -int 1
(0 to disable), and restart the services
launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist
The application firewall can be controlled with the /usr/libexec/ApplicationFirewall/socketfilterfw
binary.
See here for further information.
Note that the application firewall is entirely different from the BSD packet filter, that can be configured with the ipfw
command line utility.
On newer versions of macOS restarting the services will fail because of "Operation not permitted while System Integrity Protection is engaged". Disabling SIP is not recommended and quite difficult. As a workaround, restart the computer – treaz – 2019-02-10T05:33:16.643
1You need to
sudo
the unload & load of the daemon (/System/Library/LaunchDaemons/com.apple.alf.agent.plist); otherwise it'll try to unload & load them from the user launchd, which won't work right. Do not, however,sudo
the commands for the useragent. – Gordon Davisson – 2012-09-10T13:51:21.533