View all Worklets
macOS

Enable Firewall Stealth Mode

Enables Firewall Stealth Mode on the targeted endpoints.

Worklet Details

Introduction to the Bash-Based Enable Firewall Stealth Mode Worklet

The Enable Firewall Stealth Mode Worklet is a bash-based script designed for Mac devices to enhance their security by activating stealth mode in the system's firewall settings. This Worklet ensures that the target device becomes unresponsive to unsolicited network probes such as ping requests, making it more secure and less visible on public or untrusted networks.

Why would you use the Enable Firewall Stealth Mode Worklet?

Enabling stealth mode is particularly useful for laptop users who frequently connect to various networks, as it offers an additional layer of security. When stealth mode is enabled, traditional network discovery tools like ping will not succeed, making your device less visible to potential attackers. However, other network tools that measure activity and approved applications will continue to function as expected.

The primary use case for this Worklet aligns with MacOS laptops often connected to untrusted networks where host segregation may be non-existent.

Components of the Enable Firewall Stealth Mode Worklet

This Worklet consists of two main components: The evaluation code and the remediation code. The evaluation code checks whether stealth mode is currently disabled or enabled on the device. If it is disabled, the script exits with a non-zero exit code indicating that remediation is necessary. If stealth mode is already enabled, it exits with a zero exit code indicating no further action is required.

How does the Enable Firewall Stealth Mode Worklet work?

Upon execution, the Enable Firewall Stealth Mode Worklet runs a command line check using `usr libexec applicationfirewall socketfilterfw` utility to determine if stealth mode is currently active or disabled on your Mac device's firewall settings. If stealth mode is disabled, the remediation code will be executed to enable it by running `/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on`. This command line instruction activates stealth mode on your Mac endpoints, increasing its security on public or untrusted networks.

What is the expected outcome when you use the Enable Firewall Stealth Mode Worklet?

When successfully executed, the Enable Firewall Stealth Mode Worklet will enable stealth mode on your Mac device's firewall settings. This means that your device will become less visible and more secure on untrusted networks, not responding to unsolicited connection attempts or discovery probes like ping requests.

While this feature can be useful for advanced users who require extra privacy and security measures, it may not be necessary for those who only use their devices on trusted networks with static IP addresses. This Worklet provides an automated way to enhance your macOS endpoints security.

View in app

Consider Worklets your easy button

What's a Worklet?

A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

do more with worklets