From adb8b976963812b064904da6b6b2e144fe1f8736 Mon Sep 17 00:00:00 2001
From: Rezart Qelibari <entwickler-kontakt@astzweig.de>
Date: Mon, 2 May 2022 05:45:08 +0200
Subject: [PATCH] Configure macOS firewall

---
 modules/01-system-settings.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/modules/01-system-settings.sh b/modules/01-system-settings.sh
index c0cd6df..44f2ac4 100755
--- a/modules/01-system-settings.sh
+++ b/modules/01-system-settings.sh
@@ -16,6 +16,7 @@ function getExecPrerequisites() {
     [nvram]=''
     [pmset]=''
     [defaults]=''
+    [/usr/libexec/ApplicationFirewall/socketfilterfw]=''
     [launchctl]=''
   )
 }
@@ -89,6 +90,15 @@ function configureLoginWindow() {
   ${cmd} GuestEnabled -bool false
 }
 
+function configureMacOSFirewall() {
+  cmd=(/usr/libexec/ApplicationFirewall/socketfilterfw)
+  ${cmd} --setglobalstate on
+  ${cmd} --setblockall off
+  ${cmd} --setstealthmode on
+  ${cmd} --setallowsigned on
+  ${cmd} --setallowsignedapp on
+}
+
 function configure_system() {
   lop -y h1 -- -i 'Configure System Settings'
   quitSystemPreferences
@@ -97,6 +107,7 @@ function configure_system() {
   indicateActivity -- 'Configuring power management' configurePowerManagement
   indicateActivity -- 'Configuring login window' configureLoginWindow
   indicateActivity -- 'Configure global umask' launchctl config user umask 027
+  indicateActivity -- 'Configure macOS firewall' configureMacOSFirewall
 }
 
 function getUsage() {