Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
alf
alf
Details about the status of the built-in firewall protection on this Mac.
| Column | Type | Description |
|---|---|---|
| allow_signed_enabled | integer | 1 If allow signed mode is enabled else 0 (not supported on macOS 15+) |
| firewall_unload | integer | 1 If firewall unloading enabled else 0 (not supported on macOS 15+) |
| global_state | integer | 1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0 |
| logging_enabled | integer | 1 If logging mode is enabled else 0 |
| logging_option | integer | Firewall logging option (not supported on macOS 15+) |
| stealth_enabled | integer | 1 If stealth mode is enabled else 0 |
| version | text | Application Layer Firewall version |
Example
See the state of the Application Layer Firewall on a Mac. A result of 0 means it is disabled, 1 means it is enabled, and 2 means it is enabled and blocking all inbound connections. See our standard query library for an example policy query using this.
SELECT global_state FROM alf;Notes
- This table provides information about the built-in firewall in macOS, also known as Application Layer Firewall (ALF).
Questions?
SOC2 Type 2
