Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, software catalog Integrations
Docs Pricing
More
News Case studies Ask around Meetups Share your story
The handbook Get your license Schedule a demo
Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

alf

click to open the table of contents
macOS logo

alf

Details about the status of the built-in firewall protection on this Mac.

Column Type Description
allow_signed_enabled integer 1 If allow signed mode is enabled else 0 (not supported on macOS 15+)
firewall_unload integer 1 If firewall unloading enabled else 0 (not supported on macOS 15+)
global_state integer 1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0
logging_enabled integer 1 If logging mode is enabled else 0
logging_option integer Firewall logging option (not supported on macOS 15+)
stealth_enabled integer 1 If stealth mode is enabled else 0
version text Application Layer Firewall version

Example

See the state of the Application Layer Firewall on a Mac. A result of 0 means it is disabled, 1 means it is enabled, and 2 means it is enabled and blocking all inbound connections. See our standard query library for an example policy query using this.

SELECT global_state FROM alf;

Notes

Edit page

Questions?

Ask us anything
{{table.title}} evented table