Add Firewall config profile

mdm_artifacts.tf

@@ -153,3 +153,19 @@ resource "zentral_mdm_profile" "system-logging-1" {
   macos       = true
   version     = 1
 }
+
+# Firewall
+
+resource "zentral_mdm_artifact" "mscp-firewall" {
+  name      = "mSCP - firewall"
+  type      = "Profile"
+  channel   = "Device"
+  platforms = ["macOS"]
+}
+
+resource "zentral_mdm_profile" "mscp-firewall-1" {
+  artifact_id = zentral_mdm_artifact.mscp-firewall.id
+  source      = filebase64("${path.module}/mobileconfigs/com.apple.security.firewall.mobileconfig")
+  macos       = true
+  version     = 1
+}

mdm_default_blueprint.tf

@@ -68,3 +68,11 @@ resource "zentral_mdm_blueprint_artifact" "system-logging" {
   artifact_id  = zentral_mdm_artifact.system-logging.id
   macos        = true
 }
+
+# Firewall
+
+resource "zentral_mdm_blueprint_artifact" "mscp-firewall" {
+  blueprint_id = zentral_mdm_blueprint.default.id
+  artifact_id  = zentral_mdm_artifact.mscp-firewall.id
+  macos        = true
+}

mobileconfigs/com.apple.security.firewall.mobileconfig

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>ConsentText</key>
+	<dict>
+		<key>default</key>
+		<string>THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY, CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.</string>
+	</dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>EnableFirewall</key>
+			<true/>
+			<key>EnableLogging</key>
+			<true/>
+			<key>EnableStealthMode</key>
+			<true/>
+			<key>LoggingOption</key>
+			<string>detail</string>
+			<key>PayloadIdentifier</key>
+			<string>alacarte.macOS.Yolo.981696bf-aede-488b-9613-49e2f5b4b981</string>
+			<key>PayloadType</key>
+			<string>com.apple.security.firewall</string>
+			<key>PayloadUUID</key>
+			<string>981696bf-aede-488b-9613-49e2f5b4b981</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>Created: 2024-07-09
+Configuration settings for the com.apple.security.firewall preference domain.</string>
+	<key>PayloadDisplayName</key>
+	<string>[Yolo] com.apple.security.firewall settings</string>
+	<key>PayloadIdentifier</key>
+	<string>com.apple.security.firewall.Yolo</string>
+	<key>PayloadOrganization</key>
+	<string>macOS Security Compliance Project</string>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>71c2e9bb-41c1-49dc-85e0-ff4dfbc7d2ae</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>