Application Firewall is not enabling pfctl

I have a development environment that uses the Pow webserver. When I initially set it up, it automatically reconfigured the firewall to allow me to connect to my_project_name.dev urls.

Last time I upgraded to macOS Sierra, that stopped working. Every time my MacBook reconnects to the network, I have to run sudo pfctl -f /etc/pf.conf before the firewall rules allow me to access the .dev urls that Pow configured. From what I've read, macOS's Application Firewall is supposed to start pfctl automatically. Why isn't this working? Where should I start looking to troubleshoot this?


A workaround which worked for me:

  • System Preferences -> Security & Privacy -> Firewall -> Firewall options -> Check "Enable stealth mode"
  • Reboot
  • Check if pfctl is enabled now, in a Terminal:

    sudo pfctl -s info | egrep -i --color=auto 'enabled|disabled'