MacOS Firewall: Program grayed out, can't be added to Firewall Options

Solution 1:

You can try controlling the firewall through the Terminal interface of the Application Firewall, socketfilterfw.

Step-by-step

socketfilterfw is located under /usr/libexec/ApplicationFirewall, so first go there in Terminal:

cd /usr/libexec/ApplicationFirewall

Then you can list existing rules with:

./socketfilterfw --listapps

You can add an application with the following command:

sudo ./socketfilterfw --add <full path to application executable>

Terminal should print Incoming connection to the application is permitted when successful.

Example: allowing python through in an Anaconda install

It seems you have installed python through Anaconda and are trying to let it through the firewall.
In this example I go through all the steps in Terminal.
I assume that you're working in the base environment, if not, you need to change that name in the first steps.

conda activate base
python_loc=$(which python)
cd /usr/libexec/ApplicationFirewall
sudo ./socketfilterfw --add $python_loc
sudo ./socketfilterfw --listapps

The last step should show the freshly added python application in the list:

ALF: total number of apps = 8 

...

8 :  /Users/username/opt/anaconda3/bin/python3.9 
     ( Allow incoming connections ) 

Note that python is often a symlink to another binary (e.g. python3.9 or python2.7). During the creation it's fine to refer to the symlink, but when you want to remove the rule again (with ./socketfilterfw --remove) you need to provide the actual path that is listed by socketfilterfw (/Users/username/opt/anaconda3/bin/python3.9 in this case), not the symlink.