Correct, though both layers remain active. The application-level firewall in the macOS GUI and the packet-based pf layer work on top of each other (I believe pf is on top of the application layer one but not 100% sure).
So if you have the application firewall on, opening ports in pf won't help.
I'm kinda surprised pf is still in there to be honest. I know some security solutions like McAfee Firewall use it under the hood. But they could do similar things with network extensions. I have expected them to drop it for years now.
So if you have the application firewall on, opening ports in pf won't help.
I'm kinda surprised pf is still in there to be honest. I know some security solutions like McAfee Firewall use it under the hood. But they could do similar things with network extensions. I have expected them to drop it for years now.