Hello here,
There is a macOS feature called Stealth Mode under Firewall in System Settings. It's supposedly blocks ICMP request messages (aka Ping).
It seems to work fine, only until the device is put to sleep. This can be done either manually from Apple Menu -> Sleep, or by simply closing the MacBook lid. The device suddenly starts replying to pings roughly 10 seconds after entering sleep mode.
Exactly the same seems to happen even if I enable pf with a rule:
block all
Does anyone know what's happening? Seems like packet filtering or firewall is not applied anymore after the OS is put to sleep. Are the ICMP packets handled by the Kernel or WNIC firmware after sleep?
I reported this through Apple Feedback Assistant but they were very dismissive and simply said they were not able to reproduce this.