Post

Replies

Boosts

Views

Activity

Reply to Block all the network traffic except our application
Hey @eskimo thanks for sharing it. I checked NEAppProxyProviderManager, but it will be used only with NETunnelProviderManager with per app VPN mode. I can configure per app VPN using appRules - not ideal, I can’t find a matching rules which excludes only our app. excludedDomains - I'll leave it as empty, since we'll be allowing flow by filtering app metadata from handleNewFlow(_:) associatedDomains - not sure if I can give wildcard rules like "0.0.0.0", "127.0.0.1" to match all domains. Could you confirm this? Also it has limitation where it won't applicable for Apple system apps[except safari].
App & System Services Core OS
Dec ’23
Reply to Block all the network traffic except our application
let rules = allowedHosts.map { hostname in let rule = NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: hostname, port: "0"), prefix: 32, protocol: .any) return NEFilterRule(networkRule: rule, action: .allow) } let rules1 = ["0.0.0.0", "127.0.0.1"].map { hostname in let rule = NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: hostname, port: "0"), prefix: 32, protocol: .any) return NEFilterRule(networkRule: rule, action: .drop) } let filterSettings = NEFilterSettings(rules: rules + rules1, defaultAction: .filterData) apply(filterSettings) { error in if let applyError = error { os_log(.default, log: OSLog(subsystem: "com.nesedemo.extension", category: "content-filter"), "Failed to apply filter settings: %{public}@", applyError.localizedDescription) } completionHandler(error) } For endpoint level, I've tried this rule just to blocks all the connection except the host I allow, it works,. Please share your insights on this. But I don't find an api to control in network traffic from app level.
App & System Services Core OS
Dec ’23