@meaton @mkilburn we have similar use case to allow network traffic only for our application, could you suggest if we can achieve it with any any of our apis?
https://developer.apple.com/forums/thread/742962
Post
Replies
Boosts
Views
Activity
@dlipicar @meaton we have similar use case to allow network traffic only for our application, could you suggest if we can achieve it with any any of our apis?
https://developer.apple.com/forums/thread/742962
let rules = allowedHosts.map { hostname in
let rule = NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: hostname, port: "0"), prefix: 32, protocol: .any)
return NEFilterRule(networkRule: rule, action: .allow)
}
let rules1 = ["0.0.0.0", "127.0.0.1"].map { hostname in
let rule = NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: hostname, port: "0"), prefix: 32, protocol: .any)
return NEFilterRule(networkRule: rule, action: .drop)
}
let filterSettings = NEFilterSettings(rules: rules + rules1, defaultAction: .filterData)
apply(filterSettings) { error in
if let applyError = error {
os_log(.default, log: OSLog(subsystem: "com.nesedemo.extension", category: "content-filter"), "Failed to apply filter settings: %{public}@", applyError.localizedDescription)
}
completionHandler(error)
}
For endpoint level, I've tried this rule just to blocks all the connection except the host I allow, it works,. Please share your insights on this.
But I don't find an api to control in network traffic from app level.
Hey @eskimo thanks for sharing it.
I checked NEAppProxyProviderManager, but it will be used only with NETunnelProviderManager with per app VPN mode. I can configure per app VPN using
appRules - not ideal, I can’t find a matching rules which excludes only our app.
excludedDomains - I'll leave it as empty, since we'll be allowing flow by filtering app metadata from handleNewFlow(_:)
associatedDomains - not sure if I can give wildcard rules like "0.0.0.0", "127.0.0.1" to match all domains. Could you confirm this?
Also it has limitation where it won't applicable for Apple system apps[except safari].
Thanks @eskimo for the quick reply ❤️. I got it, we'll do the integration test.