Hi everyone,
Is it possible to setup Filter configuration in a way that all users can see it in System Preferences -> Network and with correct status (running/not running, that is filtering or not filtering)?
When I configure firewall under one user account by setting up System Extension with Network Content Filter, I can see a new item in System Preferences -> Network, where I can also stop and start firewall filtering. When I restart the machine and log in under another user, filtering is still in effect, but this second user cannot see the filter in System Preferences -> Network. In our App it means that we are also unable to get proper filtering state after calling NEFilterManager.shared().loadFromPreferences.
I tried to call NEFilterManager.shared().saveToPreferences from System Extension, but I'm getting an error, probably because that runs under root and there is no macOS popup that could ask user to "Allow" filtering.
How can I handle this multi-user scenario?
When one user configures firewall filtering, the other user should be able to see firewall status, especially if it's filtering data.
I guess it would be fine if filtering worked for users separately, although it would pose a security risk for the machine, because one user would use strict rules, another relaxed rules. In that case we would have to enforce certain rules by the app.
But filtering works as expected, so when one user configures firewall (usually admin - IT support in corporate world), it filters network by the same rules for all users. It's just that other users see firewall as disabled.
Is there a way to call NEFilterManager.shared().saveToPreferences or setup NEFilterProviderConfiguration() in a way that all users see the Filter in System Preferences -> Network and app shows correct firewall status?
Thanks.
Robert
Is it possible to setup Filter configuration in a way that all users can see it in System Preferences -> Network and with correct status (running/not running, that is filtering or not filtering)?
When I configure firewall under one user account by setting up System Extension with Network Content Filter, I can see a new item in System Preferences -> Network, where I can also stop and start firewall filtering. When I restart the machine and log in under another user, filtering is still in effect, but this second user cannot see the filter in System Preferences -> Network. In our App it means that we are also unable to get proper filtering state after calling NEFilterManager.shared().loadFromPreferences.
I tried to call NEFilterManager.shared().saveToPreferences from System Extension, but I'm getting an error, probably because that runs under root and there is no macOS popup that could ask user to "Allow" filtering.
How can I handle this multi-user scenario?
When one user configures firewall filtering, the other user should be able to see firewall status, especially if it's filtering data.
I guess it would be fine if filtering worked for users separately, although it would pose a security risk for the machine, because one user would use strict rules, another relaxed rules. In that case we would have to enforce certain rules by the app.
But filtering works as expected, so when one user configures firewall (usually admin - IT support in corporate world), it filters network by the same rules for all users. It's just that other users see firewall as disabled.
Is there a way to call NEFilterManager.shared().saveToPreferences or setup NEFilterProviderConfiguration() in a way that all users see the Filter in System Preferences -> Network and app shows correct firewall status?
Thanks.
Robert