Steps to write a application to view network operations using content filter

Question

Created Aug ’20

Replies 1

Boosts 0

Participants 2

HI,
I am trying to understand simplefirewall example in content filters but it looks difficult for me because I am new to swift language.

What are required steps to view the operations on an IP & port using content filter and How to evaluate my own rules and my own actions on filtered rule data

Any one please provide the steps.

Answered by Systems Engineer in 629643022

Going off the sample for Simple Firewall, the NEFilterRule's are setup to filter any inbound TCP connection on port 8888. So that means once your provider matches one of those inbound flows you should see the NEFilterFlow show up in handleNewFlow. From there, the example demonstrates pausing the flow and calling over to the container app and prompting the user to make a decision on whether they want to allow or deny the paused flow. When a response is captured from the user in the container app, the NEFilterDataProvider is then notified and resumeFlow takes over with the appropriate action (allow or drop). This sequence could be structured in your app using any technique that works best for your filter's workflow. Whether it's to prompt the user to make a decision, or to make a decision based on a set of rules that is used in your filter.

To see the Simple Firewall project in action you could build as is and move it into your /Application's folder. Start a local server on your machine or just use netcat to listen on port 8888. On another machine, make a TCP connection with port 8888 to the machine running Simple Firewall and you should receive a prompt to allow / deny:

2020-08-27 07:10:00 ALLOW 8888 <-- x.x.x.x

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Boost

Answer 1

Systems Engineer OP

Apple

Aug ’20

Accepted Answer

Going off the sample for Simple Firewall, the NEFilterRule's are setup to filter any inbound TCP connection on port 8888. So that means once your provider matches one of those inbound flows you should see the NEFilterFlow show up in handleNewFlow. From there, the example demonstrates pausing the flow and calling over to the container app and prompting the user to make a decision on whether they want to allow or deny the paused flow. When a response is captured from the user in the container app, the NEFilterDataProvider is then notified and resumeFlow takes over with the appropriate action (allow or drop). This sequence could be structured in your app using any technique that works best for your filter's workflow. Whether it's to prompt the user to make a decision, or to make a decision based on a set of rules that is used in your filter.

To see the Simple Firewall project in action you could build as is and move it into your /Application's folder. Start a local server on your machine or just use netcat to listen on port 8888. On another machine, make a TCP connection with port 8888 to the machine running Simple Firewall and you should receive a prompt to allow / deny:

2020-08-27 07:10:00 ALLOW 8888 <-- x.x.x.x

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0