Inbound Connections not getting identified as flow in Network Extension Content Filter

Hi all,
I am trying to listen to all inbound connections. I had initially given the direction to be inbound in the filter rule and I was not able to see any flow. Then I made the filter to be more generic so that I am able to receive connection irrespective of its direction. After this change I am only able to see flow of outward connections.

This is my filter code.
Code Block
        let anyHostAndPortRule = NENetworkRule(
            remoteNetwork: nil,
            remotePrefix: 0,
            localNetwork: nil,
            localPrefix: 0,
            protocol: .TCP,
            direction: .any
        )
        let filterRule = NEFilterRule(networkRule: anyHostAndPortRule, action: .filterData)
        let filterSettings = NEFilterSettings(rules: [filterRule], defaultAction: .allow)


Is there any changes to be made to the above code ?

I am not able to see any inward flow. I tried setting up a server at particular port, when I had hit the endpoint I am not seeing any inward flow.

Thanks in advance



When I debug situations like this I boil it down to the most specific case. Here, you mentioned that you setup a server on a port and you want to track inbound connections for that port; try setting your NENetworkRule to only match inbound TCP traffic for that port only. Then, once you have a success case, expand it from there.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Hi Matt,

As I mentioned before I did try that first and then only went for the generic condition. It was not working when I gave a specific port number and only inbound connections as the filter rules. So I decided to go for a generic condition to check if at least I am able to receive an inbound flow. But unfortunately I am not receiving any inbound flows.

Thanks

It was not working when I gave a specific port number and only inbound connections as the filter rules.

This is odd. I suspect you have done this already, but you could also take a look at the SimpleFirewall example as this is exactly the functionality it demonstrates. If you find that you are stuck, you can open a TSI and I can take a deeper look at your project.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
I have opened a TSI as suggested.

Thanks
Thank you, I see you TSI and have added it to my queue.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Inbound Connections not getting identified as flow in Network Extension Content Filter
 
 
Q