How to drop existing connections before NEFilterDataProvider starts

App & System Services Networking
AppleSwift999 OP
Created Jul ’22
Replies 2
Boosts 0
Views 643
Participants 3

Hello,

I have a requirement to be able to filter all network connections on a (macOS) device and essentially drop all network communication once a command is received.

How can I ensure that existing connections are dropped that weren't previously managed by the content filter?

One way I can think of is we can start our content filter from the start and manage all connections and every inbound and outbound data traffic each connection makes all the time. This is not ideal since we would have to monitor a very large amount of connections.

Is there another way to implement this functionality?

Replies  2
Boosts  0
Views  643
Participants  3
bbergstrand OP
Jul ’22

Sounds like you may want a packet filter instead of a socket/connection filter.

0
DTS Engineer OP
Apple
Jul ’22

Is there another way to implement this functionality?

No. Once you’ve allowed a connection to proceed, there’s no way to go back on that decision. That’s true for both content filter and transparent proxy. That leaves you with two choices:

  • Process all traffic.

  • Run with bbergstrand’s idea of using a packet filter.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
How to drop existing connections before NEFilterDataProvider starts
First post date Last post date
 
 
Q