SimpleFirewall

App & System Services Networking
russwinsper OP
Created Aug ’22
Replies 3
Boosts 0
Views 585
Participants 4

After finally getting SimpleFirewall built it doesn't appear to operate as expected. It doesn't matter which port is selected I'm not getting any notifications. Has anyone else had this problem?

Replies  3
Boosts  0
Views  585
Participants  4
Todd_at_Ennetix OP
Aug ’22

I just got it working but for logging only. I'm not trying to stop any flows at the moment. It took a while to get all the names right (e.g., NEMachServiceName, AppGroups, etc.).

I have no filter rules, so my extension gets every flow. My extension does not send messages to the user app.

I set up startFilter to look like this:

override func startFilter(completionHandler: @escaping (Error?) -> Void) {
        completionHandler(nil)
}

and then handleFlow to look like this

override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {
        if let socketFlow = flow as? NEFilterSocketFlow,
           let remoteEndpoint = socketFlow.remoteEndpoint,
           let localEndpoint = socketFlow.localEndpoint {
            os_log("Flow local endpoint %{public}@, remote endpoint %{public}@", localEndpoint, remoteEndpoint)
        }
        else {
            os_log("Flow (unknown)")
        }
        
        return .allow()
}

Then I use the Console app to watch all the log messages. I also set a filter string, SimpleFirewall, in the console app to keep an eye on just my stuff.

Side note: in the os_log() call, use %{public}@, not just %@.

My next step will be to send messages to the user app.

0
Systems Engineer OP
Apple
Aug ’22

Since you are building the SimpleFirewall project with your development account you may need to change around the bundle identifiers between the Network System Extension and the container app. If you have done so, make sure that these values correctly align with the values here:

  1. The values reported in each target for Xcode under bundle identifier. (Container app and Network System Extension)
  2. The NEMachServiceName also aligns with your Network System Extension's bundle identifier.
  3. That each one of these identifiers in the Development Portal has the correct capabilities set to it.

After you have done that, you will want to build the project in the following way to test it:

  1. Get a clean VM.
  2. Build a development copy of the app and move it to the /Applications folder.
  3. Make sure SIP is enabled.
  4. Fire up two consoles and stream out the subsystem logs as @Todd_at_Ennetix has mentioned and run the container app.
  5. Make sure to run the Console.app too to capture any debug logs that may show up there as well.
0
kimiwanano OP
Jul ’23

I have encountered the same problem, it has shown that the provider registration is successful, but no traffic information is captured. I was wondering if you have resolved this issue and how?

0
SimpleFirewall
First post date Last post date
 
 
Q