NENetworkRule with destination host not working

App & System Services Networking
dimitrod OP
Created Apr ’23
Replies 1
Boosts 0
Views 388
Participants 2

I created a NEAppProxyProvider with the following rule:

let settings = NETransparentProxyNetworkSettings(tunnelRemoteAddress: "127.0.0.1")
settings.includedNetworkRules = [
    NENetworkRule(destinationHost: NWHostEndpoint(hostname: "example.com", port: "443"), protocol: .TCP)
]

According to the documentation this should match all TCP port 443 traffic to hosts in the "example.com" domain.

But when I test this rule with a client app, I get a "No route to host error" and the handleNewFlow method is not called:

curl https://example.com -v
*   Trying 93.184.216.34:443...
* Immediate connect fail for 93.184.216.34: No route to host
* Closing connection 0
curl: (7) Couldn't connect to server

If I use a network rule with a destination network then it works as expected:

settings.includedNetworkRules = [
    NENetworkRule(destinationNetwork: NWHostEndpoint(hostname: "93.184.216.34", port: "443"), prefix: 32, protocol: .TCP)
]

Any idea what might be wrong with my domain based rule?

Replies  1
Boosts  0
Views  388
Participants  2
Systems Engineer OP
Apple
Apr ’23

I would expect that something like the following work:

NENetworkRule(destinationHost: NWHostEndpoint(hostname: "example.com", port: "0"), protocol: .any)

As seen here in this table.. Do you see any other logs or DNS queries failing during the time you attempt to use this network rule?

0
NENetworkRule with destination host not working
First post date Last post date
 
 
Q