2 Replies
      Latest reply on Oct 22, 2019 9:30 AM by moxievod
      moxievod Level 1 Level 1 (0 points)

        I've just started looking at Network Extensions for iOS.  Specifically, content filters.  Is there any current example code for how to constuct a *very* basic Network Extension content filter?  Something very simple, like a content filter which denies all network connections when it's active.

        The previous reference code at ( SimpleTunnel: Customized Networking Using the NetworkExtension Framework  ) is in Swift 3 and no longer builds in Xcode 11.1.  The documention at ( NetworkExtension | Apple Developer Documentation  ) describes what is in the related classes, but doesn't have much about how to use the framework.


        Some example or reference code around Network Extension content filters would be very helpful.   It looks like there are many moving parts and settings around Network Extensions.  Some working examples would go a long way to helping developers new to the framework understand how to use it.



        • Re: A 'Hello World' for iOS Network Extension content filters?
          eskimo Apple Staff Apple Staff (13,905 points)

          Something very simple, like a content filter which denies all network connections when it’s active.

          Back in the day, building a NetworkExtension (NE) provider was tricky because the OS was so far in front of the tools.  That’s no longer the case, and Xcode makes this process reasonably straightforward [1].  To get started:

          1. Create a new app from the template of your choice.

          2. In that app, create two new targets from the Network Extension template.  In the first, choose Filter Control from the Provider Type.  In the second, choose Filter Data.

          3. In all three targets, make sure there is a Network Extensions slice in the Signing & Capabilities tab of the target editor, and make sure the Content Filter checkbox is set.

            Note The default NE templates configure an app group.  This isn’t always necessary, so it’s a good idea to delete it when you start off and then add it back in if and when you need it.

          4. In the data provider, change the return statement in the handleNewFlow(_:) method to return .drop().

          The project should now build and run.  Some things to note:

          • Make sure you test on a device.  NE providers are not supported in the simulator.

          • You can configure your content filter using a configuration profile.  See the (somewhat misnamed) WebContentFilter payload.

          • For debugging purposes only, you can configure your content filter programmatically using NEFilterManager.

            IMPORTANT This only works for Development builds of your app, that is, if it has the get-task-allow entitlement.  In production a content filter is only supported on supervised devices and must be configure using a profile.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

          [1] Nowadays it’s the folks who are building SystemExtension-based providers for macOS 10.15 that have to live on the bleeding edge (-: