my content netfilter systemextension is like this:
class FilterDataProvider: NEFilterDataProvider {
override func startFilter(completionHandler: @escaping (Error?) -> Void) {
let ipv4LocalHost = NWHostEndpoint(hostname: "127.0.0.1", port: "0")
let ipv4LocalNetworkRule = NENetworkRule(remoteNetwork: ipv4LocalHost, remotePrefix: 0, localNetwork: ipv4LocalHost, localPrefix: 0, protocol: .any, direction: .any)
let ipv4LocalFilterRule = NEFilterRule(networkRule: ipv4LocalNetworkRule, action: .filterData)
let ipv6LocalHost = NWHostEndpoint(hostname: "::1", port: "0")
let ipv6LocalNetworkRule = NENetworkRule(remoteNetwork: ipv6LocalHost, remotePrefix: 0, localNetwork: ipv6LocalHost, localPrefix: 0, protocol: .any, direction: .any)
let ipv6LocalFilterRule = NEFilterRule(networkRule: ipv6LocalNetworkRule, action: .filterData)
let normalNetworkRule = NENetworkRule(remoteNetwork: nil, remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol: .any, direction: .any)
let normalFilterRule = NEFilterRule(networkRule: normalNetworkRule, action: .filterData)
let filterSettings = NEFilterSettings(rules: [ipv4LocalFilterRule, ipv6LocalFilterRule, normalFilterRule], defaultAction: .filterData)
apply(filterSettings) { error in
completionHandler(error)
if error != nil {
log.error("Failed to apply filter settings [\(error!)]")
} else {
log.info("Start content filter successfully.")
}
}
}
override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {
return .allow()
}
}
when startFilter is called, all tcp connections disconnected, but i can connect again.