I am trying to programmatically block some egress and ingress connections using bsd packet filters. My program writes rules in a file and this file is loaded using an anchor in /etc/pf.conf (main ruleset) . Rules work as intended. But when there is network change like turn on/off wifi , and change in wifi nw the main ruleset is getting flushed and i have to reapply (pfctl -q -f /etc/pf.conf) to get the rules back in place.
Looking for guidance to keep the main ruleset intact irrespective of system changes.
First up, please read TN3165 Packet Filter is not API.
How to proceed here depends on your deployment path:
-
If you’re building a product that you intend to a ship to a wide audience, I recommend that you avoid PF and instead create an Network Extension provider.
-
If you’re building something for a small audience, lemme know the details and we can take things from there.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"