[HN Gopher] Bug in macOS 14 Sonoma prevents our app from working ___________________________________________________________________ Bug in macOS 14 Sonoma prevents our app from working Author : eptcyka Score : 498 points Date : 2023-09-13 17:05 UTC (5 hours ago) (HTM) web link (mullvad.net) (TXT) w3m dump (mullvad.net) | CharlesW wrote: | Mullvad has been working _okay_ for me in Sonoma betas (I had to | click "Connect" twice), and appears to work perfectly in the | final 14.0 release (23A339). A test with ipleak.net looks normal. | What am I doing right/wrong? | [deleted] | contact9879 wrote: | it works but requires local network connections to be enabled | which I assume is the "leak" they note | thehours wrote: | I don't know if related, but immediately the last two MacOS | upgrades I was unable to get my networking to work. I could | connect to Wi-Fi / Ethernet / Hotspot. But nothing would actually | connect (e.g. browser, pings, etc) , not even to my router. | | The fix both times was to open the Mullvad VPN app just once and | everything worked again. No idea why just opening the app would | fix the issue. | jiripospisil wrote: | Speaking of macOS's firewall being broken, there's a bug (or | "feature"?) in the NetworkExtension framework which causes | connections to get initiated (SYN, leaks your IP address) even if | there's an explicit rule to deny that connection. This affects | LittleSnitch, Lulu, and all the other apps building on top of the | framework. Bug reports have been filed and as usual ignored by | Apple. | | More: | | Little Snitch "denied" connections leak your IP address - | https://lapcatsoftware.com/articles/2023/3/4.html | | Follow-up to Little Snitch "denied" connections leak your IP | address - https://lapcatsoftware.com/articles/2023/3/5.html | | Little Snitch "denied" connections leak your IP address: | Developer response - | https://lapcatsoftware.com/articles/2023/6/3.html | | https://twitter.com/JiriPospisil/status/1679838397983064064 | [deleted] | Szpadel wrote: | I don't see any action points in blog post so I'm not sure if | they do it, but some warning in app when specific version of | MacOS is detected or even blocking functionality that is known to | be leaky would be great for anyone that might track blog posts. | plus maybe link to this blog post in case MacOS resolves issue | but app will not be updated | panosv wrote: | Not completely relevant, but another long standing bug: An 11 | Year Old Bug in the macOS Popen(): | https://news.ycombinator.com/item?id=37238433 | saagarjha wrote: | If this is your bug, consider also sending in a feedback with | your patch. The open source projects don't usually take PRs. | joomooru wrote: | No wonder, I recently installed the latest sonoma beta and | couldn't for the life of me get Mullvad to work. Glad to hear | Mullvad is working on a workaround. I even considered downgrading | back to Ventura this morning. I feel validated! | justusthane wrote: | It doesn't say they're working on a workaround. It says that | users shouldn't upgrade to Sonoma until Apple fixes the bug. | [deleted] | sleepybrett wrote: | I assume the tailscale/mullvad stuff still works. Might be a | nice workaround until apple gets it fixed. | joomooru wrote: | Went to look at tailscale vpn and didn't realize it was a | service entirely contained within tailscale, so I can't use | my existing Mullvad account or credit tailscale with my | already-purchased Mullvad credits :( | sleepybrett wrote: | Aw, that sucks. Maybe possible through Mullvad support? | ezfe wrote: | They've said they don't plan on allowing that | conradev wrote: | Tailscale works great, yeah. | Terretta wrote: | This repro is a thing of beauty. | coldtea wrote: | Isn't it merely setting a simple firewall rule and trying a | query that violates it? | | Which is the scope of the bug sure. But doesn't make the check | particularly elaborate or beautiful! | jihadjihad wrote: | > But doesn't make the check particularly elaborate or | beautiful! | | I think GP is saying it's beautiful precisely because it | needs such a simple and not elaborate test | jjcm wrote: | I love how simple it is, but also that it has a cleanup step as | well! Such a missed element in many of these. | buildbot wrote: | Great writeup, very succinct and informative, they even have a | simple reproduction of the bug. | | I love Mullvad! | | Tangentially, MacOS has had a lot of weird firewall bugs in the | last few releases in general, I wonder what drive them to rip up | and redo (I assume? so much of it recently. | tiffanyh wrote: | macOS has attempted to progress its networking stack for years | but would run into regressions and then revert back. | | Old article on the topic. | | https://9to5mac.com/2015/05/26/apple-drops-discoveryd-in-lat... | cptcobalt wrote: | Drudging up 8 year old architectural decisions that Apple | rightfully reverted is hardly a charitable comment. A bug can | just be a bug. | nhubbard wrote: | The rewrite was definitely influenced by the mandatory | migration from kernel extensions to userspace System | Extensions, specifically NetworkExtension, between Catalina and | Big Sur: | https://developer.apple.com/documentation/networkextension | hulitu wrote: | One would expect they have a test suite. | londons_explore wrote: | One would suspect their test suite is lacking... | MichaelZuo wrote: | There are a lot of errors and faults that show up in | Console on a brand new MacBook just sitting on the | desktop. And with every version the number seems to | increase. So it's not even their test suite that's the | issue. | dmix wrote: | I'm curious, why do you look at random OS errors in | Console to the point you noticed such a thing? | _jal wrote: | Some of us who came up on the ops side routinely check | logs. It is both how you spot problems other monitors | might miss and partly how you learn how your system works | (or doesn't). Especially with MacOS, where the | documentation quality ranges from shit to nonexistent and | the source is unavailable. | eptcyka wrote: | For me, it's a benchmark of a well made system - the | lower bandwidth of log output you get when a user machine | is idling, the better. I have seen some Android phones | produce megabytes of logs just sitting there - you can | test this by running `<whatever command outputs logs> | | pv`. | | It's also a good metric to signal an anomaly after a | deployment. On my desktop machines, the current culprit | for most of the logs is pipewire/alsa, generating | multiple lines per second. | MichaelZuo wrote: | This, plus on MacOS 'faults' specifically indicate events | where the computer could not gracefully recover, so some | user noticeable thing happened. | | e.g. when the WiFi adaptor faults and has to restart. | MichaelZuo wrote: | When my computer can't even stay up for a full week | without crashing, or suffer an inexplicable lag spike, | etc., I become more motivated to closely examine | everything to see what's causing the crash. | callalex wrote: | Are you plugging/unplugging monitors or other hardware? | With macs it's always that for some reason. | MichaelZuo wrote: | No, literally just sitting there with no peripherals | attached, doing nothing more complex then playing a 4k | video and web browsing. | isodev wrote: | It would have been even better if they had included the | rdar/Feedback number. | voytec wrote: | > Great writeup | | No. It's a rushed and emotional response bashing OpenBSD's pf | and not Apple's implementation. | tick_tock_tick wrote: | Just because OpenBSD isn't relevant anymore doesn't mean | anything vaguely related to it as an attack. | jxf wrote: | If Apple is shipping that implementation as part of their OS, | doesn't it make sense to let Apple know they should pick a | different upstream target? | monooso wrote: | > Apple introduced a bug | | It seems pretty clear that the article isn't bashing OpenBSD | in any way whatsoever. | eptcyka wrote: | To the best of my knowledge, OpenBSD's pf wouldn't exhibit | such pathological behavior. | voytec wrote: | Exactly - it's a screwup on Apple's part, not OpenBSD's. | alpaca128 wrote: | And Mullvad very clearly indicated it's connected to | Apple/macOS: | | > bug in the macOS firewall, packet filter (PF) | voytec wrote: | It's not macOS firewall, but Apple's implementation of | OpenBSD's pf used in Apple's macOS. Mullvad is clearly | pointing at a bug in OpenBSD's "packet filter", | mentioning that it's used in macOS. | | Mullvad's article lacks proper wording and shits on the | wrong target. | bastardoperator wrote: | Or maybe they're not shitting on anyone in particular and | just trying to warn their MacOS users about a security | issue? | Liquid_Fire wrote: | There isn't any mention of OpenBSD in the article. It | says: | | > a bug in the macOS firewall, packet filter (PF) | | > We believe the firewall bugs must be fixed by Apple. | | I don't see how you can interpret that as shitting on | OpenBSD. | voytec wrote: | There's a mention of "packet filter (PF)" which is | OpenBSD's firewall with a good reputation. It's (mis)used | by Apple but Mullvad has clearly rushed the article and | it points at a bug in the firewall itself. | jonhohle wrote: | Unless there is an equivalent OpenBSD bug, why would it | be their issue? Low level components often are patched by | Apple to work with Xnu. If the same bug isn't showing up | in OpenBSD, it's more likely Apple's integration or a | "feature" added by Apple. | kungfufrog wrote: | You're way off base and I can see you feel quite | frustrated by what you perceive as a slight against | OpenBSD. I know and have used "pf" in OpenBSD. Not once | while reading the article did I think Mullvad were | referring to pf as a technology as opposed to the macOS | implementation of pf where the bug resides. | SAI_Peregrinus wrote: | Apple forked PF, but didn't change the name. Apple's fork | of PF has a bug. The article only mentions Apple's fork. | Exuma wrote: | What part is emotional | sam_goody wrote: | voytec's comment ;) | olliej wrote: | [edit my scanning the article missed that they answered this :D] | | The obvious answer question is whether they reported this to | apple already and are using this post to draw attention to it, or | if they've found the bug in the betas (which is why betas exist) | but then not reported it directly (defeating the purpose of | betas) | Exuma wrote: | That is not an obvious question if you read the article | dinkblam wrote: | from the article: | | we have investigated this issue after the 6th beta was released | _and reported the bug to Apple_ | finitestateuni wrote: | If you read the article, they mention that they've reported the | bug in previous versions of the beta and it has still not been | fixed in the latest version. They're cautioning their users | against upgrading in two weeks when the release comes out of | beta unless there is confirmation that the bug has been fixed. | rollcat wrote: | Beware of point 0 releases. | | I've had such a bad experience with iOS 13 / macOS 10.15 that | I'm reluctant with the point 1's as well. | [deleted] | FollowingTheDao wrote: | [flagged] | [deleted] | zshrc wrote: | Just a note, while I experienced issues connecting with the | Mullvad.app, running a Mullvad Wireguard config in Wireguard.app | worked fine. | nvahalik wrote: | Anyone else get an invalid certificate on this site? What's the | deal? | | ETA: Hm. OpenDNS (family) blocks them... | ezfe wrote: | makes sense that blocking software would block VPN software | mzs wrote: | https://web.archive.org/web/20230913161315/https://mullvad.n... | [deleted] | Pesthuf wrote: | Normally, when software doesn't have big changes between | releases, like macOS, there's a feature freeze and devs are | working on bugfixes. | | Yet, macOS seems to get buggier and buggier between releases. | Something about the way it's being developed right now is going | very wrong. | rollcat wrote: | What's interesting is that there was a PF bug in FreeBSD not | long ago as well: <https://www.enricobassetti.it/2023/09/cve-20 | 23-4809-freebsd-...>; | <https://news.ycombinator.com/item?id=37437530>. | deergomoo wrote: | I wish they'd just stop with the yearly major releases. | | Unlike the iPhone, there's no magic date in September when all | the year's new Macs drop and require support for all the new | hardware capabilities. Sure, there are changes to system apps | on iOS like Notes that want feature parity on the Mac, but you | could do those in a point release. Or even better, decouple | those apps from the OS and update them individually via the App | Store. | | They clearly don't have enough resources allocated to macOS | anymore to have a big yearly release without spending the next | n months fixings problems. Just release the damn thing when | it's actually ready. They didn't do yearly releases when the | Mac was still their major focus, I don't see why they need to | today. | pohl wrote: | I see more and more complaints about bugs, anyway. I use it all | day every day without issues, though. Not sure what to make of | that. It's not that I don't believe those who are affected. I'm | just not sure one can conclude that it's getting more buggy | with each release. Maybe the number of unusual use cases | increases with popularity? | deergomoo wrote: | For me personally it's not bugs as such. Bugs usually do get | fixed fairly quickly (though something like this making it | into a release candidate is concerning). | | It's half-baked features that don't get revisited for | _years_. We all know the new System Settings sucks; Sonoma | hasn't meaningfully improved it. The Notification Centre | redesign introduced 3 (?) years ago is so much worse than the | old design, but it hasn't been touched since. Disk Utility is | a shadow of its former self. | | macOS is an established operating system, I would prefer them | leave perfectly good features alone unless they can actually | make them better. | [deleted] | hulitu wrote: | > Yet, macOS seems to get buggier and buggier between releases. | Something about the way it's being developed right now is going | very wrong | | This is a common trend in the SW development in the last | decade. Aparently bug fixing is hard and expensive, that's why | they concentrate on new features or, in extreme cases, complete | rewrites (GTK). | steve1977 wrote: | https://www.jwz.org/doc/cadt.html | m3kw9 wrote: | New OSs can sink your company | dinkblam wrote: | not surprised. we've filed dozens of bug reports as every new | macOS release gets worse and worse. i've given up on filing | reports now, since they won't get fixed or even looked at anyway. | i see the problem with triaging when around 4k issues are filed | per day, but it's not like Apple is hurting for cash. | sccxy wrote: | Same with iOS bugs. | | Release new feature with a lot of bugs. | | For example even if they are fixed (takes about a year) in | webkit they are never merged to safari... | | So even if there is bugfix, it will never make it to live | release. | riscy wrote: | how can you know they're not looked at? is there a read | receipt? | baz00 wrote: | They actually fixed 3 bugs I raised! | bpoyner wrote: | I reported a bug in the iOS Home app and they fixed it. Seems | to be hit or miss on what they'll fix. | superlupo wrote: | I've basically given up reporting bugs with Apple as they just | seem to be ignored and either never fixed, or fixed some years | later when the corresponding component is completely rewritten. | | I basically resent filing bugs with companies that have enough | money to do proper testing, I don't want to work for them for | free, especially if there is no answer, or a 1st-level answer | who hasn't even tried the filed repro case. However, I am | happily reporting bugs with open source projects. | ezfe wrote: | I don't put a lot of effort into bug reports, but it's not a | zero-sum game. | | If they never fix the bug, they got no value out of your | report... | | If they fix your bug, then now software you use works | better... | planb wrote: | I raised a bug in the image capture framework which prevented | scanning from sandboxed apps and it was fixed 3 betas later. | But probably because Preview.app was also affected and I asked | all users of my software to file a bug for the Preview app. | [deleted] | paws wrote: | The more macOS seems to break user control of networking, the | more I wonder what kind of "separate box" solutions are out there | that can intermediate _outgoing_ traffic. e.g. Something like | LittleSnitch on a router, where it notifies the Mac when it | detects a new outgoing connection. | | Do things e.g. pfSense support that already? "Hold" an outgoing | connection from the moment the SYN is observed, notify whatever | client, and only allow if the user clicks? | bonestamp2 wrote: | I think the best you can do in pfSense would be to log it and | then look at the logs regularly. | smashed wrote: | > Do things e.g. pfSense support that already? "Hold" an | outgoing connection from the moment the SYN is observed, notify | whatever client, and only allow if the user clicks? | | Not that I am aware of. | | This is a desktop centric workflow where the user can react | live to an application that is sending traffic. | | Your typical network firewall will apply a set of static rules | and the decision to log/reject/drop is done ASAP. Waiting for | user input is impossible. | | Some systems can show logs of recent blocked traffic, and allow | an admin to quickly generate an exception/allow rule for | blocked traffic but that's pretty much it. | fiddlerwoaroof wrote: | Most of the alternatives that aren't marketed to the consumer | immediately have something. I ran openwrt for years and used | its firewall to block a bunch of traffic and now I've switched | to Ubiquiti because of wifi issues. | meindnoch wrote: | And how would you decide whether an outgoing connection to a | random AWS IP is legit or not? You don't know which app is the | source. | WirelessGigabit wrote: | Actually you do. You request a port on which your process | will listen to the result of the call. | azinman2 wrote: | So then you need each device to run software to communicate | this to your router. This isn't a purely router based | solution. | intelVISA wrote: | If there's a market this could be an interesting weekend | project. | [deleted] | _boffin_ wrote: | Interesting | keehun wrote: | I'm glad Mullvad is raising the public temperature on this! This | one has definitely been noticed and been very concerning. | scosman wrote: | Has this been noted elsewhere? Sounds like Mulvad reported | after the 6th which is pretty close to the RC. | | From source: "we have investigated this issue after the 6th | beta was released and reported the bug to Apple" | gorkish wrote: | MacOS has had a host of these types of issues with their | network stack over the last few years. They are almost always | related to some "Magic" technology Apple is introducing such | as AirDrop (raw wifi frames), Siri (multipath tcp) et. al. | Essentially Apple have been introducing these new components | with special elevated privileges which allow them to bypass | or have priority access to the network stack in order to | implement whatever brand of cross-protocol hoodoo they may | require to function. At best, it's maddening, but at worst | its a huge red flag that Apple seems ready and willing to | accept these compromises into the functionality of their | system. It is impossible to achieve total software control | over the network stack in MacOS today. | keehun wrote: | Not publicly that I have seen, but I can assure you | networking and cybersecurity companies (and others) saw this | pretty quickly when the bug was first released. I was just | glad to see a relatively big company calling out this rather | egregious issue. | LeoNatan25 wrote: | Security companies should be much more open about these | issues, rather than quake the notion that if they go | public, they'd lose their hush hush secret contacts at | Apple that give them private entitlements for private | functionality. (Source: first hand experience) | [deleted] | unnouinceput wrote: | We, the old Windows developers, welcome you, the current Apple | developers, to the 90's, when Windows was shittier and shittier | with each version. Get ready for the next decade when workarounds | and basically underground techniques will be your only | survivability. | | As MacOS becomes more popular, it seems it has to go to this | shitty phase, as Windows did back in the day. We got rid of this | phase with Windows XP release, so around 7 years. For you, who | knows, hopefully shorter. | whyenot wrote: | It's been 23 years (to the day!) since the release of the OS X | public beta, and it's a mature product. I'm not sure it's | getting "shittier and shittier," I think there are still | refinements and improvements, they just aren't as big as they | used to be. | sumuyuda wrote: | The UI has definitely gotten shittier and shittier. | heyoni wrote: | And system settings panel is so unresponsive! I think it's | written in react or something? | whyenot wrote: | I don't know about that. Aqua with it's pin stripes jewel- | like buttons and other quirks was significantly worse than | what we have today. | BizarreByte wrote: | I strongly disagree. Tiger was the best Mac OS ever | looked in my opinion, but this is of course subjective. | sbuk wrote: | Tiger was brushed steel, though it still had the | 'lickable' buttons. | saltminer wrote: | I will confess I miss skeuomorphism, but even if Apple | never embraced flatness, Ventura's System Preferences.app | is horrendous. I've become reliant upon the search bar to | find most things in there, which I rarely had to do | before. | can16358p wrote: | Yup. I absolutely hated that skeuomorphic blurry 3D-like | design. | | Flat design looks much, much cleaner. | | Same for iOS. iOS 7 was the first version that I actually | liked looking at. | Angostura wrote: | Strongly disagree. Apple's obsession with making things | like scroll bars and window chrome harder to see has been | a usability nightmare for me over the last few releases. | | Frequently these days, with lots of overlapping windows I | try to click the top of a window only to find out I've | clicked on part of the window behind. | | Yes having everything one colour is lovely and 'clean' | but horrible to use | deergomoo wrote: | Apple no longer appears to be able to keep a consistent focus | on the Mac. They have some really great fits and spurts in | particular areas (e.g. hardware, they're absolutely nailing | it with Apple Silicon at the minute) but it's far too common | for widely-reviled issues to linger unaddressed for literally | years. | | The new System Settings is an obvious one; Sonoma hasn't | really touched that at all despite its glaring issues. But | Notification Centre has been borderline useless ever since | they redesigned it back in what, Big Sur? I saw a Mastodon | post recently [0] that highlighted how bad it is today | compared to the old design, yet it's barely been touched in 3 | years. | | macOS is stable and established and unlike iOS a lot of | people rely on it to do actual work, I would rather them not | mess with stuff than half-ass it and leave it unfinished. | | [0] https://mastodon.social/@marioguzman/110997716755684188 | Hammershaft wrote: | For me, it certainly is getting less stable & more | frustrating to use with each update. even elements of the ux, | such as the settings app, has degraded over the years | BizarreByte wrote: | That's just modern software in a nutshell, nothing is ever | "good enough" for designers/companies and they must change | it no matter what. | | The settings app for example was perfectly fine, it worked | well for what...near 20 years with only slight tweaks. Now | I have to use the search bar for settings, because it's not | obvious at all where to find a lot of them. | | And yet things that would be useful like a volume mixer are | still nowhere to be found. | Hammershaft wrote: | I mean, there were definitely iterative improvements I | think could have been made to the settings app, as with | nearly all software. Instead, apple threw out the design | for a ux that was clearly optimized for palm sized | screens that you operate by touch in order to unify the | interface between two entirely disparate forms of | interaction. | hulitu wrote: | Win XP was shittier than 2000. | xp84 wrote: | Not really. The biggest unpopular change was the polarizing | UI that was simple to toggle off for those who hated it. | Besides that, you just got win2k plus much better | compatibility with apps written for the 9x series. | steve1977 wrote: | > We got rid of this phase with Windows XP release | | I assume you were talking about consumer versions like Win 95, | 98 and Me (the release we don't talk about)? | | The NT based ones like NT 4 and Windows 2000 seemed decent when | they came out. I guess MS realized that as well and started | using NT for the consumer releases as well with XP. | unnouinceput wrote: | The lack of unification between NT and Win9x before XP was | abysmal. Basically you had to have 2 partitions, one for | gaming, one for business. NT was unable to have games, Win9x | was unable to be useful for business due to sheer blue | screens. So yeah, I include NT 3.5, NT 4.0 and W2k in that | shitty phase as well. I know it very well because I've lived | through it. XP ended that. Hence why, after 20+years, you | still have the majority of ATM's and plenty of other KIOSKs | around the world still running XP. | steve1977 wrote: | I only ever used NT based systems, but then I also never | used PCs for gaming, so I was probably ,,privileged" in | some regard. | | But I certainly agree that XP was a nice release, as was | Windows 7 (in my experience). | scarface_74 wrote: | Windows is still shitty. After three years of using an M2 | MacBook Pro for work and having my own M2 MacBook Air, using a | Microsoft Surface laptop is a death by a thousand cuts | | https://www.amd.com/en/processors/ryzen-surface-edition | | 1. The fans are constantly going. | | 2. Everything causes the hourglass cursor to pop up - even just | clicking on a button in Outlook | | 3. It takes awhile for the screen to redraw. Way back in the | pre - OS X days, I use to be jealous of how fast Windows | drawing was in comparison. | | 4. Every time my laptop goes to sleep, I have to unplug and | replug my external USB C powered external monitor. | | 5. Did I mention the constant humming of the fans? | | 6. Even how it handles multiple desktops is inferior to Macs | | 7. Hopefully I can run WSL2 on my work computer. I can't | imagine being stuck with PowerShell/cmd | | I don't even want to think about how bad the battery life is | going to be compared to modern ARM based Macs. | | Yes both my MacBook Air and Windows computer have 16 GB RAM | wkat4242 wrote: | Yeah I moved to FreeBSD myself because macOS pissed me off too | much. It's becoming too closed, too opinionated, too much like | iOS. | | What I loved about macOS originally was that it was a great | Unix style OS but with a consistent UI and major desktop apps. | | Also most major headline improvements in recent macOS releases | rely on iCloud and because I've always been a multi-os person | these are not something I can use. Some iCloud stuff works on | windows but most doesn't. And pretty much none of it works on | Linux or BSD. Any service I use must work on all. | | So after years of getting more and more annoyed with Apple | removing powerful options and replacing them with dumb on/off | sliders I just can't deal with it anymore. I still use it for | work but that's it. At the same time KDE is now mature enough | to work great. And it doesn't eschew lots of configuration | settings. So it's become my daily driver instead. | voytec wrote: | > During the macOS 14 Sonoma beta period Apple introduced a bug | in the macOS firewall, packet filter (PF). | | Ouch, I'd not go with such statement. Maybe "packet filter (PF) | (mis)configuration" would be a more reasonable thing to write. | This reads like a flaw in OpenBSD's pf which is untrue. | thedanbob wrote: | But it's not a misconfiguration, it's a bug as the article | explains. And it's not the author's fault that Apple named | their firewall the same as OpenBSD. | voytec wrote: | It's not a case of naming something similarily to other | software. OSX used FreeBSD's ipfw and around the time they | renamed the OS to macOS, they switched to OpenBSD's pf. | | Now they've screwed up either configuration or implementation | but to me - it doesn't read like a bug in pf. | fullspectrumdev wrote: | It's a bug in the program named pf on macOS. | | It's not that deep. Nobody is blaming OpenBSD's pf here. | Khaine wrote: | I believe Apple used FreeBSD's implementation of pf, as it | also has the same syntax. OpenBSD pf has evolved since then | and their are minor syntactic differences for some rules | between freebsd pf and openbsd pf. | callmeal wrote: | [flagged] | LeoPanthera wrote: | This kind of cynicism is tiresome. The test case involves | pinging Mullvad, not Apple. If Apple wanted no filtering to be | possible, they would simply remove pf entirely. | detourdog wrote: | or the process they expect is to boot oustisde SIP. ___________________________________________________________________ (page generated 2023-09-13 23:00 UTC)