←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 1 comments | 20 Oct 20 15:51 UTC | HN request time: 0.208s | source
Show context
eptcyka ◴[20 Oct 20 16:14 UTC] No.24839101[source]
Apple seems to do all kinds of weird networking _stuff_. For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard. Probably checking timestamps on signatures for the keyboard firmware, or something stupid like that. This only happens if it happens to have a default route.

Similarly, all macOS machines will test a DHCP supplied default route before applying it by trying to reach something on the internet. So if you happen to have some firewall rules that block internet access, no default route will be applied until the internet check times out.

I won't share the other sentiments about the above, but is it really that hard to document these behaviors?

replies(22): >>24839205 #>>24839226 #>>24839281 #>>24839287 #>>24839352 #>>24839401 #>>24839503 #>>24839892 #>>24840087 #>>24840150 #>>24840234 #>>24840673 #>>24840752 #>>24841372 #>>24841670 #>>24842254 #>>24842446 #>>24843973 #>>24843982 #>>24845295 #>>24845368 #>>24847526 #
dheera ◴[20 Oct 20 16:22 UTC] No.24839226[source]
> wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard

... and what if your network is down? You can't even use your keyboard?

replies(2): >>24839239 #>>24844049 #
eptcyka ◴[20 Oct 20 16:23 UTC] No.24839239[source]
I should've clarified - it only does this if there is a default route. Funnily enough, whilst the firewalls in the original twitter post would possibly fail to catch this traffic, PF will block it just fine.
replies(2): >>24839282 #>>24839522 #
1. joshspankit ◴[20 Oct 20 16:43 UTC] No.24839522[source]
This mindset probably explains why I have such issues with Apple products when my connection to the internet goes down, but the internal network infrastructure (including DNS server) are perfectly fine.