←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 2 comments | 20 Oct 20 15:51 UTC | HN request time: 0.482s | source
Show context
joncp ◴[20 Oct 20 16:20 UTC] No.24839189[source]
That totally breaks my use case for Little Snitch: working tethered. When I tether my laptop it thinks it has free reign with the bandwidth and all of the little background processes can kill my data in a few minutes. With a firewall, I can grant access to only the processes that I need to get my work done.

Now, I guess I have to run some external firewall between my laptop and my phone. ... or better yet, abandon Apple.

replies(6): >>24839618 #>>24840511 #>>24842589 #>>24842970 #>>24844004 #>>24865182 #
chrisshroba ◴[20 Oct 20 16:51 UTC] No.24839618[source]
For what it's worth, my hacky solution to this is this script which kills all the background processes that use significant bandwidth. If you're interested in how I came up with the list of processes, I can share the BitBar [1] script I wrote for monitoring per-process network usage (I wrote a small wrapper around nettop that logs to a db, which is read periodically by my BitBar script to show me the per-process usage:

    if [ $(whoami) != root ]
    then
      echo "Please run as root, not $(whoami)"
      exit
    fi

    while true
    do
      killall -9 planb 2>/dev/null && echo "$(date) - Killed planb"
      killall -9 murdockd 2>/dev/null && echo "$(date) - Killed murdockd"
      killall -9 uplink-soecks 2>/dev/null && echo "$(date) - Killed uplink"
      killall -9 nsscacheclient 2>/dev/null && echo "$(date) - Killed nsscacheclient"
      killall -9 ksfetch 2>/dev/null && echo "$(date) - Killed ksfetch"
      killall -9 nsurlsessiond 2>/dev/null && echo "$(date) - Killed nsurlsessiond"
      killall -9 softwareupdated 2>/dev/null && echo "$(date) - Killed softwareupdated"
    done
[1]: https://github.com/matryer/bitbar
replies(2): >>24839827 #>>24841381 #
1. GekkePrutser ◴[20 Oct 20 19:24 UTC] No.24841381[source]
Won't Launchd simply start them all up again? It'll be simpler to disable the launchDaemons :P

And really, put a sleep in there of at least a second or so or this'll be a huge resource hog.

replies(1): >>24848675 #
2. chrisshroba ◴[21 Oct 20 15:19 UTC] No.24848675[source]
> Won't Launchd simply start them all up again?

Yeah, that's why it's running an infinite loop heh

> It'll be simpler to disable the launchDaemons

Simpler that just nuking them with kill -9? No way. Better in literally every other way? Absolutely

> or this'll be a huge resource hog

That's a fair suggestion, but I'm seeing 0.0 CPU and MEM consumption, so I'm not too concerned