I am using NEFilterPacketProvider and I am able to get the provider to call startFilter correctly. However, I am unable to get the packetHandler closure to get called. What could be wrong?    override func startFilter(completionHandler: @escaping (Error?) -> Void) {     os_log("Started Packet Filter")     self.packetHandler = { (context, interface, direction, packetBytes, packetLength) in       os_log("Dropping packet")       return .drop }       completionHandler(nil)   } I am running the application within a macOS 10.16 VM in Xcode with SIP disabled.

It seems that the SecTrustSettingsSetTrustSettings API requires an alert panel asking for authentication on MacOS Big Sur even when the calling process is running as root. This would mean the process calling this API must be in a GUI environment. Is there any way for our users to avoid this prompt and have the certificate we generated be inserted and trusted into the System Keychain running as a background daemon? What are some options / alternatives we have to address this issue? It would be ideal if we could set trust settings without requiring a prompt.

Hello, I have a requirement to be able to filter all network connections on a (macOS) device and essentially drop all network communication once a command is received. How can I ensure that existing connections are dropped that weren't previously managed by the content filter? One way I can think of is we can start our content filter from the start and manage all connections and every inbound and outbound data traffic each connection makes all the time. This is not ideal since we would have to monitor a very large amount of connections. Is there another way to implement this functionality?

I want to be able to disconnect all available interfaces on a device running macOS 11 and above. For Wi-Fi interfaces I see that this is possible using the CoreWLAN framework. https://developer.apple.com/documentation/corewlan/cwinterface/1426422-disassociate However, how can I do something similar for an ethernet interface? I want to be able to reconnect the interface eventually as well. The reason I want to be able to do this is that I want to drop all existing connections on the device right after I start my content filter or when my filter rules have changed and my filter has already allowed the flow perviously.