Hi! One part of my application is in charge of modifying the network configuration through the SystemConfiguration library. More specifically, I temporarily add entries under State:/Network/Service/Temp/DNS State:/Network/Service/Temp/IPv4 State:/Network/Service/Temp/IPv6 And then remove them when I'm done, expecting the network configuration to return to the one active before this procedure. I have noticed (at least in macOS Catalina) that the Default IPv6 route does not get properly restored if I do this. I can get it back by turning Off and On the network adapter, but I believe that should normally not be necessary. The steps to reproduce this are: 1) Configure a manual IPv6 address for the network adapter, for example: Router: 2001:db8:abcd:12::1 Address: 2001:db8:abcd:12::7 Prefix Length: 64 2) Check that the default IPv6 route is present through 'netsat -nr' language Internet6: Destination               Gateway             Flags     Netif Expire default                 2001:db8:abcd:12::1       UGc       en0     default                 fe80::%utun0          UGcI     utun0     default                 fe80::%utun1          UGcI     utun1     3) Add an IPv6 entry using scutil language d.init d.add Addresses * 2001:db8:abcd:12::7 d.add InterfaceName en0 d.add PrefixLength * 64 d.add Router 2001:db8:abcd:12::1 set State:/Network/Service/Temp/IPv6 4) Default IPv6 route is still present language Internet6: Destination               Gateway             Flags     Netif Expire default                 2001:db8:abcd:12::1       UGc       en0     default                 fe80::%utun0          UGcI     utun0     default                 fe80::%utun1          UGcI     utun1     5) Remove Temp entry language remove State:/Network/Service/Temp/IPv6  6) Default IPv6 route is gone language Internet6: Destination               Gateway             Flags     Netif Expire default                 fe80::%utun0          UGcI     utun0     default                 fe80::%utun1          UGcI     utun1     7) Restart network adapter 8) Default IPv6 route reappears language Internet6: Destination               Gateway             Flags     Netif Expire default                 2001:db8:abcd:12::1       UGc       en0     default                 fe80::%utun0          UGcI     utun0     default                 fe80::%utun1          UGcI     utun1     So, I wanted to know if I'm correctly assuming that the default route should not disappear after removing the IPv6 entry, and if there's any workaround I could use from within my application other than manually restarting the network adapter. Thanks!

Hi! I've already got everything up and running in my Firewall application using NEFilterDataProvider and NEFilterPacketProvider. There are some times when I would like to disable filtering (just allow all traffic), and then re-enable it at a later time (mainly for preventing an unnecessary performance hit). I could, of course, just return the allow verdict in the newFlow/packet handlers, but I was wondering if there's any way to dynamically start/stop the filter (without requiring asking the user for approval again) and not have the handlers called at all. There are the methods stopFilter and startFilter, but according to the documentation those are supposed to be called by the system, not sure if I should be using them for this purpose. Thanks! Best regards, Darío