Hi team, We need to identify the domains used by macOS Software Update so they can be bypassed by our NETransparentProxy. The Apple support article below lists Software Update and several other Apple service domains. At the moment we’re unsure whether we should only bypass the Software Update and Beta Software domains, or whether we also need to bypass domains used for certificate validation, device management (Apple Business Manager / Apple School Manager / Apple Business Essentials), network provider updates, Apple Diagnostics, etc. We also need the specific IP ranges used exclusively by Software Update. The document shows Apple’s entire IP range; for IPv4 you can allow outbound connections to 17.0.0.0/8. https://support.apple.com/en-in/101555

Hi Team, Im using SystemExtension with NEPackettunnelProvider where Im getting the layer 3 packets. Below is my query. Just wanted to understand if some other app started transparent app proxy(Layer4) with same network rule which I configured for NEPackettunnelProvider, Will I get the packet in NEPackettunnelProvider(Layer3)? **As per the doc, ** if app proxy returns NO from handleNewFlow then it will handle by system and in my case it reaches to NEPackettunnelProvider but what happen if it returns false and packet is processed by the app proxy. As per my understanding packet should flow from Layer 4 to layer 3 but if app proxy implemented custom protocol then I believe it will not reach to NEPackettunnelProvider. Is my understanding correct?

Hi Team, Observed that when subclass NETransparentProxyProvider and setting NEDNSSettings(adding own dns server) in NETransparentProxyNetworkSettings, it ignores the DNSSetting. Whereas If I subclass the NEAppProxyProvider, then it takes the dnssetting and make it primary DNS server. validate using sctutil --dns. Is it possible to set DNSSetting for NETransparentProxyProvider? I need to set our own DNS servers. Any suggestion here?