iCloud Private Relay + Firewall causes problems with network extension on macOS 15

App & System Services Networking
fionov OP
Created Sep ’24
Replies 2
Boosts 7
Views 538
Participants 3

Hello!

I'm developing NETransparentProxyProvider which started to work unexpectedly on macOS 15.

Seems that iCloud Private Relay is not auto-disabled anymore in favor of another filtering software, when Firewall is enabled in macOS 15. Disabling firewall immediately restores old behavior.

To reproduce this issue, you need to enable both iCloud Private Relay and Firewall.

Then, Safari will always try to use iCloud Private Relay, even if Transparent Proxy has "destinationAddress:nil" rule. Every connection from Safari will be to "mask.icloud.com" over HTTP/3. Connections inside are not visible as separate flows.

Since I have excludedRule for "icloud.com" (to not to alter Apple services), Safari traffic is just stopped to be processed.

Is new behavior is expected or some type of regression?

Replies  2
Boosts  7
Views  538
Participants  3
DTS Engineer OP
Apple
Sep ’24

I think you should file a bug about this, presuming that this is significantly affecting the usefulness of your product.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
ameshkov OP
2w

Please note that regardless of the product the current behavior is inconsistent not just with the previous versions of macOS, but also within the current one: it's strange that iCloud Private Relay behaves differently with and without the Firewall.

The bug is still there in macOS 15.1, but there's a slight change as if there was attempt to fix it, but it gets back 5-10 minutes later.

0
iCloud Private Relay + Firewall causes problems with network extension on macOS 15
First post date Last post date
 
 
Q