User profile for user: SCMYLUYC
SCMYLUYC Author
User level: Level 1
13 points

The Mysterious Case of the Application Firewall Anchor

After weeks of digging, I've uncovered the most confounding clue yet in the mystery of macOS packet filtering. Behold, the anchor point that refuses to reveal its secrets: `anchor "250.ApplicationFirewall/*"`!


I've scoured the forums, poured over documentation, and even consulted with fellow detectives (aka Apple support reps), but the answer remains as elusive as a MacGuffin.


If you're an ace detective with a knack for unraveling the most baffling of mysteries, I implore you: help me crack this case! Share your insights, expertise, or even just a wild guess. Together, we can solve the puzzle and bring justice to the world of packet filtering!


The real head-scratcher is the lack of readily available documentation about this anchor's exact function. Apple's pf documentation tends to focus on the more general concepts and doesn't delve deeply into specific anchor assignments.


Mr. Support Can Make You Laugh Until You Cry

MacBook Air 13″

Posted on Jul 19, 2024 12:42 PM

Reply
5 replies
User profile for user: leroydouglas
leroydouglas
User level: Level 10
203,308 points

Jul 19, 2024 1:33 PM in response to SCMYLUYC

SCMYLUYC wrote:

After weeks of digging, I've uncovered the most confounding clue yet in the mystery of macOS packet filtering. Behold, the anchor point that refuses to reveal its secrets: `anchor "250.ApplicationFirewall/*"`!



And what is the issue exactly, independent of your packet filtering...is there one?



Application Firewall enables PF (packet filter configuration file) using pfctl -E.


In addition to its own rules, Application Firewall generates a set of dynamic rules (sub ruleset) for PF through anchor point com.apple/250.ApplicationFirewall.


you can see more in Terminal.app

sudo pfctl -a com.apple -s rules


Reply
User profile for user: Mac Jim ID
Mac Jim ID
Community+ 2026
User level: Level 9
76,942 points

Jul 19, 2024 2:17 PM in response to SCMYLUYC

If you are a member of the Apple Developer Program, you get Code Level Support with the ability to speak to Apple Engineers for more specific details. You will not find them here and will not get directed to them with a call to Apple. Knowledge in coding may be an advantage so you can write a piece of sample code to elicit the answer you are looking for.

Code-level Support - Support - Apple Developer

Reply
User profile for user: SCMYLUYC
SCMYLUYC Author
User level: Level 1
13 points

Jul 19, 2024 1:54 PM in response to leroydouglas

The specific issue is the need to know what the firewall does when it comes to PF/ALF and what happens in your IP stack or your interfaces because of flags set. Why the DNS uses draft RFC's like it somehow would be OK. And I could go on forever with what's wrong with macOS but what concerns me more is that the Apple community keeps asking me to specify "Why I need to know". I'm going to ask you how couldn't you NEED TO know? Is it to get rid of the people that know and care?


I mean if I go to the Apple Store to return this "thing" they might wanna know why and I hope they will be happy with. "Cause nobody knows" cause that's the truth.


martin@localhost pf.anchors % sudo pfctl -a com.apple -s rules

No ALTQ support in kernel

ALTQ related functions disabled

anchor "200.AirDrop/*" all

anchor "250.ApplicationFirewall/*" all


Guess we're back at the anchor "250.ApplicationFirewall/*" all...

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

The Mysterious Case of the Application Firewall Anchor

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up