Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiamy42sqnsftv4g4aw5ygxaq7gawjn2wndiapohrn5m3uexaqdb2a",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mgqv76foh2o2"
  },
  "path": "/t/what-should-we-require-of-vpn-providers-on-macos/36175?page=2#post_23",
  "publishedAt": "2026-03-11T02:33:17.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "documentation",
    "observed behavior",
    "past usage patterns"
  ],
  "textContent": "Let me try to frame it a bit differently.\n\nThis doc clearly shows Apple wants app developers to move to NE but it also says PF remain legitimate for the following use cases:\n\n>   1. As an implementation detail of various system services built-in to macOS\n>   2. As an advanced feature for users, site admins, and so on\n>\n\n\nSo, if you’re a system service or require advanced networking functionality then PF is the way to go. I hope this makes it clear that Apple knows there are legitimate use cases not catered to by NE, so I don’t know where is the “pf is going to be removed” comes from.\n\nNow, kill switches are a very unique use case and NE doesn’t provide any functionality to implement them. `includeAllNetworks` is not the one based on documentation, observed behavior and past usage patterns.\n\nThis is clearly an advanced feature Apple is talking about in their TN (as we want to prevent any traffic headed outside the VPN network interface), so PF is the right tool for this job just like on other systems.\n\nNow we’re in the following situation:\n\n  * Apple says apps are discouraged from manipulating PF rules\n  * Apple says advanced use cases are still catered to by PF\n  * The kill switch is an advanced use case which requires a firewall to work as intended\n\n\n\nI see two solutions to this situation:\n\n  * If we follow what Apple says word-by-word, users are free to use PF for managing their own kill switch. So the kill switch will be separate from the VPN client and user is responsible for not borking their PF ruleset.\n  * If we don’t follow what Apple says word-by-word and ship the kill switch with the VPN client, the client will become responsible for that.\n\n\n\nI don’t see any practical difference between those two options and how the firewall is managed. There’s clearly no difference for PF who feeded it the ruleset.\n\nAlthough I’m happy to hear why we’d think that VPN clients shouldn’t implement a proper kill switch just because Apple prefer only users (and the system) to manipulate the firewall.",
  "title": "What should we require of VPN providers on macOS?"
}