Hacker News new | ask | show | jobs
by Someone 636 days ago
> At this point, it’s unclear exactly what is the issue

So, is this a bug in Sequoia or a change that affects these low-level tools? If the latter, they may not like it, but that’s par for the game on MacOS.

(Tried reading https://x.com/patrickwardle/status/1836862900654461270, referenced by sephamorr, but that link isn’t working for me)
2 comments
inkyoto 635 days ago
It apepars that the default application firewall blocking rules are overly restrictive.

There are two «firewalls» in OS X: the IP packet filter (controlled pfctl) and the application level one (controlled by /usr/libexec/ApplicationFirewall/socketfilterfw). The one that is causing a lot of grief for upgraded users is the latter one.

The workaround is to remove/disable the app level blocking rules manually:

1. Get a list of app level firewall rules:

  /usr/libexec/ApplicationFirewall/socketfilterfw --listapps
2. Locate the app(s) of interest.

3. Disable the app specific rules:

  /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp <path to the app from the list in step 1>
Alternatively, the app can be removed from the list of application firewall rules:

  /usr/libexec/ApplicationFirewall/socketfilterfw --remove <path to the app from the list in step 1>
That will fix the problem, e.g. with Firefox (tested) or WireGuard (reported by somebody else above, untested).

If a DoH DNS configuration is used, it also makes sense to explicitly whitelist the DoH provider in «pfctl» rules at IPv4/IPv6 and domain levels.

link
replete 636 days ago
There's a bug megatread on r/macos full of networking bugs that makes it clear that upgrading to sequoia is not a good idea just yet.
link
SemioticStandrd 636 days ago
Not just networking issues, there are plenty of reports with external drives having problems as well.
link
replete 636 days ago
I usually wait for a .4 update before upgrading. One time around Catalina there was a bug that broke USB-C docks.. Oh cool none of my devices work.

Interestingly in that thread, 'Intel' is not mentioned once.

link
whynotmaybe 636 days ago
This reminds me of a joke about "windows users waiting for the service pack while macos is always stable" that a friend always rubbed in my face whenever I had some issue with windows a decade ago.

And that I just sent a message yesterday to my team to wait before installing sequoia... But now I'll use your target of .4.

link
replete 635 days ago
That's the trick for stability on MacOS, wait a few versions after a major. Done this for a few years now and I have had no problems. When they change OS APIs, it happens on a major point zero release. Another good reason to wait is many apps aren't ready in time for the changes. I'll install a point 2 or a point 3 if it looks like a good release, but it looks like this isn't one of them. My pro tip for finding out whether its a good upgrade or not is the macrumors article comments, I'll scan through and see what people are saying about the update.
link