Apple removes firewall exclusion list in second beta of macOS Big Sur 11.2

Last November, as a result of an Apple server crash, several users noticed that some apps on their computers took longer than normal to open. Soon after, we learned that this was the normal behavior of Gatekeeper, a feature on the Mac designed to prevent insecure software from running. The situation led to the discovery that the operation of the security protocol could be better and Apple publicly committed to making the necessary changes and improvements. Today with the second beta of macOS 11.2 comes one of them.

The importance of essential connections for the operation of a Mac

In macOS Big Sur Apple granted some essential services of the system itself the possibility of connecting to the internet without having to go through firewalls that, as users, we could install. The intention of this design was to ensure that the App Store, FaceTime or the update service, for example, always had access to the servers to perform their functions, something that was achieved with a file called “ContentFilterExclusionList” that contained the list of services excluded from the need to go through the firewall.

The idea was good, can ensuring that some basic services continue to function at all times is definitely a good thing. With a stroke of the pen, it resolved that, by mistake in some configuration of a firewall app, we could block those connections in an unwanted way. And where it was still a better idea was against certain malware that block system updates to avoid being eliminated.

Omg we did it! ?

Thanks to the community feedback (and ya, bad press) Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2)

Means socket filter firewalls (eg LuLu) can now comprehensively monitor / block all OS traffic !!

Read more:

– patrick wardle (@patrickwardle) January 13, 2021

Nevertheless, This system prevented that, as users, we could monitor that traffic: know the connections, know how much data is destined for them, the IP to which they communicate, etc. In this situation, Apple has decided to withdraw the exclusion list. This means that as users we have full control over those connections. A control that must be exercised with caution to guarantee the proper functioning of the equipment and that we can carry out with third-party firewalls such as LuLu or Little Snitch.

It is clear that maintaining the security of a computer system means continually updating and improving it. In the end, a good security system has to be balanced in terms of usability and protection.