Comment by Someone

Comment by Someone 10 months ago

> At this point, it’s unclear exactly what is the issue

So, is this a bug in Sequoia or a change that affects these low-level tools? If the latter, they may not like it, but that’s par for the game on MacOS.

(Tried reading https://x.com/patrickwardle/status/1836862900654461270, referenced by sephamorr, but that link isn’t working for me)

inkyoto 10 months ago

It apepars that the default application firewall blocking rules are overly restrictive.

There are two «firewalls» in OS X: the IP packet filter (controlled pfctl) and the application level one (controlled by /usr/libexec/ApplicationFirewall/socketfilterfw). The one that is causing a lot of grief for upgraded users is the latter one.

The workaround is to remove/disable the app level blocking rules manually:

1. Get a list of app level firewall rules:

  /usr/libexec/ApplicationFirewall/socketfilterfw --listapps

2. Locate the app(s) of interest.

3. Disable the app specific rules:

  /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp <path to the app from the list in step 1>

Alternatively, the app can be removed from the list of application firewall rules:

  /usr/libexec/ApplicationFirewall/socketfilterfw --remove <path to the app from the list in step 1>

That will fix the problem, e.g. with Firefox (tested) or WireGuard (reported by somebody else above, untested).

If a DoH DNS configuration is used, it also makes sense to explicitly whitelist the DoH provider in «pfctl» rules at IPv4/IPv6 and domain levels.

Reply View 0 replies

replete 10 months ago

There's a bug megatread on r/macos full of networking bugs that makes it clear that upgrading to sequoia is not a good idea just yet.

Reply View 4 replies

SemioticStandrd 10 months ago

Not just networking issues, there are plenty of reports with external drives having problems as well.

Reply View | 3 replies
- replete 10 months ago
  
  I usually wait for a .4 update before upgrading. One time around Catalina there was a bug that broke USB-C docks.. Oh cool none of my devices work.
  Interestingly in that thread, 'Intel' is not mentioned once.
  
  Reply View | 2 replies
  
  whynotmaybe 10 months ago
  
  This reminds me of a joke about "windows users waiting for the service pack while macos is always stable" that a friend always rubbed in my face whenever I had some issue with windows a decade ago.
  And that I just sent a message yesterday to my team to wait before installing sequoia... But now I'll use your target of .4.
  
  Reply View | 1 reply
  
  replete 10 months ago
  
  That's the trick for stability on MacOS, wait a few versions after a major. Done this for a few years now and I have had no problems. When they change OS APIs, it happens on a major point zero release. Another good reason to wait is many apps aren't ready in time for the changes. I'll install a point 2 or a point 3 if it looks like a good release, but it looks like this isn't one of them. My pro tip for finding out whether its a good upgrade or not is the macrumors article comments, I'll scan through and see what people are saying about the update.
  
  Reply View | 0 replies