Re: Catalina: accepting incoming connections on unbound does not survive a reboot
On 14 Jan 2021, at 18:50, Tom wrote: Have you tried Lulu or Little Snitch? I've used both on various versions through 10.14. It is my understanding that due to Apple exempting their own software from the Network Extension Framework, both are hobbled on 10.15+, but that with 11.2 they will be reversing that choice. My issues with modern macOS for server applications are mostly with the broken logging and the difficulty of stripping down the operational environment to just what's needed on a Mac that doesn't normally function as a personal computer. Disabling the built-in firewall entirely may be your only solution. I am not sure because I have not bothered trying to make any macOS newer than El Capitan usable as a server. Life is short and FreeBSD exists. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Catalina: accepting incoming connections on unbound does not survive a reboot
On 13 Jan 2021, at 8:26, Gerben Wierda via macports-users wrote: I did not have this problem under Mojave, but since I have upgraded I do. I am running a backup nameserver (in my split-DNS setup) on a mac desktop (unbound via MacPorts). After a reboot, the first user to log in gets a panel from the firewall with the question to allow incoming connections for unbound. System administrator user name and password are given and incoming connections are then accepted. But after a reboot I have to do this again. Yes. Because modern macOS is unfit for server applications. Apple started making design choices circa Sierra aimed at converging it with iOS, for reasons that make sense for personal computers but without regard to how servers would be affected. Historically it has been possible to make specific persistent exceptions using the Firewall panel of the Security preferences pane and supposedly this still can be done on Catalina (see https://www.dummies.com/computers/macs/macbook/how-to-customize-your-macbooks-catalina-firewall/) but I have not tried that and it may not work for software that is not packaged as a macOS application. You definitely should disable "stealth mode" in that panel. Disabling the built-in firewall entirely may be your only solution. I am not sure because I have not bothered trying to make any macOS newer than El Capitan usable as a server. Life is short and FreeBSD exists. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Catalina: accepting incoming connections on unbound does not survive a reboot
I did not have this problem under Mojave, but since I have upgraded I do. I am running a backup nameserver (in my split-DNS setup) on a mac desktop (unbound via MacPorts). After a reboot, the first user to log in gets a panel from the firewall with the question to allow incoming connections for unbound. System administrator user name and password are given and incoming connections are then accepted. But after a reboot I have to do this again. This worries me. My main server (stilll on Mojave until I have enough confidence in MacPorts under Catalina to upgrade) must be able to survive a reboot without any user interaction via the GUI (i.e. when I am away from the physical location). I wonder if it has anything to do with how unbound has been installed via MacPorts. Any tips? Thanks, Gerben