macOS 14 Sonoma: bug in the firewall prevents many apps from working

The new version of the Apple operating system, macOS 14 Sonoma, is now on the launch pad. Unless there are sensational developments, in fact, it should debut in the official version on September 26th. Yet, even before the presentation to end users, there are already those who complain about anomalous behavior. A bug introduced in firewall of macOS seems to be responsible for the failure of many applications that work at a low level, such as VPN clients and programs for analyzing data packets.

Moleone of the most famous and appreciated solution developers VPN, reported the problem to Apple developers but received no response. Indeed, in the last betas and then in the Release Candidatea preview version that slightly anticipates the launch of the definitive release, the bug is unfortunately always present.

As the Mullvad experts explain, the bug concerns the mechanism of packet filtering used in macOS 14: The Swedish developer’s VPN application, as well as other programs, simply cannot work properly. Mullvad also tried to “get around the obstacle” by attempting to develop a patch for the new macOS 14 systems but, unfortunately, it was not possible to develop a reliable and effective solution. The solution to the problem is ultimately up to Apple.

Mullvad technicians add that, due to the bug discovered in macOS 14, the firewall rules are not applied correctly to network traffic. Suffice it to say that communications that should not be allowed are instead erroneously authorized. “We believe this is a critical flaw in the firewall. Anyone who relies on packet filtering or apps that use it in the background on their macOS devices should be cautious about updating to macOS 14“, comments Mullvad. The company’s advice is to stay with macOS 13 is coming until the bug in question is resolved.

How to reproduce macOS 14 Sonoma firewall issue

Mullvad urges all interested parties to thoroughly inspect the behavior of macOS 14 firewall to perform a series of steps. The operations described below reveal the problem that negatively impacts the functioning of the Mullvad VPN and a wide range of third-party applications.

In a terminal window, you can start by creating avirtual network interface, used to monitor traffic and the effectiveness of firewall rules set later. It is good to keep in mind that the interventions applied lead to the removal of all policy possibly applied previously:

sudo ifconfig pflog1 create
sudo tcpdump -nnn -e -ttt -i pflog1

With the following commands you create a series of firewall rules, noted in the file pfrules.

pass quick log (all, to pflog1) inet from any to
block drop quick log (all, to pflog1)

The first rule (“pass”) allows locally generated traffic (from programs or services running on the Mac system itself) to communicate with services listening on localhost without any firewall restrictions. The second rule (“block”), however, rejects (discards) everything network traffic which has no correspondence with the previous rules. If the traffic is not allowed with other rules, it is blocked and the connection attempt noted in the firewall logs (pflog1). In short, the block affects everything incoming traffic e output from the device.

Enabling firewall rules and verifying the problem with macOS 14

At this point, you can activate the function packet filtering e activate the rules created previously:

sudo pfctl -e
sudo pfctl -f pfrules

By pinging the server di Mulvad, the traffic should be automatically blocked because it violates the set rule. Additionally, the connection attempt should be recorded in the log file pflog1as correctly requested:


Well, none of this happens: macOS 14 allows pinging to remote servers accessible via the Internet and collects any response received following the sending of the messages. ICMP packets. Also, the log file pflog1 remains empty: the operation is not “logged” in any way.

After finishing the experiment, you can disable the firewall and clear all rules:

sudo pfctl -d
sudo pfctl -f /etc/pf.conf

At this point, an intervention “in the Cesarini area” by Apple is desirable with the aim of restoring the correct behavior of the firewall in macOS 14 Sonoma.


Please enter your comment!
Please enter your name here