macOS 15.3: Third-party firewalls can no longer block all network traffic

Apple seems to be continuing to tweak the network stack of macOS 15 Sequoia and introducing fresh bugs in the process: After installing the latest version 15.3, third-party network tools are no longer able to see ICMP network traffic. This also means that ICMP packets can no longer be optionally intercepted and blocked. The manufacturer of Little Snitch warns against this. TCP connections and UDP traffic are at least not affected by the error.

Apparently all third-party firewalls are affected

This affects not only Little Snitch, but also all other third-party firewall solutions that use Apple's Network Content Filter interface – and there is no way around the latter, as the developers note. They have already reported the error to Apple and hope that it is just a bug that will soon be fixed and not a deliberate change in the API.

When Apple's new network extension interface was introduced a good four years ago, there were already considerable problems: At the beginning, third-party firewalls were suddenly no longer able to see and block data traffic from Apple apps and services. The newer system extensions run in user space and are therefore far less powerful than the previous kernel extensions, which are no longer available to third-party developers.

Other new bugs with macOS 15.3

When macOS 15 was released last fall, it already caused new bugs in third-party security tools, and Apple had to make improvements here too. It remains unclear why macOS 15.3 is once again bringing such far-reaching changes to the operating system. At the same time, there is another, comparatively harmless bug: tools such as Little Snitch can currently only be completely deleted using a workaround published by the developers.

(lbe)