Catalina: accepting incoming connections on unbound does not survive a reboot
Bill Cole
macportsusers-20171215 at billmail.scconsult.com
Thu Jan 14 20:53:41 UTC 2021
On 13 Jan 2021, at 8:26, Gerben Wierda via macports-users wrote:
> I did not have this problem under Mojave, but since I have upgraded I
> do.
>
> I am running a backup nameserver (in my split-DNS setup) on a mac
> desktop (unbound via MacPorts). After a reboot, the first user to log
> in gets a panel from the firewall with the question to allow incoming
> connections for unbound. System administrator user name and password
> are given and incoming connections are then accepted. But after a
> reboot I have to do this again.
Yes. Because modern macOS is unfit for server applications. Apple
started making design choices circa Sierra aimed at converging it with
iOS, for reasons that make sense for personal computers but without
regard to how servers would be affected.
Historically it has been possible to make specific persistent exceptions
using the Firewall panel of the Security preferences pane and supposedly
this still can be done on Catalina (see
https://www.dummies.com/computers/macs/macbook/how-to-customize-your-macbooks-catalina-firewall/)
but I have not tried that and it may not work for software that is not
packaged as a macOS application. You definitely should disable "stealth
mode" in that panel.
Disabling the built-in firewall entirely may be your only solution. I am
not sure because I have not bothered trying to make any macOS newer than
El Capitan usable as a server. Life is short and FreeBSD exists.
--
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
More information about the macports-users
mailing list