Catalina: accepting incoming connections on unbound does not survive a reboot

Bill Cole macportsusers-20171215 at
Thu Jan 14 20:53:41 UTC 2021

On 13 Jan 2021, at 8:26, Gerben Wierda via macports-users wrote:

> I did not have this problem under Mojave, but since I have upgraded I 
> do.
> I am running a backup nameserver (in my split-DNS setup) on a mac 
> desktop (unbound via MacPorts). After a reboot, the first user to log 
> in gets a panel from the firewall with the question to allow incoming 
> connections for unbound. System administrator user name and password 
> are  given and incoming connections are then accepted. But after a 
> reboot I have to do this again.

Yes. Because modern macOS is unfit for server applications. Apple 
started making design choices circa Sierra aimed at converging it with 
iOS, for reasons that make sense for personal computers but without 
regard to how servers would be affected.

Historically it has been possible to make specific persistent exceptions 
using the Firewall panel of the Security preferences pane and supposedly 
this still can be done on Catalina (see 
but I have not tried that and it may not work for software that is not 
packaged as a macOS application. You definitely should disable "stealth 
mode" in that panel.

Disabling the built-in firewall entirely may be your only solution. I am 
not sure because I have not bothered trying to make any macOS newer than 
El Capitan usable as a server. Life is short and FreeBSD exists.

Bill Cole
bill at or billcole at
(AKA @grumpybozo and many * addresses)
Not Currently Available For Hire

More information about the macports-users mailing list