summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--talpid-core/src/firewall/macos.rs5
1 files changed, 4 insertions, 1 deletions
diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs
index 5fd8584ad1..140829a10a 100644
--- a/talpid-core/src/firewall/macos.rs
+++ b/talpid-core/src/firewall/macos.rs
@@ -1,6 +1,6 @@
use super::{FirewallArguments, FirewallPolicy, FirewallT};
use ipnetwork::IpNetwork;
-use pfctl::{DropAction, FilterRuleAction};
+use pfctl::{DropAction, FilterRuleAction, Uid};
use std::{
env,
net::{IpAddr, Ipv4Addr},
@@ -15,6 +15,8 @@ type Result<T> = std::result::Result<T, Error>;
/// replaced by allowing the anchor name to be configured from the public API of this crate.
const ANCHOR_NAME: &'static str = "mullvad";
+const ROOT_UID: u32 = 0;
+
/// The macOS firewall and DNS implementation.
pub struct Firewall {
pf: pfctl::PfCtl,
@@ -194,6 +196,7 @@ impl Firewall {
.proto(pfctl_proto)
.keep_state(pfctl::StatePolicy::Keep)
.tcp_flags(Self::get_tcp_flags())
+ .user(Uid::from(ROOT_UID))
.quick(true)
.build()?)
}
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.