Mathieu Virbeltun2socks + PF on macOS is not tun2socks + TPROXY on Linux.
Linux namespaces = true per-app isolation. macOS PF = user/group filtering only.
DNS is broken too: mDNSResponder uses a Unix socket, PF never sees it. Your "transparent" proxy isn't.
NETransparentProxyProvider exists, rabbit hole for later
Linux namespaces = true per-app isolation. macOS PF = user/group filtering only.
DNS is broken too: mDNSResponder uses a Unix socket, PF never sees it. Your "transparent" proxy isn't.
NETransparentProxyProvider exists, rabbit hole for later