Apple’s built-in macOS firewall breaks third-party firewalls
Starting with macOS 15 Sequoia, Apple’s built-in firewall is causing troubles when used together with third-party firewalls that are based on Apple’s Network Extension framework (which is actually the only way for third-party developers to create such firewall products for the Mac).
While one of the issues related to DNS lookups has been fixed in macOS 15.1, a new, even more serious one was introduced.
As a consequence of this new bug it can happen that Little Snitch doesn’t receive any network traffic information from Apple’s framework, hence no traffic is then shown in Network Monitor, no connection alerts are shown, and firewall rules for blocking connections are not applied.
For the time being, until Apple fixes this serious bug in macOS, we therefore highly recommend to turn off the built-in firewall of macOS when also using Little Snitch or Little Snitch Mini.
It’s worth mentioning that the Little Snitch firewall also works for incoming connections, providing the same functionality as the macOS firewall (except for stealth mode), so it’s usually not necessary to have them both running simultaneously anyway.
This issue has been reported to Apple (FB15699871) and we hope that they will resolve this problem with an update soon.
If you are affected by this bug, feel free to send another report via Feedback Assistant (mentioning the existing report FB15699871). This increases the chance that Apple will prioritize the fix.