All committers have signed the CLA.

Softnet's primary goal is VM network isolation.

Why use it if you don't need that property? 🤔

I haven't found a way to avoid the PRIVATE flag when a VM network interface is added as a member to a bridge network interface while using the default shared NAT network, so I tried using softnet. I don't have a lot of knowledge about this, so I think I may have used the wrong method. Is there any way to use the default shared NAT network and allow VM to VM communication?

I haven't found a way to avoid the PRIVATE flag when a VM network interface is added as a member to a bridge network interface while using the default shared NAT network

Interesting. When we were developing Softnet that wasn't the case on macOS 12 (Monterey), but that seems to be changed since macOS Ventura (13)/Sonoma (14).

Have you tried using --net-bridged instead? It doesn't have such limitation.

Yes. Using --net-bridged works fine, but I need an independent NAT network within my macOS host.

It feels to me that the naming of --net-softnet-disable-isolation is an oxymoron and that it'll make lots of people scratch their head trying to figure out what Softnet even offers in terms of security after all.

What I propose instead is to disable the interface isolation automatically when --net-softnet-allow=0.0.0.0/0 is passed to Tart.

This way no additional command-line arguments needs to be introduced. What do you think?

Superseded by #853.