[FEATURE PROPOSAL] Better GUI for build-in app firewall

I’m gonna start by saying my offer won’t be a big deal. (Well, at least I hope so.)

The idea came to me after I experienced some problems with AFWall+ firewall which I use to control overall traffic consumption, restrict internet access for selected processes, and by default — for all newly installed apps until I grant it by myself. But the problem is not only that AFWall+ is too heavy and superfluous tool for such basic tasks, but also that it has long-term compatibility issues with android feature called work profile, and as a result — cannot work correctly with popular sandboxing tools Shelter/Island, which is another useful solution for privacy and security. Moreover, all Android firewall apps require ROOT or occupy VPN.

On the other hand, we all know that parental LineageOS already have build-in capabilities to restrict applications from cellular and/or WiFi data access. (Settings » Apps » your target app » Data usage) This is a pretty sophisticated way, and you can’t choose to strict internet for freshly installed apps by default, but still, it is a native mechanism with flawless compatibility and minimum load on the system. This definitely sounds better.

So I want to ask if it is possible to equip this build-in mechanism with more advanced control interface to recreate a possible maximum of features that are offered by third-party app firewalls? I think this could completely eliminate the need in such tools for most of us.

And I’m curious, why the LineageOS developers didn’t add these features to the Privacy Guard permissions system?

1 Like

I can’t answer your question because I am not a “/e/ member”.
I just wanted to talk you about NetGuard, that is kind of a Firewall you can use without being root. I use it since a little while, and I am not skilled enough to check if it works well, but it seems to me that the applications I block (like you, they’re all blocked by default when installed) can’t find Internet.

Sorry if you already knew this app.

Yeah, I really know about NetGuard and have tested it a little a while ago, but wasn’t satisfied with how it works compared to AFWall+.

But the point is that it might not even be necessary if the built-in firewall worked in the same accessible way and performed the main functions of these two, like blocking internet access for all newly installed apps by default. In many cases, it is even more effective approach than the permission system or finding open-surce alternatives without build-in trackers.