Are Firewall VPN and second VPN possible in the business account?

WukZarathustra

I use the Netguard by Firewall from GitHub on another smartphone. Now I want to switch to GraphenOS.
I had Netguard and another vpn running in the business account.
The instructions from here https://itsignacioportal.github.io/netguard-pdnsf-any-vpn-combo/
I realised this with Island. I used it with Firefox nightly in foreign networks.

Is there a way to use this in GraphenOS as well. Or is there even a much better option that uses less battery power? Many thanks in advance.

UpStream

WukZarathustra Why do you need a firewall in the first place? Do you need to block specific types of requests from specific apps or are you using netguard to just block all internet access?

If you want to block all internet access for an app you could use the built in network permission toggle for that app and block network access in general.

WukZarathustra

UpStream

Well, I generally block everything first. Does the in-built function block first and only release the network when authorised? If the network traffic is blocked after installation, then it would be ok. But if I can only block it afterwards, it would be unfavourable for me. I want to use the Google Play Store. I don't want to give Internet access to apps that don't actually need it.

Netguard also blocks adverts and malware.

If the built-in function works well, I could also use the Fritzbox app via VPN. Then I could use my pi- hole at home with mobile data or in foreign WLAN networks. I don't need the Netguard ad blocker in the WLAN at home.
Or is there even a filter function in Graphenos where I can enter host files like firebog?

UpStream

WukZarathustra You can't edit the hosts file without root access. You could add an ad blocking DNS in the settings like an adguard DNS or maybe your VPN provider has a toggle for ad blocking?

Upon installing an app the OS gives you the option to disable network access for the app. If you revoke the network permission during installation the app won't have internet access at all. You can change that in the settings and give the permission back.

missing-root

GrapheneOS has a network permission that is opt-out but available on installation.

That way you can make sure apps dont have internet.

But for only allowing certain domains you may want a firewall or even DNS block.

Dns is for the entire system afaik, but the work profile has its own network connection and thus can have an own VPN app with firewall functionality (controlling all network traffic, auto-start and block other connections)

While you cannot edit the hosts file, you can use a DNS like NextDNS that allows you to disable many domains by simply not resolving them.

WukZarathustra

Thanks for the answers. Good that the network traffic can already be cancelled during installation.

I only used the business account with 2nd vpn for security. If there is a reasonable network blocking, I could just use my Fritzbox app. Then I can go with mobile data and foreign WLAN via the pi-hole at home. I think that would be enough.

WukZarathustra

I have now installed GrapheneOS 😀. The procedure with Stelter or Island is probably only possible if you can't simply add a business account. That's why I'm wondering if I have to do the trick with 2 VPN accounts at all with Stelter and Iceland. In principle, Iceland only simulates another user account. Netguard only has to access the 2nd account via socks5. Then Netguard would continue to block in the main account and in the 2nd account, not block but enable a 2nd VPN. I hope you understand what I mean. Otherwise, please see the instructions above.