Firewall on GoS

tastazardo

Can anyone recommend a safe, secure firewall app that I can use on my GoS phone to validate where my apps are connecting to the Internet? This is in addition to my ability to block network access.
I have seen some apps like Rethink DNS + Firewall, AFWall+, Karma, NoUSSD, etc on FDroid. I would of course prefer to use an app that does not require root access.

dazinism

What you are looking for is a way to examine network connections rather than a firewall?

This is decent
https://github.com/emanuele-f/PCAPdroid

[deleted]

I used this type of apps for testing what servers they are attempting to communicate with. Unfortunately they mostly take VPN slot, so can't be used consistently.

Also when talking about what servers apps can communicate with, tracking and analytics can be also remote (indirect, when information gets passed further for say analytics purposes) and you won't get to see that bit.

GrapheneOS

These apps could support forwarding to another VPN app and VPN apps could support being used as a forwarding target rather than only a VPN service. It's entirely an app limitation.

ignoramous

GrapheneOS These apps could support forwarding to another VPN app and VPN apps could support being used as a forwarding target rather than only a VPN service.

Can speak for other apps, but for Rethink DNS + Firewall, it can forward TCP/UDP connections over SOCKS5. In the next version, due in a few weeks from now, Rethink will support forwarding connections to any WireGuard upstream (GitHub).

gimphene RethinkDNS also have the ability to be a firewall (creates the local loopback VPN connection) but it works buggy as for me

What bugs do you see?

newbie24689

GrapheneOS by any chance have you found a "network connection monitor" or "firewall" app that allows this - examine connections that are subsequently handled by my VPN?

gimphene

My solution is to use Wireguard "Always on VPN" and to block or create rules on the router (based on the network layer and DNS)

Pi-Hole for DNS
RouterOS appliance for Wireguard and firewall

Disadvantages: you will not be able to do it per application, like in RethinkDNS
p.s. RethinkDNS also have the ability to be a firewall (creates the local loopback VPN connection) but it works buggy as for me

Hat

I can't add an exception for the Tor Browser app in the OpenVPN options or GOS settings. It this feasible ? "Block connection without VPN" could be kept on ?

ignoramous

Hat I can't add an exception for the Tor Browser app in the OpenVPN options or GOS settings. It this feasible ? "Block connection without VPN" could be kept on ?

Working on this. Hasn't turned out to be easy (https://github.com/celzero/rethink-app/issues/393), but there are signs we'll make it work in v055b, due in a week or two from now.