It would be nice to have more control over network with GrapheneOS. At the moment GrapheneOS allows disable network on per-app basis, but I think some general network functions could improve security. Examples:
- Enforce network isolation (Layer 3) over WiFi / mobile data
- Disable multicast (Layer 3) over WiFi / mobile data (can be done via plethora of methods - from disabling multicast IP ranges to using "ip link" or "ifconfig" tools)
- Disable ICMP (at least inbound echo types)
- Disable all forwarding (can be done via SysCTL configuraiton)
VPN Apps already do some of that, but Android OS can enable mentioned features on its own.
BTW, is there a seciton specifically for feature requests? Is it better to post such requests GOS GitHub or here? There should be a forum section (and/or tag) just for that.