It should be possible to install on all devices controlled by an OS, to install a firewall.
Smartphones are microcomputers with a telephony app. 
If I thought I needed a granular per-device firewall with potential loads of micromanagement, why do I need IPFire?
I somehow feel this discussion is moving away from the original question and instead of focusing on the capabilities and potential shortcomings of a central firewall like IPFire, which is the only thing I feel should be needed, to something else that should not be needed if having a central solution.
With the exception of Mobile Data, all my network goes through IPFire. If there are shortcomings in regards to whatever service protection/blocking in the firewall, those should be evaluated at that level, not by recommending users to install an additional local firewall per deviceā¦ why would anyone do that without scrapping the central firewall? Then I could just install ZoneAlarm (or equivalent) on every compatible device and shut down IPFire. I would hate the micromanagement though.
Your original question was about how IPFire could stop Google harvesting location information from your publicly broadcast wifi information.
I already said in post 10 that IPFire canāt. The same applies to Netguard and to Zone Alarm or to pfsense or any other firewall.
None of them are in the communication loop. The info is requested from the wireless card in your phone or the WAP and the wireless card responds directly back with the information.
How can any firewall respond when it is not in the traffic flow loop. It canāt be done.
1 Like
Additionally I think, if you want to control all these devices by IPFire you have to block many connections which are essential for smartphones.
The transport layer ( Wifi vs. mobile data communication ) doesnāt influence contents of the data tranported.
What about a āniceā app with transport choice
try to send per wifi
if blocked, send per mobile network
With this all effort in IPFire is ruled out, because the device knows a by-pass.
1 Like
Yes, I was talking about firewall on your mobile phone, obviosly when you are on WiFi, you will be using your router with IPFire but you might also need to filter mobile data traffic..
2 Likes
Yeah, you are of course right.
I do have Bitdefender Mobile already on my private phones, canāt do anything about the work ones. It has a bunch of inbuilt protection, but it is of course not really a firewall as such.
Got a Samsung S9 Tablet and an S24+ phone that I can play with for that. But not installing other OS like Lineage on them for better safety, I think I will check out how ZA is doing these days and check for options. After all, Checkpoint is the owner and that should vouch for something. Will look at Netguard.
1 Like
What are your thoughts about the Netguard firewall for your Samsungs ?
None as of yet since I havenāt made the installation.
I am inclined to check with Bitdefender first to see if they have similar protection, even if not specifying firewall. Bitdefender Mobile Security for Android Devices
Since that is part of my subscription with Bitdefender I am not likely to just stop using it without sorting out these things.
1 Like
Let me know what you find out about bit defender mobile.
You would want to be able to import some type of blocklist, be it IP list or host file.
Seems the Bitdefender Mobile app protection is not covering any ārealā Firewall functions. A lot of other protection, as hinted, but they actually advised to use something like Netguard for additional insurance. Seems they might know what it is and that it would serve a decent complement, assuming one knows a bit on how to configure it.
With that sorted I will get Netguard on my tablet, for greater interface visibility, and see what it does. A challenge is probably to see how successfully it performs the protection. Ah well, read up and test is the way to go, as usual.
Do not expect anything in a rush, I am a slow mover.
@sec-con I use Netguard on my Samsung S8+ and I must say, I am very impressed with it. It is quite detailed in its firewall application as you can block individual apps from talking to the world. The logs option is also quite useful to see exactly what traffic is flowing between phone and world but it is a paid-for optionā¦ The best thing for me is it does not require root. Just my 2c.
2 Likes
So first impression of Netguard: it identified 470 applications with potential internet access. Including all the android-system apps.
There is of course a regular App list, with the applications I actually use and have installed, among them Aqara (Xiaomi) for IoT devices, and I could see how Aqara connects to chinese servers.
So if I disable Aqaraās access to its servers, my IoT devices will probably stop working and I do not want that. The trick is probably to identify potential harmful content in this communication and block it, but there is really no way to know what is harmful and what is required for proper function. Not without digging a lot and I am just not going to do that.
Netguard seems a good example on how apps need to get smarter and decide for themselves - via profiling - whether something should be blocked or not, depending on intended usage.
1 Like
That is great to hear, finally something comparable for Android what I am used to on a PC.
Just from reading his website and couple of his posts I think the developer seems to be a reasonable guy, even if he seems to have quasi a monopoly on an app like that. I think I saw that you can literally send him 10c to get access to the paid version?
Is Agara a smart home automation app? Do you use your Xiaomi phone as a gateway or a hotspot for the IoT devices?
So Aqara and Xiaomi has many things.
My usage is exclusively a few temperature and power monitoring sensors. First I bought a few Xiaomi, then Aqara somehow took over Xiaomiās products and then I went for those.
These are simple IoT devices connected to a hub and they run on my Blue wifi with no access to Green. Hub has internet access, the rest of the devices connect via the Hub. It is this product line: Hub M2 - Aqara
I have the Aqara hub on my Samsung Galaxy S24+ Smartphone.