iOS Firewall?

I am addicted to uMatrix. I have almost everything blocked by default. I love the control.

My problem is that I can’t have that kind of control on my phone. I want some kind of uMatrix-like interface for my entire phone’s internet connection. I know, crazy right? I want to see - by app - all the domains that my phone is connecting to. Not the IP addresses, the actual domains. I want to be able to control the content they’re downloading and uploading in real time.

The following are some apps that are similar to what I’m looking for, but don’t quite get me there. Any help or advice would be appreciated. Also, an iOS section on privacytools.io would be much appreciated.

Lockdown: I currently use this, but only the free firewall. Has anyone used the VPN? Is it helpful? Lockdown will let me block any domain I want. The problem is, I don’t know what domains to block. It logs stuff it blocks, which is nice.

Guardian Firewall+VPN: This is great for most people I guess, but it’s a set it and forget it kind of thing. I want control. It’s also a bit pricey.

AdGuard Pro: I currently use AdGuard free. Someone on Reddit recently posted some screen shots that make it look like AdGuard Pro will actually log all the domains visited by your phone. That would be great, because then I could at least look through them and decide if I want to blacklist them. I’m a little confused about the DNS part though. I use ProtonVPN (free) on my iPhone. I can use that and Lockdown and AdGuard free all at the same time. If I turn on AdGuard Pro, and I want that logging, will that require using DNS from AdGuard? Is ProtonVPN currently providing my DNS service? If I use AdGuard Pro DNS rather than whatever PVPN is providing, will that screw up my VPN connection? I don’t get it. https://adguard.com/en/adguard-ios-pro/overview.html

Charles Proxy: This is a neat tool someone just told me about and I haven’t used. Looks like it will log all requests from your phone. Is that true? I guess I’d turn it on and see what connections are being made, and then I can add those domains to Lockdown’s blacklist if I want. Right? Theoretically?

All of this is a little overwhelming and confusing to me, but I’m willing to put in some effort to figure it out. I want to be in CONTROL of my data in real time. I’m sick and tired of tons of things happening in the background that I don’t understand. I don’t want it to “just work” like everyone else does. I want it to just do exactly what I tell it to do and nothing else.

Charles Proxy: https://apps.apple.com/us/app/charles-proxy/id1134218562

Lockdown: https://lockdownhq.com/

Choosing a right dns provider in DNSCloak might help as well.

Yeah, thanks for that. I tried DNS Cloak. I found it very confusing. Also, listing IP addresses doesn’t do me any good. How can I tell a good IP from a bad one? How do I pick a DNS provider? Does it mess with PVPN DNS service? Is PVPN even providing DNS service?

If anyone is wondering, “Why don’t they just buy a used Android phone and install one of the alternative OSs out there, like Ubuntu Touch or Lineage OS or Graphene OS or whatever?”

This is your answer: https://www.reddit.com/r/Ubports/comments/d7pwzg/how_i_destroyed_my_brand_new_oneplus_one_after/

And this: https://www.reddit.com/r/Ubports/comments/d7eiju/ubports_installer_feedback/

Also, there is the coming soon Gate17: https://safing.io/

The idea is a good one. A private, Tor-like (kind of) network that’s integrated with a firewall on your device. It’s not out yet. Still in development. And it won’t be available for a phone for who knows how long. But it’s a thing.

I don’t use the logging in DNSCloak, so I can’t really tell. I usually use the ones with filtering, and I believe you can use NextDNS to have more control. But yes it runs as a VPN service so it doesn’t work with other VPNs.

I can so much relate to your post!

A dream would come true!

+1

Same here!

On iPhones, ProtonVPN & Lockdown are 2 VPNs. I was wondering:
How do you manage to use 2 VPNs at the same time on your iPhone?

Have you tried https://www.dnsleaktest.com/ ? They should give you the DNS actually answering your queries.

Have you tried it now? Do you like it? If so, do you keep it on all the time?

I can see the domain names in the logs. So, if this is what you’re looking for, I’d give DNSCloak a second chance.

Choosing Adguard DNS servers is a possible option. And since you seem trust Adguard, problem solved. No?

Not sure it is possible on a smartphone, or at least not with a proprietary OS.

That’s the ultimate dream!!