[Joe_Cool]

> Note though, Glasswire was recently acquired by another company

Ah that's why the premium stuff is now free. I was wondering. Let's hope it's not the first sign of enshittification.

> What do you mean by a "real" firewall?

In my experience the "block all non VPN traffic" options in Android don't work reliably. iptables does however.

It's a sad state that you cannot even set a static IPv6 on Android without root.

[ignoramous]

> In my experience the "block all non VPN traffic" options in Android don't work reliably. iptables does however.

Both (iptables/nftables and VPN APIs) have to be enforced by the Linux Kernel, which is subject to the same "Androidisms", if that makes sense.

root, in fact, opens up a gaping hole in that, it totally compromises Android's security model. IMO, it isn't worth to root Android just to run iptables (just because it seems like iptables is what makes a firewall).

[Joe_Cool]

IMHO Android's security model is incredibly flawed anyways. I don't even need root to access stuff I shouldn't have access to on my Mediatek based phone because the firmware has tons of gaping security holes anyways.

I think device you don't have root on isn't really yours and should be treated as a lease.

But you are right, when Wifi/Data is on at boot even the -tables might not get updated fast enough so stuff might get through.