Lockdown: Open-source firewall that blocks app tracking, ads, snooping

It&#x27;s functions similar to other mobile ad-blockers in that it can route all your phones traffic over a VPN tunnel it establishes.<p>But the ad-blocking vpn server is 127.0.0.1, so perhaps, like it says all the blocking happens right on your phone.<p>This is what I&#x27;ve been waiting for if this works.<p>Still getting ads on instagram though.

Looks like the core of this is done via <a href="https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;networkextension" rel="nofollow">https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;networkextension</a><p>some cool stuff here:<p>- Content Filter Providers: <a href="https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;networkextension&#x2F;content_filter_providers" rel="nofollow">https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;networkextension&#x2F;c...</a><p>- DNS Proxy Provider: <a href="https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;networkextension&#x2F;dns_proxy_provider" rel="nofollow">https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;networkextension&#x2F;d...</a>

Is there anywhere with an in-depth overview of what this does? Does it just fail DNS request and block known IPs? How are the lists maintained and updated? With TLS and it surely not mitm-ing connections, that&#x27;s all it can do correct?

It&#x27;s &quot;open source&quot;, but there&#x27;s only been 5 commits since August last year? Where do the updates to blocking rules etc come from?<p>Also, the homepage states &quot;Over 1 Billion Trackers Blocked&quot;, but that really feels misleading.<p>I&#x27;d say Guardian Firewall is a much better choice: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;guardianiosapp" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;guardianiosapp</a>

On macOS, we got a port of OpenBSD pf (probably not up to date though). I&#x27;ve been able to convert hosts files to OpenBSD pf format in, when was it, 2002? What you&#x27;d need to do is create an anchor. Perhaps there&#x27;s a GUI for it as well for those who prefer. There&#x27;s at least pfBlockerNG which basically does that for PfSense. [1] FWIW, all of this existed before Pi-Hole (or Raspberry Pi for that matter). IIRC there was also a converter script for hosts files to IPTables rules.<p>Is it possible to import such rules to Little Snitch? That&#x27;s the go to firewall on macOS, though it is proprietary. There&#x27;s also LuLu, a FOSS firewall for macOS. [2]<p>Now, from my memory, these block lists did cost quite some memory on a machine with 512 MB RAM. Even though it&#x27;d do dedup. What one could also do is build up a VPN with a remote server (in the cloud, or at home) and use say use WireGuard to have a secure connection while using a remote DNS on the VPN to get ads blocked.<p>[1] <a href="https:&#x2F;&#x2F;www.linuxincluded.com&#x2F;block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.linuxincluded.com&#x2F;block-ads-malvertising-on-pfse...</a><p>[2] <a href="https:&#x2F;&#x2F;github.com&#x2F;objective-see&#x2F;LuLu" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;objective-see&#x2F;LuLu</a>

As a pihole user for years I recently bought a firewalla blue. Installed pihole on the firewalla, turned off firewalla ad blocking, and done.<p>I can VPN to my home ad blocking network from anywhere, have more insights into my home network shenanigans, and still use my personal block list built over years. Super easy and most importantly, done.

The unfortunate truth is, Apple does not allow us to use a firewall on iOS.<p>This is a DNS-sinkhole, which can be easily circumvented by apps (for example by using hard coded IPs.)<p>I would say it&#x27;s rather dishonest to state your app is a Firewall on the front page, when in fact it is not.

Seems to operate the same way adguard from mac&#x2F;android does?

I gave this a try on macOS, but I still see all the ads I&#x27;m used to.<p>It looks like the block lists are really short (<a href="https:&#x2F;&#x2F;github.com&#x2F;confirmedcode&#x2F;Lockdown-Mac&#x2F;tree&#x2F;master&#x2F;Block%20Lists" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;confirmedcode&#x2F;Lockdown-Mac&#x2F;tree&#x2F;master&#x2F;Bl...</a>).

I use Firefox Focus and this looks similar for mobile (though they add MacOS too). Has anyone evaluated the difference?

So pihole then.

Wish I could use this AND 1.1.1.1 Warp. iPhone doesn’t seem to be able to do both.

Block this! For Android. <a href="https:&#x2F;&#x2F;block-this.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;block-this.com&#x2F;</a>

I did a test of this. uBlock Origin blocked all the calls before it made it to the firewall. IMO why would you use anything else.

Unfortunately, the Mac version requires 10.15 (Catalina) or later. I won&#x27;t be touching that for quite sometime to come.

Does Apple ban apps that interfere with other apps?<p>Or is it Google that does that?

Headline might want to note IT&#x27;S MAC ONLY

For an open source app distributed on the App Store, is there actually any way of verifying that what you get on your phone is the same as the source code you can read?