jgrisham
commented
2 years ago A port-based firewall with a wildcard as a hostname, if possible, would allow such things as blocking all apps from contacting 3rd-party DNS servers (on traditional or TLS ports but would not, of course, block ‘DoH’ requests).
Expanding firewall rules to be able to be based on full FQDNs/subdomains not just basic domain, e.g. s1.s2.s3.s4.example.com vs just example.com. Blocking criteria that include the option of being based on protocol (TCP/UDP/ICMP, etc), IP protocol (v4/v6), and port number. This could be combined with https://github.com/confirmedcode/Lockdown-iOS/issues/85 and https://github.com/confirmedcode/Lockdown-iOS/issues/86 to offer much more control.