This is only necessary on Windows. I used OpenSnitch for a while and there are literally nearly no connections I dont want.
Use Flatpak apps for that purpose and just block their internet. Outgoing Firewalls slow down App opening immensly, so they dont work.
Firejail on the other hand should be implemented, when I try to isolate Firefox, Kate or anything else it doesnt work. It would be useful for some programs though, Firefox, maybe some Apps that run faster as system apps, Nextcloud, virt-manager and so on.
I just use firejail --net=none or unshare -r -n to run programs I don’t want to connecting to the internet.
I never run my browser with Firejail or Flatpak since it already has better sandboxing built in. I know chrome’s sandbox was disabled for it to work with Flatpak (this makes it less secure), so the same might apply to Firefox and could be related to why it doesn’t work with Firejail.
Thanks. No, obviously I am running Fedora Firefox RPM using firejail, and that didnt work for me. Would be great to have a workaround for the lacking features of the flatpak. The sandboxing sounds interesting and concerning. I wonder how the browsers handle that, because the app itself has access over the system, just components of it don’t.
I would also imagine better Hardwarekey support for LUKS unlock (configurable in the installers) would be veery necessary. Swapped in Windows 11 a moment ago (had no internet lol) but apart from that its crazy how many security features they seem to have integrated, especially TPM and hardwarekey.
Also there is this panictrigger USB-Port, that locks the PC or shuts it down when plugged out. Having this for some environments might be useful. Its just a special usb stick and a udev rule, nothing too crazy.