Firewalla offers many built-in applications or target categories that you can use when creating Firewalla Rules. However, when managing user access, there may be certain apps that you want to control that are not listed in Firewalla's app list.
How can you create custom rules for any iOS app in Firewalla?
With iOS 15.2 or later, you can enable Apple’s App Privacy Report to see details about each app or website's network activity. This feature is useful for verifying which domains an app needs, and you can use that information to build your custom Firewalla Rules.
For example, you might block internet access for a User at night, but still allow specific apps such as Duolingo or Chess. Apple's App Privacy Report can help you identify the domains needed for those apps so you can create exceptions in Firewalla.
- Step 1: Enable App Privacy Report
- Step 2: Use the app you'd like to control
- Step 3: Check the domains in App Privacy Report
- Step 4: Create Firewalla Rules
- Step 5: Test and adjust rules, or use Target Lists
- Final Thoughts
Step 1: Enable App Privacy Report
First, you'll need access to an iOS device.
On the device, enable the App Privacy Report so that Apple can begin tracking the network activity: Settings > Privacy & Security > App Privacy Report > Turn On App Privacy Report
- If you'd like to control app usage on multiple iOS devices, you only need to enable App Privacy Report on one device.
- Make sure that the device with App Privacy Report has all the apps installed that you'd like to control.
- App Privacy Report simply records which domains each app connects to. Once you've collected the info you need, you can turn off App Privacy Report if you'd like.
Step 2: Use the app you'd like to control
On the iOS device, open the app you’d like to control, like Duolingo or Chess, and use it for a few minutes. This will allow the App Privacy Report to track which sites the app needs.
Step 3: Check the domains in App Privacy Report
Go back to the App Privacy Report in Settings. Under App Network Activity, check the most commonly accessed domains for Duolingo or Chess. Note them down, as we will be using them later.
For example:
- Duolingo frequently connects to *.duolingo.com
- Chess frequently connects to *.chess.com
- (You may need other domains too, so you may need to do a simple trial and error.)
Step 4: Create Firewalla Rules
Now, open the Firewalla app on your device and:
- Create Allow rules for the commonly used domains (e.g., duolingo.com, chess.com) and apply them to the User.
- Create a Block Internet Rule for the User every night, from 7 PM to 7 AM.
Learn more about Firewalla Users and how to Manage Rules.
Step 5: Test and adjust rules, or use Target Lists
When the Internet block is active, check if the Duolingo or Chess apps work on the User's device. If the app doesn't work as expected, add more of the domains listed for the app in Apple’s App Privacy Report.
Some apps contact many domains, so you may need to create a Target List in the Firewalla Web Interface or Firewalla MSP for easier management. For example, you can create a new Target List for Duolingo and add the frequently contacted domains.
Then, use the Target List in an Allow Rule. You’ll be able to update the Target List at any time, and the rules will update automatically.
Final Thoughts
With these steps, you can block or allow specific apps, even if they're not listed in Firewalla's App list. This approach works whether you're managing access for kids, family members, or even work devices that need exceptions. For more Firewalla activity and parental features, check out our article on Activity and Parental Control.
- Note: Not all apps can be controlled this way. Some apps rely on hundreds of domains, or their required domains may change over time.
Comments
3 comments
This requires each iOS device to enable the Privacy Report setting?
@Ray Hamel, you only need to enable App Privacy Report on one iOS device. Just make sure the app you want to control is installed on that device.
App Privacy Report simply shows which domains the app connects to, so you can use that info to create custom Firewalla rules and apply them to other devices. Once you've collected the info you need, you can turn Apple Privacy Report off if you'd like.
We'll see if we can clarify this in the article. Thanks for the comment!
Got it, thank you.
Please sign in to leave a comment.