Network Firewall

Quira includes an application-level firewall that operates at the network layer inside the browser — similar to macOS's built-in firewall and Little Snitch. Every outbound and inbound connection is evaluated against configurable rules before data is transmitted.

How it works

The firewall intercepts all network requests at the Gecko networking layer (before the request leaves the browser process). Each request is evaluated against an ordered rule set:

1. Domain blocklist — Known malicious domains, tracking servers, and ad networks
2. Protocol rules — Block non-HTTPS connections on sensitive pages
3. Per-site rules — User-defined allow/block rules per origin
4. AI classifier — On-device model flags suspicious connection patterns

Firewall rules

DNS filtering

Quira resolves DNS locally with built-in DNS-over-HTTPS (DoH) support. DNS queries are encrypted and sent to a configurable resolver (Cloudflare 1.1.1.1 by default). The browser also maintains a local blocklist for known malicious domains, evaluated before any DNS query is made.

TLS enforcement

All connections are upgraded to HTTPS when possible via a built-in HTTPS-Only mode. Certificate transparency logs are checked for recently issued certificates. Quira warns on:

• Certificates issued by unknown or distrusted CAs
• Short-lived certificates that may indicate phishing infrastructure
• Certificate changes for previously visited domains (TOFU model)

Configuration

Firewall settings are accessible at quira://settings/security/firewall. Advanced users can import/export rule sets in JSON format and subscribe to community-maintained rule lists.