What are the most secure settings of the default rules and the custom rules, such that would block all the threats from the Internet, but would not unnecessarily harm the performace of any applications?
Depends on the user; since the firewall is only for rooted devices, there is no generic recommendation.
So thats not rly my opinion.
Best settings for the start is at first the whitelist mode. So no app has the permission to get access to the internet as long as you dont set it. At least it should
if an app isn’t working check the logs which app wants to connect. For.this you have to activate the logs first in firewall settings. As the awhitelist mode.
the second thing is rly almost every app of googles os wants to connect to.the internet. But the very less rly need it.
For me everything is working without allowing internet for most of google apps. If you dont use vpn the kernel doesnt eveer need to connect to the .internet. For downloads inthe browseer ofc the browser and the download service (not the app) needs the internet permission. Google play only need for sign in the google account manager. But this only once. After singning in you can deactivate the ruke for it. The contacts dont need internet. At least if you dont want to shhare all your private contacts with google So the most apps dont need internet.
Youtube app needs the mediaserver to work properly. Most of free games and apps want the permission to full internet access. Mostly because of ads. You know what imean. So block them and get rid of the ads. As said the very less rly need internet, they just want to collect your data and show you some ads noone ever need.
Simply grant ONLY the app who rly needs to. I think you got it.
if you have questions about hiddn gps and tracking services in google or anything else just ask here.