How to permanently block app's internet access on LineageOS without Magisk and all that stuff
Every installed package has its own Linux uid and gid. The idea is to find that uid and use iptables to block any traffic coming from processes owned by that uid.
Enable developer settings.
Enable USB debugging (adb) and rooted debugging.
Attach your Android phone to a computer via USB cable, verify that device is detected by running
adb root, then
Then, on the device, run
cmd package list packages -3 -U to see list of packages and their uids.
When you've found the uid you were looking for, add the following rule on top of the OUTPUT chain (replacing
$UID with actual number):
iptables -I OUTPUT 1 -m owner --uid-owner $UID -j DROP
To make it persistent, use technique described here.
Don't forget to disable rooted debugging when you've done.