First things first; what is the actual use case?
Why would you want to have poorly behaved apps on your phone?
Wouldn’t the app be useless if it normally needs internet access, and you then go and disable it?
And if it doesn’t, apart from being really iffy, couldn’t you revoke the permission?
If it uses unwanted background data, then just keep background services off.
Since AFWall uses iptables, all that you’d need to figure out is how it is able to correlate traffic to a certain app. If that is still doable in SFOS (at least Android app names show up in top), then you should be able to do the same.