You could let uncomplicated firewall (ufw) do the rules for you:
https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29
https://help.ubuntu.com/lts/serverguide/fir...GB#firewall-ufw
Note that if your actually concerned about the blobs taking liberties, they could be written to talk at a level below iptables so a firewall is not going to help. What we really need is a fake celltower (possibly using https://wiki.yatebts.com/) and then monitor all traffic. Would also need to do the same for wifi but thats a lot easier as any old linux box with wifi can be made into a logging router.
Also of interest is the fact that the Android Container used to talk to the drivers by Debian has no network permissions so it is effectively fire-walled for free just now. So personally I've not installed a firewall as I suspect any phone-home stuff is either already blocked or at too low a level to be block-able.
Thank you, Adam. I installed ufw and its gtk frontend, but the latter is one of those applications that is extremely small onscreen. There is, someplace, a configuration file for gtk and Gnome applications that allows fonts to be specified, but I haven't found it yet -- will look some more today. This would make a lot of apps useful.
As to the firewall, I am interested in large measure in a firewall's logging capabilities, to see what if anything is going on. But if it happens at a level a firewall can't block, I suppose a firewall couldn't monitor and log it, either. I wonder if there is an application that looks at all connections at the point they enter or leave the device, or if such a thing is even possible.