When on the road, I try to only use my mobile data plan - through tethering to my phone - to keep things as secure as possible. However there are times I'm unable to do so - or just make sense to connect to a local WiFi network - and is for those situations I'm trying to create a customized Little Snitch profile to avoid fiddling with macOS pf's configuration files.
I created a profile (Untrusted networks) to block all traffic, incoming and outgoing, that I use whenever I connect to a new or untrusted networks. The goal is to enable connections only after the VPN connection itself is established first.
As these are alien (or plainly untrusted) networks, I'm not interested in exposing any functionality like reachability, file sharing and so on.
The problem with this approach is that I can't find a way to disable the rules found in the "Effective in all profiles" profile for the Untrusted networks profile only. Again, I don't want to expose any unnecessary stuff on these networks, just the bare minimum to be able to connect to the VPN at which point, Little Snitch will automatically change to a trusted profile.