DroidWall - Android Firewall (iptables front-end) [v1.5.5] [Dec/01/11]
- Thread starter rodrigo.zr
- Start date
-
- Tags
- android application data firewall
Okay, maybe someone with a better experience on compiling things for ARM can help me.
I tested many scenarios, none was successful:
1. Use the "iptables" binary from CM6-DS. Seems to work fine on old ARMv5 devices (such as G1). Fails with segfault on newer devices such as N1.
2. Use the "iptables" binary from CM6-N1. Seems to work fine only on newer devices, such as N1. Fails with segfault on older devices such as G1.
3. Use the "iptables" binary from the "android-wifi-tether" project. This binary seems to run on most devices without segfault - but since this version is too old, it fails to apply the rules anyway (this is the error reported above).
4. I tried to compile iptables v1.4.9.1 from source, using the Android NDK. After some tentatives I could compile the binary, but it segfaults on both G1 and N1.
I just need a good (new) iptables binary that runs on any ARM android device.
Thanks
I tested many scenarios, none was successful:
1. Use the "iptables" binary from CM6-DS. Seems to work fine on old ARMv5 devices (such as G1). Fails with segfault on newer devices such as N1.
2. Use the "iptables" binary from CM6-N1. Seems to work fine only on newer devices, such as N1. Fails with segfault on older devices such as G1.
3. Use the "iptables" binary from the "android-wifi-tether" project. This binary seems to run on most devices without segfault - but since this version is too old, it fails to apply the rules anyway (this is the error reported above).
4. I tried to compile iptables v1.4.9.1 from source, using the Android NDK. After some tentatives I could compile the binary, but it segfaults on both G1 and N1.
I just need a good (new) iptables binary that runs on any ARM android device.
Thanks
That is an option, but I am afraid that some devices won't work with either versions. I just have a G1 and a N1 for testing.
Can you guys test the attached version for me? I tested on G1 and N1, both with CM6.
This version includes two iptables binaries.
Thank you!
This version includes two iptables binaries.
Thank you!
Hello Rodrigo,
i installed this version on my Milestone. Looks good
everything works as expected. no error messages. the only thing that could be strange is following text at the end of the window when pressing >show rules
Hello Rodrigo,
i installed this version on my Milestone. Looks good
Good to know it is working on Milestone too.
Version 1.4.1 has been officially released and be downloaded here.
It should appear on Market within a few days too.
Rodrigo... U r the man! The dev version finally works on my nexus one. Thank u so much! Btw is the new 1.4.1dev same as the 1.4.1 on mkt?
I am not sure that the Market version has been updated yet. I still shows 1.3.8 on my market app.
I recommend downloading the official 1.4.1 version from the site. The signature for both the "dev" and official versions are the same, so you should be able to install it without any problem. Only the version on Market has a different signature.
Just installed v1.41 on my stock N1 (rooted):
In blacklist mode I tried to block 3g/wifi for browser, but when I tested I can still browse webs.
Below are the errors I get:
Show Rule:
[: not found
[: not found
[: not found
[: not found
-L: not found
Enable Firewall/Apply Rules:
Error applying iptables rules.
Exit code: 1
[: not found
[: not found
[: not found
[: not found
--version: not found
Does this only work with CM6?
Thanks!
In blacklist mode I tried to block 3g/wifi for browser, but when I tested I can still browse webs.
Below are the errors I get:
Show Rule:
[: not found
[: not found
[: not found
[: not found
-L: not found
Enable Firewall/Apply Rules:
Error applying iptables rules.
Exit code: 1
[: not found
[: not found
[: not found
[: not found
--version: not found
Does this only work with CM6?
Thanks!
Do you get any error from the application? If so, please post the error messages here.
I don't think the stock N1 contains the necessary kernel modules to run DroidWall.
It should work on most alternative ROMs... not only CM6. If the ROM contains the necessary kernel features enabled, it will work
Sorry, I now understand these error messages. An issue has been opened for this problem:
http://code.google.com/p/droidwall/issues/detail?id=41
It will probably be fixed on the new version.
Does it mean it will work on a rooted stock N1 as well? I'm really looking fwd to it!! Thx!
Lets hope so
Can you test the attached development version on your phone, please?
I cannot reproduce this error on my phone, so I need someone to test it for me.
Thanks
Just tested:
Black list mode selected.
1) No app selected.
Show rules:
iptables
Chain INPUT (policy ACCEPT 1184 packets, 786K bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1183 packets, 150K bytes) pkts bytes target prot opt in out source destination
350 30376 droidwall 0 -- any any anywhere anywhere
350 30376 droidwall 0 -- any any anywhere anywhere
350 30376 droidwall 0 -- any any anywhere anywhere
Chain droidwall (3 references) pkts bytes target prot opt in out source destination
which: not found which: not found
which: not found
[1] Segmentation fault /
data/data/com.g...
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
Apply rules:
Applied rules with success
2) Selected "browser" and bloack both wifi/3g
Show rules:
iptables
Chain INPUT (policy ACCEPT 1427 packets, 803K bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1366 packets, 163K bytes) pkts bytes target prot opt in out source destination
533 43735 droidwall 0 -- any any anywhere anywhere
533 43735 droidwall 0 -- any any anywhere anywhere
533 43735 droidwall 0 -- any any anywhere anywhere
31 1540 droidwall 0 -- any any anywhere anywhere
31 1540 droidwall 0 -- any any anywhere anywhere
Chain droidwall (5 references) pkts bytes target prot opt in out source destination
which: not found which: not found
which: not found
[1] Segmentation fault /
data/data/com.g...
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
Apply rules:
Error applying iptables rules.
Exit code: 1
iptables v1.3.7
Chain droidwall (5 references) target prot opt source destination
which: not found
which: not found
[1] Segmentation fault /
data/data/com.g...
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
grep: not found
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
iptables: Protocol wrong type for socket
Took me a long time to type for these... hope it helps....probably it's still the iptable version? but I thiought the latest version has already included 2 different versions of iptables?
Black list mode selected.
1) No app selected.
Show rules:
iptables
Chain INPUT (policy ACCEPT 1184 packets, 786K bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1183 packets, 150K bytes) pkts bytes target prot opt in out source destination
350 30376 droidwall 0 -- any any anywhere anywhere
350 30376 droidwall 0 -- any any anywhere anywhere
350 30376 droidwall 0 -- any any anywhere anywhere
Chain droidwall (3 references) pkts bytes target prot opt in out source destination
which: not found which: not found
which: not found
[1] Segmentation fault /
data/data/com.g...
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
Apply rules:
Applied rules with success
2) Selected "browser" and bloack both wifi/3g
Show rules:
iptables
Chain INPUT (policy ACCEPT 1427 packets, 803K bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1366 packets, 163K bytes) pkts bytes target prot opt in out source destination
533 43735 droidwall 0 -- any any anywhere anywhere
533 43735 droidwall 0 -- any any anywhere anywhere
533 43735 droidwall 0 -- any any anywhere anywhere
31 1540 droidwall 0 -- any any anywhere anywhere
31 1540 droidwall 0 -- any any anywhere anywhere
Chain droidwall (5 references) pkts bytes target prot opt in out source destination
which: not found which: not found
which: not found
[1] Segmentation fault /
data/data/com.g...
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
Apply rules:
Error applying iptables rules.
Exit code: 1
iptables v1.3.7
Chain droidwall (5 references) target prot opt source destination
which: not found
which: not found
[1] Segmentation fault /
data/data/com.g...
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
which: not found
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
grep: not found
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
getsockopt for multiport failed
strangely: No such file or directory
iptables: Protocol wrong type for socket
Took me a long time to type for these... hope it helps....probably it's still the iptable version? but I thiought the latest version has already included 2 different versions of iptables?
Last edited:
Thanks for all the information. Yes - the problem is the iptables version. Droid Wall is failing to use the internal iptables binary because your ROM does not have some very basic shell commands available.
Those commands are so basic that without them it is quite hard to execute a simple "if" inside a shell script.
I completely changed the way that I am doing the binary detection. Can you please test the attached development version? thanks.
Sure. 2nd test:
Black list mode selected.
1) No app selected.
Show rules:
/data/data/com.googlecode.droidwall/cache/iptables_g1
[1] Segmentation fault /data/data/com.g...
[2] Segmentation fault
${IPTABLES} -L -v
Apply rules:
Error applying iptables rules.
Exit code: 1
[1] Segmentation fault /data/data/com.g...
[2] Segmentation fault
${IPTABLES} --ve...
Block wifi/3g of Browser:
Show rules:
/data/data/com.googlecode.droidwall/cache/iptables_g1
[1] Segmentation fault /data/data/com.g...
[2] Segmentation fault
${IPTABLES} -L -v
Apply rules:
Error applying iptables rules.
Exit code: 1
[1] Segmentation fault /data/data/com.g...
[2] Segmentation fault
${IPTABLES} --ve...
Hopes this help!
Black list mode selected.
1) No app selected.
Show rules:
/data/data/com.googlecode.droidwall/cache/iptables_g1
[1] Segmentation fault /data/data/com.g...
[2] Segmentation fault
${IPTABLES} -L -v
Apply rules:
Error applying iptables rules.
Exit code: 1
[1] Segmentation fault /data/data/com.g...
[2] Segmentation fault
${IPTABLES} --ve...
Block wifi/3g of Browser:
Show rules:
/data/data/com.googlecode.droidwall/cache/iptables_g1
[1] Segmentation fault /data/data/com.g...
[2] Segmentation fault
${IPTABLES} -L -v
Apply rules:
Error applying iptables rules.
Exit code: 1
[1] Segmentation fault /data/data/com.g...
[2] Segmentation fault
${IPTABLES} --ve...
Hopes this help!
Wow... both iptables binaries are crashing on your phone (Segmentation fault). Things are getting more complicated than I expected.
I'm out of clues for now!
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
17I don't have an unlimited data plan, so I was quite frustrated to see that my G1 was consuming lots of megabytes in the background (also draining battery too fast).
To solve this problem, I wrote this iptables front-end to block undesired applications from accessing the network.
IMPORTANT: Root access required
Project home:
http://code.google.com/p/droidwall/
or
http://droidwall.googlecode.com/
Download from the Android Market:
After installing, press menu and click Help for an explanation on how to use it.
UPDATE: Latest version: 1.5.5 - You can check the changelog here.
I hope this will help other people.
RZR2
I believe you misunderstood the functionality... DroidWall does not keep two separated lists.I have stock 2.2 rooted On HTC desire . Installed Droidwall ,enabled it .
Now only under whitelist ,clicked internet and did apply rules .Nothing else checked or clicked .
Now I go back and look the Blacklist ,the internet is clicked there also .why ? If I uncheck at whitelist ,it get unchecked at blacklist also .
I am not following this !.
Why does the application gets checked at both the places ,when I check at only one place (either black or white list ) .?
thanks
You must select one of the two operation modes: either white-list or black-list
If you select black-list, it will block the selected apps.
If you select white-list, it will allow the selected apps and block everything else.2It's a great app and very useful but I have a problem with that!
my VPNs don't work properly when the wall is active.
they can connect to the server but when I'm using web browser or synching apps like gmail and other stuff they can't work and they say no connection is available...
any idea friend?
(the VPN networking is selected on white list for both wifi and 3g)
btw tnx for this great app
Those connections are handled by the kernel, you must allow kernel connections...
If that doesn't work, use DroidWall's log to check what is being blocked.1Hello all,
I have my own Android Market account now
Many, many thanks to Jesse C for publishing DroidWall while I didn't have my account (it wasn't allowed on my country at that time).
I will now be able to update the market version more often than before. And I have many new features in mind for the next versions.
Unfortunately, we cannot move an application ownership on Market, so I had to publish DroidWall under a different package name. You can find the new version under the name DroidWall - Android Firewall or just scan the QR code on your phone:
Please, don't forget post a review of the new version
Note that both versions will be installed in parallel, but I definitely don't recommend keeping both since they will "fight" with each other. Remember to remove the old version after installing the new one.
Just to make it clear, since some ppl asked me:
The new version published on Market has the same signature of the APKs published on the website. However, you can't install the APKs from the website "over" the market version since the package name was changed on Market (if you try, they will install side-by-side).1
On the wiki about custom script is some info about the chains, I have found this by checking the script what is executed that applies the rules, its somewhere in /data/data/<package name droidwall> in one of the sub dirs. There is stand what interface belongs to what chain, all you do is add another interface to a chain, in this case the VPN interface
I hope this little thing will also make it to the wiki it could help some people, so that they don't have to spend the time to figure it out on there own.
