[5.0+][ROOT][3.6.0] AFWall+ IPTables Firewall [28 AUG 2023]

Search This thread
By:
Advanced…
E

ezechiel1917

Member
Oct 4, 2007
41
5
Hi, using 1.3.1.1 on Android 4.2.2 here
Automatically switching profiles through Tasker plugin doesn't work when DNS proxy is set to Disable DNS via netd in Preferences.
Afwall selects correct profile and applies it's rules but internet in allowed application is not working because DNS requests seems to be blocked (DNS server IP : UDP 53 blocked says Firewall log). If I apply rules in afwall GUI manually after this then it starts to work.
When I switch DNS proxy to Auto, Tasker profile switching works correctly.
Is this a bug or expected behaviour?

Also can you please add automatic refresh of currently applied profile/rules list when you return to afwall gui and profile was changed in meantime?
Current behaviour is that when you return to GUI you display profile/rules which was displayed last time you accessed gui. But if different profile was applied by Tasker plugin in meantime it's not correct profile anymore and you have to exit afwall then relaunch to get active profile displayed.

Ez.
 
ukanth

ukanth

Recognized Developer
Nov 30, 2010
1,543
5,412
Nexus 7 (2013)
OnePlus X
ezechiel1917 said:
Hi, using 1.3.1.1 on Android 4.2.2 here
Automatically switching profiles through Tasker plugin doesn't work when DNS proxy is set to Disable DNS via netd in Preferences.
Afwall selects correct profile and applies it's rules but internet in allowed application is not working because DNS requests seems to be blocked (DNS server IP : UDP 53 blocked says Firewall log). If I apply rules in afwall GUI manually after this then it starts to work.
When I switch DNS proxy to Auto, Tasker profile switching works correctly.
Is this a bug or expected behaviour?

Also can you please add automatic refresh of currently applied profile/rules list when you return to afwall gui and profile was changed in meantime?
Current behaviour is that when you return to GUI you display profile/rules which was displayed last time you accessed gui. But if different profile was applied by Tasker plugin in meantime it's not correct profile anymore and you have to exit afwall then relaunch to get active profile displayed.

Ez.
Click to expand...
Click to collapse
There were multiple reports on the same. I'm currently busy with my other work. I'll surely look into it when started working in AFWall+ If you could do the same in github will make sure that this will be addressed in the next release.
 
  • Like
Reactions: Ultramanoid and Ci-Fi
S

stanlefor

Guest
Hi,

Is this firewall allows to disable background activity for selected apps as mobiwol does?
How?

I tried it but it look like the background data are always allowed.

Thanls
 
S

stanlefor

Guest
Well, i'd like to know that too, because the problem is actually your firewall doesn't block some access...
Which is a big problem for a firewall :D

Thanks mate
 
A

Anderson2

Senior Member
Feb 25, 2012
1,042
90
So, to the obvious question, what is a firewall that is open source, blocks both foreground and background, is for rooted devices, and preferably (but not necessarily) is free?

I used to use Avast's mobile app which worked very well but was not open source.

---------- Post added at 08:48 PM ---------- Previous post was at 08:45 PM ----------
stanlefor said:
yeah.

http://www.pocketables.com/images/2013/08/Restrict-app-data-304x506.png

If you look at your data, you can see that applications use foreground and background data. AFWall+ doesn't block background data.

For instance, swiftkey is blocked in AFWall+ for me, but it still use data. I have to block it ether in android with "restrict background data" or with another firewall.
Click to expand...
Click to collapse

How do you restrict background data for "some" apps in Android?
 
an0n981

an0n981

Senior Member
Jul 27, 2013
1,487
967
Anderson2 said:
So, to the obvious question, what is a firewall that is open source, blocks both foreground and background, is for rooted devices, and preferably (but not necessarily) is free?

I used to use Avast's mobile app which worked very well but was not open source.

---------- Post added at 08:48 PM ---------- Previous post was at 08:45 PM ----------



How do you restrict background data for an app in Android?
Click to expand...
Click to collapse

See the check box in the pic that says 'Restrict background data'? Settings - Data usage - select the app you want to restrict
 
  • Like
Reactions: Anderson2
A

Anderson2

Senior Member
Feb 25, 2012
1,042
90
an0n981 said:
See the check box in the pic that says 'Restrict background data'? Settings - Data usage - select the app you want to restrict
Click to expand...
Click to collapse

Thank you. Not that I'm an expert but it seems meaningless for a firewall to block foreground communication and allow an app to communicate in the background all it wants. Maybe I'm missing something. I always thought security or privacy is only as good as its weakest link, and a firewall that doesn't control background communication seems to have a very large weak link.

In Settings - Data usage, not all installed apps are listed. Does that mean apps that don't appear don't communicate in the background??

Back to my question: is there an android firewall that controls both foreground and background communication?
 
an0n981

an0n981

Senior Member
Jul 27, 2013
1,487
967
ukanth

ukanth

Recognized Developer
Nov 30, 2010
1,543
5,412
Nexus 7 (2013)
OnePlus X
Magissia said:
Wait, since when the firewall doesn't block background data? Why?

Regards
Click to expand...
Click to collapse
Ok, lets put an end to this discussion. First of all "iptables" implementation works at kernel level to block packets regardless of foreground/background. If you restrict an application in AFWall+ will block the app by configuring the iptables rules including "background activity".

The feature the user wants is to separate this two out. Allow the application in AFWall+, but restrict the background data. Currently AFWall+ or any firewall which works on top of iptables doesn't support this.

I'll see how possible is this to implement. I doubt there are enough API's to deal with foreground/background of given application. Also will see how difficult to apply rules when an app goes foreground/background.
 
  • Like
Reactions: Ultramanoid, leechseed, JerryGNYC and 10 others
C

cernekee

Senior Member
Jun 2, 2013
186
427
ukanth said:
The feature the user wants is to separate this two out. Allow the application in AFWall+, but restrict the background data.
Click to expand...
Click to collapse

What isn't clear from the discussion is whether it is necessary to completely block the app's background data via iptables (because the application is not respecting these settings) or if they just want the application to be advised of whether it is OK to use background data.

As you mentioned, blocking via iptables would require much more frequent rule updates and may introduce latency, at least under the current design. Do we have an example of a rogue app which requires this sort of restriction?

Another option for preventing an app and associated services from running into the background is to Force Stop it before navigating to another app. On many ROMs this can be done by long-pressing the back button; it may need to be enabled in Developer Options. Long-press-back probably works best with "standalone" apps; I would not trust it to work with anything that has multiple components, like Google apps or OEM ROM customizations.
 
  • Like
Reactions: Ci-Fi
ukanth

ukanth

Recognized Developer
Nov 30, 2010
1,543
5,412
Nexus 7 (2013)
OnePlus X
cernekee said:
What isn't clear from the discussion is whether it is necessary to completely block the app's background data via iptables (because the application is not respecting these settings) or if they just want the application to be advised of whether it is OK to use background data.

As you mentioned, blocking via iptables would require much more frequent rule updates and may introduce latency, at least under the current design. Do we have an example of a rogue app which requires this sort of restriction?

Another option for preventing an app and associated services from running into the background is to Force Stop it before navigating to another app. On many ROMs this can be done by long-pressing the back button; it may need to be enabled in Developer Options. Long-press-back probably works best with "standalone" apps; I would not trust it to work with anything that has multiple components, like Google apps or OEM ROM customizations.
Click to expand...
Click to collapse
You are right. Introducing this using iptables will end up messing the user experience with latency. I was thinking of control it via code. But looks like that's not possible until you have the application with platform key.

http://stackoverflow.com/questions/...ation-background-data-usage-status-in-android

One possible here is to do the same via xposed framework. Possible to introduce it as a plugin to AFWall+, with changes to current design. But we should not do it, until the current one gets stable enough.

what's your thought ?
 
  • Like
Reactions: Ultramanoid and Ci-Fi
inunxelex

inunxelex

Senior Member
Mar 15, 2008
378
209
ADD proxy SOCK/HTTP features

please add proxy SOCK/HTTP features using redsock (http://darkk.net.ru/redsocks/), this module also used by sshtunnel(https://play.google.com/store/apps/details?id=org.sshtunnel) or proxydroid(https://play.google.com/store/apps/details?id=org.proxydroid) :good:

here is my custom scripts for running proxy script in afwall :D
cYUaj2k.png
 
  • Like
Reactions: Ci-Fi
You must log in or register to reply here.

Top Liked Posts

24 Hours 30 Days All time
  • 2
    rpgdev
    rpgdev
    grapo569 said:
    What is needed to be enabled to use Android Auto in my car?
    Click to expand...
    Click to collapse
    I had to enable traffic for a bunch of XIAOMI system "apps" (they bundle a bunch of apps together so that you don't disable them) that disabled network if they didn't phone home successfully after a couple of minutes. Never buying anything from that underhanded manufacturer EVER AGAIN.
    View
    1
    nacos
    nacos
    grapo569 said:
    What is needed to be enabled to use Android Auto in my car?
    Click to expand...
    Click to collapse
    I'm not sure what you're asking, but AFWall is meant to block traffic based on certain rules. Why would you want to use AFWall in order to enable AA? Are you rooted? Custom ROM? What's your environment? Are you currently able to use AA in your car?
    View
    1
    IronTechmonkey
    IronTechmonkey
    nacos said:
    I'm not sure what you're asking, but AFWall is meant to block traffic based on certain rules. Why would you want to use AFWall in order to enable AA? Are you rooted? Custom ROM? What's your environment? Are you currently able to use AA in your car?
    Click to expand...
    Click to collapse

    Perhaps they are having trouble using Android auto with the Firewall, e.g., maybe AFwall is blocking Android Auto.

    +1 to your question/suggestion about whether or not Android Auto works okay when AFwall is not enabled.
    View
    1
    trevtdogg
    trevtdogg
    grapo569 said:
    What is needed to be enabled to use Android Auto in my car?
    Click to expand...
    Click to collapse
    this sounds like you are using afwall in whitelist mode (blocks everything, and you select what gets access)?

    if you run it in the recommended blacklist mode (allows everything, and you select what gets blocked) you should not have this issue - assuming you don't of course block android auto or some crucial system app.
    View
    1
    BlondeX
    BlondeX
    grapo569 said:
    What is needed to be enabled to use Android Auto in my car?
    Click to expand...
    Click to collapse
    What device you are using? OS and app version? What the default filtering mode? There's any logs while your device try to attempt any connection? More info please.
    View
  • 2
    rpgdev
    rpgdev
    grapo569 said:
    What is needed to be enabled to use Android Auto in my car?
    Click to expand...
    Click to collapse
    I had to enable traffic for a bunch of XIAOMI system "apps" (they bundle a bunch of apps together so that you don't disable them) that disabled network if they didn't phone home successfully after a couple of minutes. Never buying anything from that underhanded manufacturer EVER AGAIN.
    View
    1
    nacos
    nacos
    grapo569 said:
    What is needed to be enabled to use Android Auto in my car?
    Click to expand...
    Click to collapse
    I'm not sure what you're asking, but AFWall is meant to block traffic based on certain rules. Why would you want to use AFWall in order to enable AA? Are you rooted? Custom ROM? What's your environment? Are you currently able to use AA in your car?
    View
    1
    IronTechmonkey
    IronTechmonkey
    nacos said:
    I'm not sure what you're asking, but AFWall is meant to block traffic based on certain rules. Why would you want to use AFWall in order to enable AA? Are you rooted? Custom ROM? What's your environment? Are you currently able to use AA in your car?
    Click to expand...
    Click to collapse

    Perhaps they are having trouble using Android auto with the Firewall, e.g., maybe AFwall is blocking Android Auto.

    +1 to your question/suggestion about whether or not Android Auto works okay when AFwall is not enabled.
    View
    1
    trevtdogg
    trevtdogg
    grapo569 said:
    What is needed to be enabled to use Android Auto in my car?
    Click to expand...
    Click to collapse
    this sounds like you are using afwall in whitelist mode (blocks everything, and you select what gets access)?

    if you run it in the recommended blacklist mode (allows everything, and you select what gets blocked) you should not have this issue - assuming you don't of course block android auto or some crucial system app.
    View
    1
    BlondeX
    BlondeX
    grapo569 said:
    What is needed to be enabled to use Android Auto in my car?
    Click to expand...
    Click to collapse
    What device you are using? OS and app version? What the default filtering mode? There's any logs while your device try to attempt any connection? More info please.
    View
  • 404
    ukanth
    ukanth
    Welcome to official support page for AFWall+

    Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+
    Click to expand...
    Click to collapse

    Introduction
    AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
    discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.
    Click to expand...
    Click to collapse


    Features
    - Supports 5.x to 13.x
    - Import/Export Rules to external storage
    - Search Applications
    - Multiple Profiles with custom names
    - Tasker/Locale support
    - Select All/None/Invert/Clear applications with single click
    - Revamped Rules/Logs Viewer with copy/export to external storage
    - Ability to view the network interfaces
    - Highlight system applications with custom color
    - Notify on new installations
    - Ability to hide application icons( faster loading )
    - Use LockPattern for application protection.
    - Show/Hide application ID.
    - Roaming Control for 3G/Edge
    - VPN Control
    - LAN Control
    - Tether Control
    - IPV6 Control
    - Tor Control
    - Choose able languages
    - Choose able iptables/busybox binary
    - Supports MIPS/x86/ARM
    - DNS Hostname
    Click to expand...
    Click to collapse

    Changelog - See third Post
    Current Version - 3.6.0
    Click to expand...
    Click to collapse
    Free Version(3.6.0)
    Donate Version(3.6.0)
    Github(3.6.0)
    F-Droid(3.6.0)


    Unlocker(1.0.2)
    Click to expand...
    Click to collapse

    To get Unlocker without Google services - Please follow the instructions here
    Click to expand...
    Click to collapse

    AFWall+ BETA Program
    1) AFWall+ opt-in for beta program
    2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)
    Click to expand...
    Click to collapse

    Source Code/Wiki/FAQ
    AFWall+ is an free & opensource application
    Github
    Log an issue
    Frequently Asked Questions
    Many Thanks to @CHEF-KOCH
    Click to expand...
    Click to collapse

    Translations
    Translations - Please help me with translations in your language.
    http://crowdin.net/project/afwall
    Click to expand...
    Click to collapse

    Thanks To/Credits
    - German translations by chef@xda & user_99@xda & Gronkdalonka@xda
    - French translations by GermainZ@xda & Looki75@xda
    - Russian translations by Kirhe@xda & YaroslavKa78
    - Spanish translations by spezzino@crowdin
    - Dutch translations by DutchWaG@crowdin
    - Japanese translation by nnnn@crowdin
    - Ukrainian translation by andriykopanytsia@crowdin
    - Slovenian translation by bunga bunga@crowdin
    - Chinese Simplified translation by tianchaoren@crowdin
    - Polish translations by tst,Piotr Kowalski@crowdin
    - Swedish translations by CreepyLinguist@crowdin
    - Greek Translations by mpqo@crowdin
    - Portuguese translations by lemor2008@xda
    - Chinese Traditional by shiuan@crowdin
    - Chinese Simplified by wuwufei,tianchaoren @ crowdin
    - Italian translations by benzo@crowdin
    - Romanian tranlations by mysterys3by-facebook@crowdin
    - Czech translations by Syk3s
    Click to expand...
    Click to collapse

    Cheers,
    ukanth

    XDA:DevDB Information
    AFWall+ [ IPTables Firewall ], App for the Android General

    Contributors
    ukanth
    Source Code: https://github.com/ukanth/afwall


    Version Information
    Status:     Stable
    Current Stable Version: 3.5.3
    Stable Release Date: 2022-06-28
    Current Beta Version:     3.5.3
    Beta Release Date: 2022-06-28

    Created 2013-12-03
    Last Updated 2020-09-05
    View
    70
    ukanth
    ukanth
    Version 3.0.1

    * Fix: Status toggle widget 1x1
    * Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
    * Fix: Firewall error notification on oreo and above
    * Security: Tile toggle checks for password
    * User reported crashes
    * Updated translations

    Previous version 3.0.0

    Features:
    * Better support for nougat/oreo and pie.
    * Firewall toggle tile
    * Adaptive Icons
    * Notification channels
    * Tor support

    Bugs:
    * General bug fixes and crash reports.
    * Language selection bug
    * Filter selection bug
    * Compatible with magisk 17.x
    * Better handling of background process
    * Drops support for 4.x devices
    * Update languages
    * Updated libraries
    Click to expand...
    Click to collapse

    Complete Changelog

    https://github.com/ukanth/afwall/blob/stable/Changelog.md
    Click to expand...
    Click to collapse
    View
    41
    ukanth
    ukanth
    Hello All,

    After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.

    Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md

    This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.

    Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.

    BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=0
    View
    40
    ukanth
    ukanth
    Hello everyone,

    I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.

    Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.

    I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.

    Thanks again and have a great day.
    View
    35
    ukanth
    ukanth
    Hello everyone,

    I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here

    https://github.com/ukanth/afwall/releases/tag/v3.1.0

    Thank you all for your continuous support in AFWall+ development.
    View

New posts