Something like Wireshark should confirm or refute but if I were to guess (and it's strictly a guess) then it's some type of handshake protocol involved in establishing the connection.
[5.0+][ROOT][3.6.0] AFWall+ IPTables Firewall [28 AUG 2023]
- Thread starter ukanth
- Start date
I've used paid AFWall+ for years but i was recently asked a question I did not know how to answer.
AFWall+ blocks internet access to the selected apps. But what about the apps calling home via the phone's carrier data plan? Like T-Mobile or Verizon. Does that bypass the firewall security AFwall provides?
Thanks.
AFWall+ blocks internet access to the selected apps. But what about the apps calling home via the phone's carrier data plan? Like T-Mobile or Verizon. Does that bypass the firewall security AFwall provides?
Thanks.
L
ladano
Guest
Thanks!
I think you were completely right. Connections with the router. Like this:
21:18:43.503180 ARP, Request who-has router.movistar tell 192.168.8.102, length 28
Thank u very much for the information.
AFWall has two (or more) columns of check boxes next to each app. Depending on your preferences they will allow it deny access. One column is for WiFi and the other for carrier data.
The short answer is that AFWall can block carrier data if you set it that way.
Block if you set it that way? My understanding is everything is blocked by default.
I still personally don't get why this has two options allow selected and block selected...
Just leave the default setting "allow selected" marked, then just check what you want allowed, and leave everything else unchecked and they are blocked...
I suspect your understanding is not complete. I'll point you in the right direction but you need to do your own reading and testing.
When you load AFWall you should see a screen like the first image below. Note where the red arrow is pointing.
If you tap the indicated icon you will get a drop-down (see second picture) which lets you select (define) if you want the checked/selected apps to be allowed on the internet or denied. Note that my image is showing that I wish to allow only those apps on the internet which have a checkmark. I can place a check-mark in one or both boxes (e.g. I might want an app to have internet access only on WiFi)
As for why use allow or blocked.. that one is up to the person using it. One person might want to let all installed apps on the internet except those specifically blocked. Less tedious if one is concerned with only one or two apps. Another person might want to block anything installed unless specifically allowed out (checked). More work but likely a bit safer. Choices...
There are a lot of option you might explore in AFWall. Good luck with your experiments.
Attachments
Last edited:
The two options exist in order to allow for different use cases.
The main reasons for using "allow selected" are probably security and privacy. People who don't want any app they install to just hand out their personal data over the internet will block everything except for specific apps they trust.
The main reasons for using "block selected" are probably related to convenience and data usage. For example, someone might not mind if all apps can access the internet, but maybe some specific app is causing large data usage and he would rather block it whenever not on wifi without messing with the internet access of every other app installed.
Hello, I'm seeing a new drawer/launcher icon (shield became yellow) for Afwall+(donate).
Is it the adaptive icon style?
I'm on Marshmallow though, and I'd like to switch back to the classic Afwall+Donate icon.
(searched for new icon/adaptive icons but could not find anything useful in the thread)
Is it the adaptive icon style?
I'm on Marshmallow though, and I'd like to switch back to the classic Afwall+Donate icon.
(searched for new icon/adaptive icons but could not find anything useful in the thread)
I understand all of this already...
Coming from a Linux background with iptables, the concept is odd is all...
Typically in Linux you don't write rules like this, everything is blocked by default and you simply allow what you want, that's all...
Anyhow to each his own...
Last edited:
Coming from a Linux background with iptables, the concept is odd is all...
Typically in Linux you don't write rules like this, everything is blocked by default and you simply allow what you want, that's all...
Anyhow to each his own...
Quite the opposite. If you are coming from Linux iptables background, you should feel right at home. The discussed matches exactly the default policy you set to each built-in chain, either allow or deny (drop) anything not matching any rule.
The words here I'm conveying is Typical or Common...
It is not Typical or Common in Unix/Linux to write rules where you are blocking less and allowing more, that was the discussion going on.
The Typical or Common in Unix/Linux is to block more and allow less, but of course in Unix/Linux you can create rules to do anything.
If you look at the majority of end-users and have worked in the field of IT, either on a small end-user scale or even big business scale, you'll see that the majority of apps is less then the system apps, that is true in any computer OS and Android.
The majority do not have more user-applications vs system-applications, they are a minority.
I'm not arguing, or saying there's not a need, but that need is going to be very limited.
I have a pretty stripped down system, I even debloated it for microG and I still have 31 system apps.
So when you compare the amount of system apps vs installed user-apps the majority of end-users would have to block a lot more system apps if they used the "Block Selected" approach, that's all.
Let's not keep arguing this OFF TOPIC, the point is anything is possible, no one is arguing that. I'm only pointing out that the "Block Selected" approach is not an approach the Majority of End-Users will take, that is all, nothing more or less...
P.S. Sorry for the OFF TOPIC!
Last edited:
Well, that is what your logical argument within the discussion morphed into after the first point you made was not well received; That you see little or no value to a "block selected" option in Adaway - https://xdaforums.com/showpost.php?p=78064987&postcount=4918
Limited within your usage case (which is similar to mine) but not within other usage cases which you don't seem to be considering; Those being:
- End users who wont bother blocking anything unless it is easy to do.
- People who want to block a known offender app or an app they are testing but specifically desire to not block or are not allowed to block the rest of the system.
You seem to be assuming the same usage scenarios and level of technical knowledge and willingness for all usage cases, 2 of which are described in the dashed lines above. The decision about whether to use “allow selected” or “block selected” does not have to do specifically with the ratio of system apps to user apps; It has to do with the statistical likelihood that people who are not system administrators or tech savy will bother to block anything. Additionally, there are those who might have no choice but to block individual apps via “block selected”.
No no, you don't get to declare cessation of discussion as off topic after you initially posed this as a comment about an Adway feature and then closed on a summarily inaccurate statement (next quoted section).
I'm only pointing out that the "Block Selected" approach is not an approach the Majority of End-Users will take, that is all, nothing more or less...
That is diametrically incorrect. Most end users would be much more likely to use "block selected" to block a few known offending apps than they would be to learn all the apps and services on the device so they could use "allow selected". Remember - the universe of users in this thread leans towards the tech savy side moreso than the universe of Afwall+ users. Yours and my devices may be more secure due to our use of “allow selected” but the Android (and general device universe) is more secure due to the use of “block selected” where nothing would otherwise be blocked.
Last edited:
I did not say "...is more secure due to the use of “block selected”. I said "...is more secure do to the use of “block selected” where nothing would otherwise be blocked". There is a critical distinction therein which you lost in your reply as you have seemingly also lost input from others. In any event this is covered in mine and other previous replies to you so no need to rehash. There may be a need though for you to actually receive the knowledge that has been shared (noting that receiving and acknowledging is different from agreeing).
Listen, I understand all of this, no need to explain it...
I don't even know if we are talking on the same subject when you mention Blocked, because everything is already Blocked by default in AFWall+.
It's greatly appreciated that you stop acting like the Forum Police or the Voice of the Community, when you don't know what is going on, as to why these so called not received replies from anyone... So let's please knock off these assumptions... Thanks
You're not paying attention to my replies, which I stated, that I was only talking about what is Typical and Common usage in Firewalls, that's all.
Think about it like this, should we teach people one way in Android and teach them another way in a Firewall in Windows or OSX?
People in Windows and OSX who make up the majority of end-users out there in the World and on this forum, do not block everything, and then allow, when the firewall is already blocking for them. They simply look at the apps they understand, which are the typical apps in the system they understand, like the browser, media player, skype, etc. and allow or block those...
Now are we saying this is not how the majority of end-users use Firewalls?
P.S. I'm done for the respect of the OP...
Well said... Thanks
Last edited:
Please, guys, let's swallow our pride and stop this. No one has to have the last word... except the OP.
If I had any pride I would have never engaged with such a discussion :silly:
Thanks for the reminder.
Hey now, no need for snark just because no one replied directly to you yet (although I may have earned some for my part in previous "discussion"). Anyhow...FWIW, even while that other stuff was going on I was checking icons based on your post. IDK how new the yellow bordered icons are but they are the same as the icons shown for the 2 variants of the unlocker at Playstore, and I also prefer the older one but might try using my Launcher to change icon if at all. Either way, thanks for the tip.
Last edited by a moderator:
Perhaps it would be better at this point to "let sleeping dogs lie".
Last edited by a moderator:
Recent off-topic posts have been removed. Let's try to keep it on-topic.
How do i block a specific app to access internet using tasker. Not by using profiles & all rules inside it. But by directly adding a single rule. For instance block Instagram.
Top Liked Posts
-
1I was intrigued by this as I automatically whitelist Android Auto for wifi and mibile data - wifi to talk to the head unit in the car and data to pull maps info etc. This article seems to suggest that my thinking is/was correct but who knows. When I get time I might have a play...
-
2
I had to enable traffic for a bunch of XIAOMI system "apps" (they bundle a bunch of apps together so that you don't disable them) that disabled network if they didn't phone home successfully after a couple of minutes. Never buying anything from that underhanded manufacturer EVER AGAIN.1
I'm not sure what you're asking, but AFWall is meant to block traffic based on certain rules. Why would you want to use AFWall in order to enable AA? Are you rooted? Custom ROM? What's your environment? Are you currently able to use AA in your car?1
Perhaps they are having trouble using Android auto with the Firewall, e.g., maybe AFwall is blocking Android Auto.
+1 to your question/suggestion about whether or not Android Auto works okay when AFwall is not enabled.1
this sounds like you are using afwall in whitelist mode (blocks everything, and you select what gets access)?
if you run it in the recommended blacklist mode (allows everything, and you select what gets blocked) you should not have this issue - assuming you don't of course block android auto or some crucial system app.1
What device you are using? OS and app version? What the default filtering mode? There's any logs while your device try to attempt any connection? More info please. -
404Welcome to official support page for AFWall+
Introduction
Features
Changelog - See third Post
AFWall+ BETA Program
Source Code/Wiki/FAQ
Translations
Thanks To/Credits
Cheers,
ukanth
XDA:DevDB Information
AFWall+ [ IPTables Firewall ], App for the Android General
Contributors
ukanth
Source Code: https://github.com/ukanth/afwall
Version Information
Status: Stable
Current Stable Version: 3.5.3
Stable Release Date: 2022-06-28
Current Beta Version: 3.5.3
Beta Release Date: 2022-06-28
Created 2013-12-03
Last Updated 2020-09-0541Hello All,
After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.
Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md
This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.
Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.
BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=040Hello everyone,
I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.
Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.
I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.
Thanks again and have a great day.35Hello everyone,
I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here
https://github.com/ukanth/afwall/releases/tag/v3.1.0
Thank you all for your continuous support in AFWall+ development.
