though it is a frequently asked and most probably frequently answered question, I would like to open the following request again:
Please support wildcards in the filter rules!
I don't really know if this has been discussed. I've searched this thread but have not thoroughly scoured the eleven thousand posts.
EDIT: I've discovered it's only DNS that is not allowed to pass. I've edited this post extensively.
- Andriod 10 (Pixel 3a, fully up to date)
- NetGuard 2.274 (Latest release from github, 2020-03-04, everything unlocked with a donation.)
- NetGuard is active
- Filtering is enabled, using the default hosts list.
- LTE connection is active (Google Fi is my provider)
- NetGuard should filter and route traffic over my LTE data connection.
All traffic is blocked.
- DNS traffic is blocked. (I can still ping 184.108.40.206 and 220.127.116.11 just fine, but non-cached hostnames do not resolve.)
Workarounds to recover connectivity:
1. Turn NetGuard off and then back on again. - Result: Works properly over cell data.
1. Disable NetGuard. Traffic is allowed again, and nothing is filtered of course.
2. Disable Filtering. App restrictions are still in place but hostname filtering is not enabled.
3. Reconnect to WiFi. Result: filtering and app restrictions both work properly over WiFi.
- uninstalled the app
- rebooted phone
- installed github release 2.274 (did not bother with the challenge response just yet)
- rebooted phone
- downloaded hosts list
- enabled filtering
- did not yet enable NetGuard
- rebooted phone again
- enabled NetGuard.
- disabled battery optimization for NetGuard as prompted.
- did not change any other settings in NetGuard or in Android.
- I rebooted the phone with WiFi connected, once with and once without NetGuard active.
- in all cases, using cell data with NetGuard active and filtering causes total blockage of DNS service.
- with filtering disabled, cell data is fully working.
- EDIT: I have tried version 2.270 stable from github with the same results as above. (Will attempt the previous stable version as well. I'm completely reconfiguring each time, not reloading a saved settings file.)
Has anyone else run into this?
Are there any solutions?
Thanks much to anyone who has a clue about this!
Further edits as I investigate
- I switched "Private DNS" in the Android network configuration from "Automatic" to "Off" with no effect.
- In Settings > Advanced Options, I input values for VPN DNS (18.104.22.168 and 22.214.171.124)
---> This allows DNS to function over the cell data network.
... But it also disables my home DNS server for accessing local resources.
SORT OF SOLVED
Since I don't want to treat my very common private IP address as a DNS server on other networks, I've configured an uncommon private address on my home network (think of something like 172.29.35.217). It's not impossible but it is unlikely this address will host a DNS server on other wifi networks I connect to. (In that case I'll usually be using an actual VPN anyway.)
Then for NetGuard, I configure the VPN DNS addresses as such, with my personal obscure DNS server first for when I'm at home, then the public one second.
- VPN DNS: 172.29.35.217
- VPN DNS: 126.96.36.199
- While at home, everything appears to be working fine. I'm resolving local and internet names.
- While on LTE, lookups occasionally take a little extra time as my "primary" private DNS server is unreachable. Multiple subsequent lookups for uncached names have been pretty speedy.
Allow NetGuard to pick VPN DNS servers based on the connection. This should include the ability to have the defaults, as they are now, as well as being able to set specific DNS servers based on which "saved network" is currently connected. I'd be totally fine with this being a Pro feature.
I hope this post can be found by others who experience the same issues, and furthermore hope it can be helpful as a guide to a workable way around the limitations of NetGuard. If M66B or anyone has other ideas for a more robust way to resolve both private and public names, I'm definitely all ears.
Can't figure out how to manually whitelist a hostname.
Instead I must manually download the hosts file, search, and remove the hostname, then apply the host file manually. I have to do this each time I want to update the hosts file. (Also, try going to the URL for the host file, and you don't get the host file, you get redirected to a .md page on github, so you have to use wget or curl, which are unavailable in unrooted Android!!!)
Please observe this example...
- Both of these resolve to the same address
- Only history.google.com appears in YouTube's access history in NetGuard, and I've marked it as always allow.
- NetGuard is still blocking s.youtube.com but not showing it.
- It does appear in Settings > Advanced Options > Show resolved addresses.
- I believe it's not showing it in the list for YouTube because it's already showing history.google.com which has the same IP address.
1. Feature request: manual global whitelist
2. Feature request: manual per-app whitelist
3. Bug report: logging fails on a blocked hostname when unblocked name resolving to the same IP address is also logged (accessed first?)
If anyone has some other ideas please let me know.
I'd love to be able to run a script that downloads the file (somehow in an Android terminal) then runs a SED command on it to remove that line. Usually it's the second of those that poses the challenge. I'm not used to having an unrooted phone.
EDIT: I've put together a Tasker task.
Downloads the hosts file (action: Net / HTTP Request)
Calls a script (action: Code / Run Shell)
. copies the file to a new one with the date in the name
. calls sed to comment out the offending line
. calls grep to output the edited line (sanity check)
Flashes the script output to let me know it's correctly done.
Then I can just manually import that file in NetGuard.
Still, this is a really long way around just to remove a blocked host.
If anyone is interested in the files, I can export the task and paste the script.
Probably unrelated, I got some other odd behavior in the midst of working on this. Hangouts determined that it was no longer online. Stopping NetGuard put it back online, but then restarting NetGuard took Hangouts back offline. A reboot with NetGuard disabled allowed Hangouts to have its connection, which I only tested after re-enabling Netguard. (I wanted to make sure no DNS was getting cached before testing, even though that didn't seem to matter before.)
|Thread Tools||Search this Thread|