FORUMS

[5.0+][ROOT][3.4.0] AFWall+ IPTables Firewall [9 FEB 2020]

1,465 posts
Thanks Meter: 5,039
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
15th February 2017, 09:35 AM |#3651  
Primokorn's Avatar
Recognized Contributor / Themer
Thanks Meter: 7,724
 
More
Awesome update!

1/ [Feature request] A timeout before requesting the security PIN/fingerprint would be appreciated
2/ [Bug] Importing rules doesn't work for some UIDs: system apps like GPS 1021, Media server 1013, Media storage 10009.... and my user app Firefox 10153 (not related to this beta release)
3/ [Bug] Cloning a profile doesn't work (Profiles Preferences > Manager profiles > Hold on a profile > Select 'Clone'. Nothing happens).
4/ [Feature request] Option to automatically resolve destination and source
5/ [Feature request] Notification on Internet access
6/ [Feature request] View all logs (allowed/denied)
7/ No issue with su requests
8/ [Bug] I have denied connections for UID 1000 while it should be allowed.
9/ [Bug] We shouldn't see a password field while using the fingerprint (see screenshot)

IPv4rules.log

On a side note could you please use ?dl=1 instead of ?dl=0 at the end of your dropbox links?

EDIT @ukanth
I think iptables rules aren't always correctly applied after a reboot. Sometimes my VPN works at boot but sometimes I have to open AFWall+ and apply the rules. 2-3s later, my VPN connection works.
I don't have a PC atm to record a log. Please let me know if you need one.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20170215-092610.png
Views:	210
Size:	28.0 KB
ID:	4042077  
The Following 2 Users Say Thank You to Primokorn For This Useful Post: [ View ] Gift Primokorn Ad-Free
15th February 2017, 04:15 PM |#3652  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 5,039
 
Donate to Me
More
Quote:
Originally Posted by Primokorn

Awesome update!

1/ [Feature request] A timeout before requesting the security PIN/fingerprint would be appreciated
2/ [Bug] Importing rules doesn't work for some UIDs: system apps like GPS 1021, Media server 1013, Media storage 10009.... and my user app Firefox 10153 (not related to this beta release)
3/ [Bug] Cloning a profile doesn't work (Profiles Preferences > Manager profiles > Hold on a profile > Select 'Clone'. Nothing happens).
4/ [Feature request] Option to automatically resolve destination and source
5/ [Feature request] Notification on Internet access
6/ [Feature request] View all logs (allowed/denied)
7/ No issue with su requests
8/ [Bug] I have denied connections for UID 1000 while it should be allowed.
9/ [Bug] We shouldn't see a password field while using the fingerprint (see screenshot)

IPv4rules.log

On a side note could you please use ?dl=1 instead of ?dl=0 at the end of your dropbox links?

EDIT @ukanth
I think iptables rules aren't always correctly applied after a reboot. Sometimes my VPN works at boot but sometimes I have to open AFWall+ and apply the rules. 2-3s later, my VPN connection works.
I don't have a PC atm to record a log. Please let me know if you need one.

@Primokorn, This is reported by multiple people (boot rules doesn't apply) . It would be great if you could get me the logs and iptables rules before you apply again.

or you can test this and let me know ( only boot rules apply issue )

https://www.dropbox.com/s/6vv6017sdf...EST-3.apk?dl=1
The Following 2 Users Say Thank You to ukanth For This Useful Post: [ View ]
16th February 2017, 08:50 AM |#3653  
Primokorn's Avatar
Recognized Contributor / Themer
Thanks Meter: 7,724
 
More
Quote:
Originally Posted by ukanth

@Primokorn, This is reported by multiple people (boot rules doesn't apply) . It would be great if you could get me the logs and iptables rules before you apply again.

or you can test this and let me know ( only boot rules apply issue )

https://www.dropbox.com/s/6vv6017sdf...EST-3.apk?dl=1

Sorry but I can't record a log for now. I need a PC because AFWall+ is launched before starting MatLog app.
I've just installed the 3rd test apk and no issue after 3 reboots. I'll keep trying in the coming hours and report back if the problem occurs again.
The Following 3 Users Say Thank You to Primokorn For This Useful Post: [ View ] Gift Primokorn Ad-Free
17th February 2017, 02:38 AM |#3654  
Senior Member
Flag Chicago
Thanks Meter: 327
 
More
I installed AFWall on a the tablet, which is receiving its internet from my phone via bluetooth tethering. Problem is it doesn't seem to block any programs while the tablet is tethered to my phone.

Is there any way to make this work?
17th February 2017, 04:21 AM |#3655  
IronTechmonkey's Avatar
Recognized Contributor
Thanks Meter: 8,815
 
More
Quote:
Originally Posted by gustden

I installed AFWall on a the tablet, which is receiving its internet from my phone via bluetooth tethering. Problem is it doesn't seem to block any programs while the tablet is tethered to my phone.

Is there any way to make this work?

Just an idea, and perhaps a long shot, but maybe it wants to treat that connection as LAN instead of mobile data. You could try enabling "Active rules" - "LAN control". Coincidentally there are some recent descriptions about the LAN Control setting in the thread because it was being tested.

[EDIT] Having done some research I see it may be more complicated than that. In any event you might consider checking out the AFwall+ FAQ linked in OP in regards to Bluetooth, and you may find other references in the thread.

[EDIT2] I've never used bluetooth tethering with the Afwall+ before and am on the learning curve, but just tested and, to your point the firewall controls on the device that is borrowing the internet connection do not seem to be used.

[EDIT3] OK, From what I've found (which you can also find by searching this thread for bluetooth) this may not be possible. Other references in the thread only seem to describe how to enable any connectivity from the device that is lending the internet connection rather than individual app control at the device that is borrowing the internet connection.

@ukanth: While testing the above I noticed a glitch in the UI. Apologies if this has been reported before. On both CM12.1 and Lineage 14.1, when I open Afwall+ the "default" profile is incorrectly shown in the profile field in the main UI while the actual active profile is displayed in notification shade. This seems to have no ill effect on blocking and the visual can be fixed by switching profiles once or twice.
The Following 3 Users Say Thank You to IronTechmonkey For This Useful Post: [ View ] Gift IronTechmonkey Ad-Free
17th February 2017, 11:14 AM |#3656  
Senior Member
Flag Chicago
Thanks Meter: 327
 
More
Quote:
Originally Posted by IronTechmonkey

[EDIT3] OK, From what I've found (which you can also find by searching this thread for bluetooth) this may not be possible. Other references in the thread only seem to describe how to enable any connectivity from the device that is lending the internet connection rather than individual app control at the device that is borrowing the internet connection.

I had already done quite a bit of searching, and all I could find was where the phone was providing the BT tether. For now, I am going to assume what I am wanting to do, is simply not possible with AFWall. There are only a few applications I want to block, so I may take the rules generated by AFWall, hand edit, and have tasker apply the script when connected by BT. Kind of ugly, but it might work. Thanks for looking into this!
The Following User Says Thank You to gustden For This Useful Post: [ View ] Gift gustden Ad-Free
17th February 2017, 07:25 PM |#3657  
IronTechmonkey's Avatar
Recognized Contributor
Thanks Meter: 8,815
 
More
Quote:
Originally Posted by gustden

I had already done quite a bit of searching, and all I could find was where the phone was providing the BT tether. For now, I am going to assume what I am wanting to do, is simply not possible with AFWall. There are only a few applications I want to block, so I may take the rules generated by AFWall, hand edit, and have tasker apply the script when connected by BT. Kind of ugly, but it might work. Thanks for looking into this!

That's a clever idea. Even though I dont use Bluetooth for tethering I (and probably others) would be interested in knowing if it works.
18th February 2017, 06:31 AM |#3658  
Senior Member
Thanks Meter: 222
 
More
Quote:
Originally Posted by ukanth

@Primokorn, This is reported by multiple people (boot rules doesn't apply) . It would be great if you could get me the logs and iptables rules before you apply again.

or you can test this and let me know ( only boot rules apply issue )

https://www.dropbox.com/s/6vv6017sdf...EST-3.apk?dl=1

The security lock does not work as it should ,after setting a password I leave the app and re-open the app does not ask for the password.On a device without fingerprint sensor.Lineage14.1.
The Following User Says Thank You to custon3 For This Useful Post: [ View ] Gift custon3 Ad-Free
18th February 2017, 08:35 AM |#3659  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 5,039
 
Donate to Me
More
Quote:
Originally Posted by custon3

The security lock does not work as it should ,after setting a password I leave the app and re-open the app does not ask for the password.On a device without fingerprint sensor.Lineage14.1.

Thanks for testing it, I will fix it.
The Following 3 Users Say Thank You to ukanth For This Useful Post: [ View ]
22nd February 2017, 06:17 PM |#3660  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 5,039
 
Donate to Me
More
Thanks everyone for your help and support. I have released v2.9.2 to playstore today. It might take few min/hours to roll out. There is been lot of work put in this version. I have spent lot of time testing it on various devices with various superuser programs and android versions

Full changelog -> https://github.com/ukanth/afwall/blob/beta/Changelog.md

Thanks !
The Following 29 Users Say Thank You to ukanth For This Useful Post: [ View ]
23rd February 2017, 11:44 AM |#3661  
Account currently disabled
Thanks Meter: 50
 
More
Thank you for the new version.

Perhaps it was overlooked: disabling device security protection doesn't ask for security.
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes