FORUMS

[5.0+][ROOT][3.4.0] AFWall+ IPTables Firewall [9 FEB 2020]

1,465 posts
Thanks Meter: 5,039
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
14th February 2019, 08:26 PM |#5231  
Recognized Contributor
Thanks Meter: 3,556
 
More
Quote:
Originally Posted by J4jks

With only startup script enabled, afwall+ disabled but after reboot , no app is able to access internet.
It happened earlier too.
Only way get internet access is uninstall Afwall+.

Unfortunately I don't have logs when this happened.

You don't have to uninstall AFWall+
Simply go into preferences and disable the startup script (or go to /data/adb/service.d/ and delete the afwallstart script, which accomplishes the same thing)

You would have to either reboot again, or you could manually flush the iptables rules. Simplest way is to run, as root
Code:
iptables -F
ip6tables -F
If you flush the iptables rules you don't even need to remove the script, but then you'll have the same issue if you reboot.
The Following 3 Users Say Thank You to jcmm11 For This Useful Post: [ View ] Gift jcmm11 Ad-Free
16th February 2019, 04:23 AM |#5232  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 5,039
 
Donate to Me
More
Hello everyone,

I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here

https://github.com/ukanth/afwall/releases/tag/v3.1.0

Thank you all for your continuous support in AFWall+ development.
The Following 35 Users Say Thank You to ukanth For This Useful Post: [ View ]
16th February 2019, 08:52 AM |#5233  
jaydee 77's Avatar
Senior Member
Thanks Meter: 418
 
More
Quote:
Originally Posted by ukanth

Thank you all for your continuous support in AFWall+ development.

Thank us? No, thank you!
The Following 5 Users Say Thank You to jaydee 77 For This Useful Post: [ View ] Gift jaydee 77 Ad-Free
16th February 2019, 09:39 PM |#5234  
Senior Member
Thanks Meter: 61
 
More
Quote:
Originally Posted by ukanth

@Spinvis, Thanks ! will check it.

After playing with the rules a bit more I noticed the following in whitelist mode. If I select "Any app, UID -10" and hit apply to allow traffic, that afterwards I still have an internet connection, as opposed to selecting all the apps and applying those rules to allow traffic.

Here is the log.

Below are the ipv4rules.

Hopefully it'll contain some insight into this.
Attached Files
File Type: log IPv4rules.log - [Click for QR Code] (38.4 KB, 4 views)
16th February 2019, 10:34 PM |#5235  
Senior Member
Thanks Meter: 405
 
More
I only access AFWall+ when I install some new app or update but I was exploring its settings and noticed that I can't seem to access the full ipv6 controls. (See attached image).
Is this normal?
Why are the ipv6 INPUT/OUTPUT controls grayed out?
Thanks.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20190216-182441.png
Views:	276
Size:	167.2 KB
ID:	4706782  
17th February 2019, 05:49 AM |#5236  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 5,039
 
Donate to Me
More
Quote:
Originally Posted by Spinvis

After playing with the rules a bit more I noticed the following in whitelist mode. If I select "Any app, UID -10" and hit apply to allow traffic, that afterwards I still have an internet connection, as opposed to selecting all the apps and applying those rules to allow traffic.

Here is the log.

Below are the ipv4rules.

Hopefully it'll contain some insight into this.

Try enable ipv6
The Following User Says Thank You to ukanth For This Useful Post: [ View ]
17th February 2019, 05:50 AM |#5237  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 5,039
 
Donate to Me
More
Quote:
Originally Posted by maybeme2

I only access AFWall+ when I install some new app or update but I was exploring its settings and noticed that I can't seem to access the full ipv6 controls. (See attached image).
Is this normal?
Why are the ipv6 INPUT/OUTPUT controls grayed out?
Thanks.

Either you apply ipv6 for all applications or just control the chains (block/allow) for default chains. It's recommended to enable ipv6.
The Following 2 Users Say Thank You to ukanth For This Useful Post: [ View ]
17th February 2019, 08:50 PM |#5238  
Senior Member
Thanks Meter: 61
 
More
Quote:
Originally Posted by ukanth

Try enable ipv6

Just tested this, results are the same unfortunately.
18th February 2019, 01:42 AM |#5239  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 5,039
 
Donate to Me
More
Quote:
Originally Posted by Spinvis

Just tested this, results are the same unfortunately.

I didn't pay attention on your first question. Are you saying you have selected "any app" ?

any app == allowing all applications. That's useful when you are using profiles/tasker to switch to unrestricted mode.
The Following 2 Users Say Thank You to ukanth For This Useful Post: [ View ]
18th February 2019, 09:14 AM |#5240  
Senior Member
Thanks Meter: 61
 
More
Quote:
Originally Posted by ukanth

I didn't pay attention on your first question. Are you saying you have selected "any app" ?

any app == allowing all applications. That's useful when you are using profiles/tasker to switch to unrestricted mode.

Correct, what I've tried so far;
  • Enable IPv6 = no change, no internet access.
  • Use built-in/system BusyBox/iptables = no change, no internet access.
  • Allow internet access for every app and service = no change, no internet access.
  • Allow "Any app" = actually works, got internet access.
  • Use blacklist instead of whitelist = works, got internet access.

I'm mostly surprised by the difference in results between selecting all the applications, compared to to the "Any apps". Also seeing the results of blacklist, my suspicion is that something get blocked using whitelist, which is allowed by selecting the "Any apps", and it's allowed by default using the blacklist.

This is on Pie, OnePlus 5. Tried latest custom ROMs; CNP (Nitrogen), Omni (Treskmod). Using Magisk 18.1. Latest AFWall. Never had this issue on Oreo.
18th February 2019, 09:24 AM |#5241  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 5,039
 
Donate to Me
More
Quote:
Originally Posted by Spinvis

Correct, what I've tried so far;

  • Enable IPv6 = no change, no internet access.
  • Use built-in/system BusyBox/iptables = no change, no internet access.
  • Allow internet access for every app and service = no change, no internet access.
  • Allow "Any app" = actually works, got internet access.
  • Use blacklist instead of whitelist = works, got internet access.

I'm mostly surprised by the difference in results between selecting all the applications, compared to to the "Any apps". Also seeing the results of blacklist, my suspicion is that something get blocked using whitelist, which is allowed by selecting the "Any apps", and it's allowed by default using the blacklist.

This is on Pie, OnePlus 5. Tried latest custom ROMs; CNP (Nitrogen), Omni (Treskmod). Using Magisk 18.1. Latest AFWall. Never had this issue on Oreo.

If you face issues in Pie whitelist mode, you need make sure you allow "Android system - UID 1000" to access internet. If you don't want to give access to uid 1000, then you need to disable captive portal using adb. Have you given access to uid 1000 and still unable to access internet ?
The Following User Says Thank You to ukanth For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes