[5.0+][ROOT][3.6.0] AFWall+ IPTables Firewall [28 AUG 2023]

Search This thread
By:
Advanced…
S

Spinvis

Senior Member
May 24, 2012
154
61
ukanth said:
@Spinvis, Thanks ! will check it.
Click to expand...
Click to collapse

After playing with the rules a bit more I noticed the following in whitelist mode. If I select "Any app, UID -10" and hit apply to allow traffic, that afterwards I still have an internet connection, as opposed to selecting all the apps and applying those rules to allow traffic.

Here is the log.

Below are the ipv4rules.

Hopefully it'll contain some insight into this.
 

Attachments

  • IPv4rules.log
    38.4 KB · Views: 12
M

maybeme2

Senior Member
Aug 28, 2015
2,336
750
Google Pixel 5
Moto G 5G
I only access AFWall+ when I install some new app or update but I was exploring its settings and noticed that I can't seem to access the full ipv6 controls. (See attached image).
Is this normal?
Why are the ipv6 INPUT/OUTPUT controls grayed out?
Thanks.
 

Attachments

  • Screenshot_20190216-182441.png
    Screenshot_20190216-182441.png
    167.2 KB · Views: 282
ukanth

ukanth

Recognized Developer
Nov 30, 2010
1,543
5,412
Nexus 7 (2013)
OnePlus X
Spinvis said:
After playing with the rules a bit more I noticed the following in whitelist mode. If I select "Any app, UID -10" and hit apply to allow traffic, that afterwards I still have an internet connection, as opposed to selecting all the apps and applying those rules to allow traffic.

Here is the log.

Below are the ipv4rules.

Hopefully it'll contain some insight into this.
Click to expand...
Click to collapse
Try enable ipv6
 
  • Like
Reactions: custon3
ukanth

ukanth

Recognized Developer
Nov 30, 2010
1,543
5,412
Nexus 7 (2013)
OnePlus X
maybeme2 said:
I only access AFWall+ when I install some new app or update but I was exploring its settings and noticed that I can't seem to access the full ipv6 controls. (See attached image).
Is this normal?
Why are the ipv6 INPUT/OUTPUT controls grayed out?
Thanks.
Click to expand...
Click to collapse
Either you apply ipv6 for all applications or just control the chains (block/allow) for default chains. It's recommended to enable ipv6.
 
  • Like
Reactions: custon3 and IronTechmonkey
S

Spinvis

Senior Member
May 24, 2012
154
61
ukanth said:
I didn't pay attention on your first question. Are you saying you have selected "any app" ?

any app == allowing all applications. That's useful when you are using profiles/tasker to switch to unrestricted mode.
Click to expand...
Click to collapse

Correct, what I've tried so far;

  • Enable IPv6 = no change, no internet access.
  • Use built-in/system BusyBox/iptables = no change, no internet access.
  • Allow internet access for every app and service = no change, no internet access.
  • Allow "Any app" = actually works, got internet access.
  • Use blacklist instead of whitelist = works, got internet access.

I'm mostly surprised by the difference in results between selecting all the applications, compared to to the "Any apps". Also seeing the results of blacklist, my suspicion is that something get blocked using whitelist, which is allowed by selecting the "Any apps", and it's allowed by default using the blacklist.

This is on Pie, OnePlus 5. Tried latest custom ROMs; CNP (Nitrogen), Omni (Treskmod). Using Magisk 18.1. Latest AFWall. Never had this issue on Oreo.
 
ukanth

ukanth

Recognized Developer
Nov 30, 2010
1,543
5,412
Nexus 7 (2013)
OnePlus X
Spinvis said:
Correct, what I've tried so far;

  • Enable IPv6 = no change, no internet access.
  • Use built-in/system BusyBox/iptables = no change, no internet access.
  • Allow internet access for every app and service = no change, no internet access.
  • Allow "Any app" = actually works, got internet access.
  • Use blacklist instead of whitelist = works, got internet access.

I'm mostly surprised by the difference in results between selecting all the applications, compared to to the "Any apps". Also seeing the results of blacklist, my suspicion is that something get blocked using whitelist, which is allowed by selecting the "Any apps", and it's allowed by default using the blacklist.

This is on Pie, OnePlus 5. Tried latest custom ROMs; CNP (Nitrogen), Omni (Treskmod). Using Magisk 18.1. Latest AFWall. Never had this issue on Oreo.
Click to expand...
Click to collapse
If you face issues in Pie whitelist mode, you need make sure you allow "Android system - UID 1000" to access internet. If you don't want to give access to uid 1000, then you need to disable captive portal using adb. Have you given access to uid 1000 and still unable to access internet ?
 
  • Like
Reactions: custon3
S

Spinvis

Senior Member
May 24, 2012
154
61
ukanth said:
If you face issues in Pie whitelist mode, you need make sure you allow "Android system - UID 1000" to access internet. If you don't want to give access to uid 1000, then you need to disable captive portal using adb. Have you given access to uid 1000 and still unable to access internet ?
Click to expand...
Click to collapse

Yes, it's allowed, every app and service is allowed.

Also see screenshot here from a previous reply
click

Like I said, it's a very strange issue, never had this on Oreo.

Seeing the results of blacklist, my suspicion is that something get blocked using whitelist, which is allowed by selecting the "Any apps", and it's allowed by default using the blacklist.
 
M

maybeme2

Senior Member
Aug 28, 2015
2,336
750
Google Pixel 5
Moto G 5G
ukanth said:
Either you apply ipv6 for all applications or just control the chains (block/allow) for default chains. It's recommended to enable ipv6.
Click to expand...
Click to collapse
Thank you.
I'm not sure I understand. If I have things as in the screenshot am I doing the "applying IPV6 for all apps"?
If I wanted to a block by app what should I do different?
Thank you.
 

Attachments

  • Screenshot_20190216-182441.png
    Screenshot_20190216-182441.png
    167.2 KB · Views: 248
ukanth

ukanth

Recognized Developer
Nov 30, 2010
1,543
5,412
Nexus 7 (2013)
OnePlus X
Spinvis said:
Yes, it's allowed, every app and service is allowed.

Also see screenshot here from a previous reply
click

Like I said, it's a very strange issue, never had this on Oreo.

Seeing the results of blacklist, my suspicion is that something get blocked using whitelist, which is allowed by selecting the "Any apps", and it's allowed by default using the blacklist.
Click to expand...
Click to collapse
While in whitelist enable log service and find out what's getting blocked.
 
  • Like
Reactions: custon3
R

RobertQc

New member
May 10, 2011
4
0
-11 App Name: (kernel) - Linux kernel

[-11] (kernel) - Linux kernel

Why does this keep popping up even if I allow it?

AFwall says DENIED, DENIED, but I allowed it.
 
You must log in or register to reply here.

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 404
    ukanth
    ukanth
    Welcome to official support page for AFWall+

    Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+
    Click to expand...
    Click to collapse

    Introduction
    AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
    discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.
    Click to expand...
    Click to collapse


    Features
    - Supports 5.x to 13.x
    - Import/Export Rules to external storage
    - Search Applications
    - Multiple Profiles with custom names
    - Tasker/Locale support
    - Select All/None/Invert/Clear applications with single click
    - Revamped Rules/Logs Viewer with copy/export to external storage
    - Ability to view the network interfaces
    - Highlight system applications with custom color
    - Notify on new installations
    - Ability to hide application icons( faster loading )
    - Use LockPattern for application protection.
    - Show/Hide application ID.
    - Roaming Control for 3G/Edge
    - VPN Control
    - LAN Control
    - Tether Control
    - IPV6 Control
    - Tor Control
    - Choose able languages
    - Choose able iptables/busybox binary
    - Supports MIPS/x86/ARM
    - DNS Hostname
    Click to expand...
    Click to collapse

    Changelog - See third Post
    Current Version - 3.6.0
    Click to expand...
    Click to collapse
    Free Version(3.6.0)
    Donate Version(3.6.0)
    Github(3.6.0)
    F-Droid(3.6.0)


    Unlocker(1.0.2)
    Click to expand...
    Click to collapse

    To get Unlocker without Google services - Please follow the instructions here
    Click to expand...
    Click to collapse

    AFWall+ BETA Program
    1) AFWall+ opt-in for beta program
    2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)
    Click to expand...
    Click to collapse

    Source Code/Wiki/FAQ
    AFWall+ is an free & opensource application
    Github
    Log an issue
    Frequently Asked Questions
    Many Thanks to @CHEF-KOCH
    Click to expand...
    Click to collapse

    Translations
    Translations - Please help me with translations in your language.
    http://crowdin.net/project/afwall
    Click to expand...
    Click to collapse

    Thanks To/Credits
    - German translations by chef@xda & user_99@xda & Gronkdalonka@xda
    - French translations by GermainZ@xda & Looki75@xda
    - Russian translations by Kirhe@xda & YaroslavKa78
    - Spanish translations by spezzino@crowdin
    - Dutch translations by DutchWaG@crowdin
    - Japanese translation by nnnn@crowdin
    - Ukrainian translation by andriykopanytsia@crowdin
    - Slovenian translation by bunga bunga@crowdin
    - Chinese Simplified translation by tianchaoren@crowdin
    - Polish translations by tst,Piotr Kowalski@crowdin
    - Swedish translations by CreepyLinguist@crowdin
    - Greek Translations by mpqo@crowdin
    - Portuguese translations by lemor2008@xda
    - Chinese Traditional by shiuan@crowdin
    - Chinese Simplified by wuwufei,tianchaoren @ crowdin
    - Italian translations by benzo@crowdin
    - Romanian tranlations by mysterys3by-facebook@crowdin
    - Czech translations by Syk3s
    Click to expand...
    Click to collapse

    Cheers,
    ukanth

    XDA:DevDB Information
    AFWall+ [ IPTables Firewall ], App for the Android General

    Contributors
    ukanth
    Source Code: https://github.com/ukanth/afwall


    Version Information
    Status:     Stable
    Current Stable Version: 3.5.3
    Stable Release Date: 2022-06-28
    Current Beta Version:     3.5.3
    Beta Release Date: 2022-06-28

    Created 2013-12-03
    Last Updated 2020-09-05
    View
    70
    ukanth
    ukanth
    Version 3.0.1

    * Fix: Status toggle widget 1x1
    * Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
    * Fix: Firewall error notification on oreo and above
    * Security: Tile toggle checks for password
    * User reported crashes
    * Updated translations

    Previous version 3.0.0

    Features:
    * Better support for nougat/oreo and pie.
    * Firewall toggle tile
    * Adaptive Icons
    * Notification channels
    * Tor support

    Bugs:
    * General bug fixes and crash reports.
    * Language selection bug
    * Filter selection bug
    * Compatible with magisk 17.x
    * Better handling of background process
    * Drops support for 4.x devices
    * Update languages
    * Updated libraries
    Click to expand...
    Click to collapse

    Complete Changelog

    https://github.com/ukanth/afwall/blob/stable/Changelog.md
    Click to expand...
    Click to collapse
    View
    41
    ukanth
    ukanth
    Hello All,

    After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.

    Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md

    This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.

    Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.

    BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=0
    View
    40
    ukanth
    ukanth
    Hello everyone,

    I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.

    Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.

    I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.

    Thanks again and have a great day.
    View
    35
    ukanth
    ukanth
    Hello everyone,

    I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here

    https://github.com/ukanth/afwall/releases/tag/v3.1.0

    Thank you all for your continuous support in AFWall+ development.
    View

New posts