FORUMS
Remove All Ads from XDA

[5.0+][ROOT][3.2.0-BETA] AFWall+ IPTables Firewall [03 JULY 2019]

1,424 posts
Thanks Meter: 4,765
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
23rd July 2019, 02:27 PM |#5461  
Member
Thanks Meter: 9
 
More
Quote:
Originally Posted by voroxda

It works, but Afwall+ does not see the change??

AFWall+ won't see any rules created with external tools, since it doesn't parse existing. It just applies its own.
Thus... use also custom scripts (applying the external script you actually use) with AFWall+, otherwise it will delete the one for Maps created by the external script on its first run afterwards.
The Following User Says Thank You to mocarela For This Useful Post: [ View ] Gift mocarela Ad-Free
 
 
23rd July 2019, 08:50 PM |#5462  
Member
Thanks Meter: 9
 
More
Quote:
Originally Posted by KonkavJS

Somebody maybe some idea?

One thing that is wrong in your command, but this is not the cause it does not work (because after all the first rule would suffice), is that dots are not used in network packets. For details google "iptables string dots". So, in your third command you should use -m string --hex-string "|08|clients3|06|google|03|com".

I think the problem here is that "internet check" in question does not work simply as that anymore. I was able to narrow down the rules to:

Code:
iptables -I afwall-wifi-wan -m owner --uid-owner 1000 -d 172.217.19.99 -p tcp --destination-port 80 -j RETURN
iptables -I afwall-wifi-wan -m owner --uid-owner 1000 -d 216.58.214.227 -p tcp --destination-port 80 -j RETURN
I said narrow down, because it might depend on the location and the moment of execution of the check. After a while "System" will check some other hosts or its hardcoded hostnames will change their IPs and it won't work anymore.

So, the only thing that constantly works for me is the following:

Code:
iptables -I afwall-wifi-wan -m owner --uid-owner 1000 -d 172.217.0.0/16 -p tcp --destination-port 80 -j RETURN
iptables -I afwall-wifi-wan -m owner --uid-owner 1000 -d 216.58.214.0/24 -p tcp --destination-port 80 -j RETURN
That's all I was able to do so far. Not much, but better than nothing.
23rd July 2019, 11:26 PM |#5463  
Member
Thanks Meter: 9
 
More
Problem again... I just realized that rules are not applied at boot without manually applying them. I even don't have any script in the folder selected (in my case /data/adb/service.d).
So, what else do I need to enable on Xiaomi Mi 9 SE with MIUI 10.2.2 Global in order to get rules applied on boot? JFTR, I haven't disabled boot completed receiver or anything similar.
24th July 2019, 03:36 PM |#5464  
n0j0e's Avatar
Senior Member
Flag Berlin
Thanks Meter: 512
 
More
Can someone light me up why so many apps sorted as one app?
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20190724-163256.jpg
Views:	272
Size:	199.2 KB
ID:	4796747  
25th July 2019, 06:22 AM |#5465  
TiTiB's Avatar
Senior Member
Thanks Meter: 253
 
More
Quote:
Originally Posted by n0j0e

Can someone light me up why so many apps sorted as one app?

Yesh, check this out. Samsung Galaxy Tab S5e
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20190724222114.png
Views:	216
Size:	148.0 KB
ID:	4797087  
25th July 2019, 06:58 AM |#5466  
Ultramanoid's Avatar
Senior Member
日本
Thanks Meter: 4,117
 
More
Quote:
Originally Posted by TiTiB

Yesh, check this out. Samsung Galaxy Tab S5e 。。。

You don't have a Samsung, a Samsung has you.
 
The Following 2 Users Say Thank You to Ultramanoid For This Useful Post: [ View ] Gift Ultramanoid Ad-Free
25th July 2019, 09:37 AM |#5467  
TiTiB's Avatar
Senior Member
Thanks Meter: 253
 
More
Quote:
Originally Posted by Ultramanoid

You don't have a Samsung, a Samsung has you.

But I now have root, so F'em!
The Following User Says Thank You to TiTiB For This Useful Post: [ View ] Gift TiTiB Ad-Free
25th July 2019, 11:02 AM |#5468  
temporarium's Avatar
Senior Member
Thanks Meter: 157
 
More
Quote:
Originally Posted by n0j0e

Can someone light me up why so many apps sorted as one app?

Excellent point/question. Any chains expert?
25th July 2019, 03:46 PM |#5469  
Senior Member
Flag Sofia
Thanks Meter: 125
 
More
Quote:
Originally Posted by temporarium

Excellent point/question. Any chains expert?

Maybe related to https://developer.android.com/guide/...ement.html#uid

and https://developer.android.com/guide/...s/fundamentals

Quote:

It's possible to arrange for two apps to share the same Linux user ID, in which case they are able to access each other's files. To conserve system resources, apps with the same user ID can also arrange to run in the same Linux process and share the same VM. The apps must also be signed with the same certificate

The Following 5 Users Say Thank You to zarere For This Useful Post: [ View ] Gift zarere Ad-Free
25th July 2019, 04:25 PM |#5470  
Ultramanoid's Avatar
Senior Member
日本
Thanks Meter: 4,117
 
More
Quote:
Originally Posted by TiTiB

But I now have root, so F'em!

I still find it truly mind boggling, and extremely worrisome. I can't be bothered to count that list / monstrosity, but for reference here are the 11 ( which I think are already too many ) under 1000 in my system.
 
Attached Thumbnails
Click image for larger version

Name:	Screenshot .png
Views:	174
Size:	25.5 KB
ID:	4797266  
The Following 2 Users Say Thank You to Ultramanoid For This Useful Post: [ View ] Gift Ultramanoid Ad-Free
25th July 2019, 05:57 PM |#5471  
TiTiB's Avatar
Senior Member
Thanks Meter: 253
 
More
Quote:
Originally Posted by Ultramanoid

I still find it truly mind boggling, and extremely worrisome. I can't be bothered to count that list / monstrosity, but for reference here are the 11 ( which I think are already too many ) under 1000 in my system.

I am an *extreme* debloater—I recently totally locked up my Tab S5e by messing with Samsung Payment/kgclient and had to go back to stock and start all over again—my nic stands for Tweak it Til it Breaks, after all. I am also, at heart, a minimalist, and strive to rid my devices of *everything* that is, imo, non-essential.

Privacy intruding apps/ops are my first targets and am willing to suffer crashes/lockups to see how much I can disable/delete/deactivate, et al. Four of my favorite tools are 3C Toolbox Pro, MyAndroidTools, App Ops by Xingchen & Rikk, and, of course, AFWall+.
The Following 3 Users Say Thank You to TiTiB For This Useful Post: [ View ] Gift TiTiB Ad-Free
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes