[5.0+][ROOT][3.6.0] AFWall+ IPTables Firewall [28 AUG 2023]
- Thread starter ukanth
- Start date
Ahh, App Ops by Xingchen & Rikka
https://play.google.com/store/apps/details?id=rikka.appops
Sent with much love & Android. OnePlus 5T OB33
https://play.google.com/store/apps/details?id=rikka.appops
Sent with much love & Android. OnePlus 5T OB33
Unfortunately it can't simply because that(shared_ids are included in the ROM itself ). That's why the afwall+ is seeing all apps with the same uid.
I own XPL Pro, and use both. I don't currently have Xposed installed, so didn't think about it.
Ah, ok. I was surprised that you do not mention XPrivacyLua ... since it is my most important app. I would not use any phone without it.
Problems with AFWall+ split apks
First of all, thanks for the APP, it's really good
I have a small problem, some APPs are blocked but not displayed, so I can't configure / unblock them.
Enclosed is the config and an exact error description. If anyone has a good tip I would be grateful :highfive:
OnePlus 6 with microg Lineage 16 latest version
Yalp store
SAI Split APKs Installer
The Yalp store downloads some APPs only as Split APKs, which I can only install via detours (e.g. SAI).
These APPs are blocked by AFWall+, but not displayed in the config menu
The blocked apps are displayed in the logs.
Since I also use Shelter I have activated the Multiuser Mode as well as the Dual Apps Support.
First of all, thanks for the APP, it's really good
I have a small problem, some APPs are blocked but not displayed, so I can't configure / unblock them.
Enclosed is the config and an exact error description. If anyone has a good tip I would be grateful :highfive:
OnePlus 6 with microg Lineage 16 latest version
Yalp store
SAI Split APKs Installer
The Yalp store downloads some APPs only as Split APKs, which I can only install via detours (e.g. SAI).
These APPs are blocked by AFWall+, but not displayed in the config menu
The blocked apps are displayed in the logs.
Since I also use Shelter I have activated the Multiuser Mode as well as the Dual Apps Support.
Last edited:
Hi,
first let me use this post to thank the developer for for this great App! I also will send a donation soon!
Can someone tell me how the Log Setting "show hostname" in AFWall+ works and if it is worth installing the proprietary unlock-apk?
It would be nice to see what FQDN the Apps contact but does it work well?
Does AFWall+ Capture the actual DNS Requests of the Apps?
Or is it just a DNS PTR Reverse-Lookup?
first let me use this post to thank the developer for for this great App! I also will send a donation soon!
Can someone tell me how the Log Setting "show hostname" in AFWall+ works and if it is worth installing the proprietary unlock-apk?
It would be nice to see what FQDN the Apps contact but does it work well?
Does AFWall+ Capture the actual DNS Requests of the Apps?
Or is it just a DNS PTR Reverse-Lookup?
Hello. I would like to have a magisk module access my local net. Allowing "running as root" is too broad. Even allowing everything to a certain ip(+port!) would be good. Custom script?
custom scripts timeout
I'm wondering if there is any timeout implemented for execution of custom scripts?
Because on my older phone, that is considerable slower, AFWall+ throws an error at the end of the second one, but I have three.
If it is, could the developer increase this timeout or even better make an option to allow the user to configure it himself, please?
I'm wondering if there is any timeout implemented for execution of custom scripts?
Because on my older phone, that is considerable slower, AFWall+ throws an error at the end of the second one, but I have three.
If it is, could the developer increase this timeout or even better make an option to allow the user to configure it himself, please?
Anyone having this issue on every reboot?
Started a few days ago, after months of error-free use.
Samsung Galaxy Tab S5e (SM-T720)
Android 9
Magisk 19.3 Manager 7.3.2
Riru - EdXposed v0.4.5.1_beta (4463) (YAHFA)
AFWall+ 3.2.0 beta
Code:
android.app.RemoteServiceException: Context.startForegroundService() did not then call Service.startForeground(): ServiceRecord{e572d61 u0 dev.ukanth.ufirewall/.service.LogService}
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1883)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:214)
at android.app.ActivityThread.main(ActivityThread.java:7075)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:965)Started a few days ago, after months of error-free use.
Samsung Galaxy Tab S5e (SM-T720)
Android 9
Magisk 19.3 Manager 7.3.2
Riru - EdXposed v0.4.5.1_beta (4463) (YAHFA)
AFWall+ 3.2.0 beta
When you get these errors, is AFWall+ not starting properly at boot time? If so I'm seeing similar issues where it's not starting properly during at boot and blocked apps are gaining access during this time. I can't check the logs atm but I might see if I'm also getting similar errors later...Pretty much the same setup as you software wise, but phone is a Xiaomi Mi Mix 2S.
It still blocks apps and otherwise performs normally. Hadn't thought about it leaking data at boot...gotta look in to this. Trying out boot scripts to grab first minute or so of log.
I have some questions regarding IPv6.
I would prefer to disable IPv6 on my phone completely but this does not seem to work reliable as the system settings in /proc/sys/net/ipv6/ are changed in the background while wifi is enabled/disabled etc.
So at least I want to make sure that all my app policies also apply to IPv6 and that there is no IPv6 Traffic allowed for apps, which are supposed to be denied internet access.
I am not sure about the meaning of some options/settings:
1) "ipv6 support"
1.1) "disabled" means that AFWall+ ignores any IPv6 traffic and denied apps can bypass the ipv4 policy by using ipv6? Or does afwall+ block any ipv6 traffic in that case?
1.2) "enabled" means that AFWall+ Applies the same policies to ipv6 traffic as tp ipv4 traffic?
2) "only control IPv6 Chains" What does this setting do? What is the difference to enabling "ipv6 support"?
3) I am also wondering that the AFWall+ log only displays blocked ipv4 addresses and no ipv6 addresse at all. (no matter if "ipv6 support" is enabled or disabled) Is IPv6 traffic not logged or does it bypass afwall+?
I would prefer to disable IPv6 on my phone completely but this does not seem to work reliable as the system settings in /proc/sys/net/ipv6/ are changed in the background while wifi is enabled/disabled etc.
So at least I want to make sure that all my app policies also apply to IPv6 and that there is no IPv6 Traffic allowed for apps, which are supposed to be denied internet access.
I am not sure about the meaning of some options/settings:
1) "ipv6 support"
1.1) "disabled" means that AFWall+ ignores any IPv6 traffic and denied apps can bypass the ipv4 policy by using ipv6? Or does afwall+ block any ipv6 traffic in that case?
1.2) "enabled" means that AFWall+ Applies the same policies to ipv6 traffic as tp ipv4 traffic?
2) "only control IPv6 Chains" What does this setting do? What is the difference to enabling "ipv6 support"?
3) I am also wondering that the AFWall+ log only displays blocked ipv4 addresses and no ipv6 addresse at all. (no matter if "ipv6 support" is enabled or disabled) Is IPv6 traffic not logged or does it bypass afwall+?
Last edited:
First off check of you are using ipv6 with your 4g provider and WiFi connection.
AFAIK (checked against iptables and ip6tables)
1) should turn on ipv6 rules I do not see a diffrence in the command line
2) this changes the default settings for the firewall chain like the ipv4 settings above in the setting panel
3) sorry I use free version (should switch to the paid just lazy)
If I can make a request that the firewall can change profiles based on a app in other words if you have a banking profile when you turn on your banking app afwall will switch to the appropriate profile (checking the uid for usage)
I did some more testing and am still confused about these IPv6 settings...
With IPv6 support disabled I had trouble with CalDAV and CardDAV synchronization. I also could see AppID 1000 being blocked regularly in AFWall+ Logs.
With IPv6 support enabled, CalDAV and CardDAV synchronization suddenly worked without any issue. I also could not see AppID 1000 being blocked anymore.
So it feels like enabling IPv6 supports allows some traffic to invisibly bypass the firewall.
Maybe @ukanth can clarify how IPv6 support is supposed to work?
Top Liked Posts
-
1
I'm not sure what you're asking, but AFWall is meant to block traffic based on certain rules. Why would you want to use AFWall in order to enable AA? Are you rooted? Custom ROM? What's your environment? Are you currently able to use AA in your car?1
Perhaps they are having trouble using Android auto with the Firewall, e.g., maybe AFwall is blocking Android Auto.
+1 to your question/suggestion about whether or not Android Auto works okay when AFwall is not enabled.1
this sounds like you are using afwall in whitelist mode (blocks everything, and you select what gets access)?
if you run it in the recommended blacklist mode (allows everything, and you select what gets blocked) you should not have this issue - assuming you don't of course block android auto or some crucial system app.1
I had to enable traffic for a bunch of XIAOMI system "apps" (they bundle a bunch of apps together so that you don't disable them) that disabled network if they didn't phone home successfully after a couple of minutes. Never buying anything from that underhanded manufacturer EVER AGAIN.1
What device you are using? OS and app version? What the default filtering mode? There's any logs while your device try to attempt any connection? More info please. -
1
I'm not sure what you're asking, but AFWall is meant to block traffic based on certain rules. Why would you want to use AFWall in order to enable AA? Are you rooted? Custom ROM? What's your environment? Are you currently able to use AA in your car?1
Perhaps they are having trouble using Android auto with the Firewall, e.g., maybe AFwall is blocking Android Auto.
+1 to your question/suggestion about whether or not Android Auto works okay when AFwall is not enabled.1
this sounds like you are using afwall in whitelist mode (blocks everything, and you select what gets access)?
if you run it in the recommended blacklist mode (allows everything, and you select what gets blocked) you should not have this issue - assuming you don't of course block android auto or some crucial system app.1
I had to enable traffic for a bunch of XIAOMI system "apps" (they bundle a bunch of apps together so that you don't disable them) that disabled network if they didn't phone home successfully after a couple of minutes. Never buying anything from that underhanded manufacturer EVER AGAIN.1
What device you are using? OS and app version? What the default filtering mode? There's any logs while your device try to attempt any connection? More info please. -
404Welcome to official support page for AFWall+
Introduction
Features
Changelog - See third Post
AFWall+ BETA Program
Source Code/Wiki/FAQ
Translations
Thanks To/Credits
Cheers,
ukanth
XDA:DevDB Information
AFWall+ [ IPTables Firewall ], App for the Android General
Contributors
ukanth
Source Code: https://github.com/ukanth/afwall
Version Information
Status: Stable
Current Stable Version: 3.5.3
Stable Release Date: 2022-06-28
Current Beta Version: 3.5.3
Beta Release Date: 2022-06-28
Created 2013-12-03
Last Updated 2020-09-0541Hello All,
After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.
Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md
This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.
Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.
BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=040Hello everyone,
I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.
Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.
I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.
Thanks again and have a great day.35Hello everyone,
I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here
https://github.com/ukanth/afwall/releases/tag/v3.1.0
Thank you all for your continuous support in AFWall+ development.
