FORUMS
Remove All Ads from XDA

[5.0+][ROOT][3.2.0] AFWall+ IPTables Firewall [20 OCT 2019]

1,431 posts
Thanks Meter: 4,805
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
18th August 2019, 08:39 PM |#5491  
Senior Member
Thanks Meter: 8
 
More
Quote:
Originally Posted by topaza

I have some questions regarding IPv6.
I would prefer to disable IPv6 on my phone completely but this does not seem to work reliable as the system settings in /proc/sys/net/ipv6/ are changed in the background while wifi is enabled/disabled etc.
So at least I want to make sure that all my app policies also apply to IPv6 and that there is no IPv6 Traffic allowed for apps, which are supposed to be denied internet access.

I am not sure about the meaning of some options/settings:
1) "ipv6 support"
1.1) "disabled" means that AFWall+ ignores any IPv6 traffic and denied apps can bypass the ipv4 policy by using ipv6? Or does afwall+ block any ipv6 traffic in that case?
1.2) "enabled" means that AFWall+ Applies the same policies to ipv6 traffic as tp ipv4 traffic?
2) "only control IPv6 Chains" What does this setting do? What is the difference to enabling "ipv6 support"?
3) I am also wondering that the AFWall+ log only displays blocked ipv4 addresses and no ipv6 addresse at all. (no matter if "ipv6 support" is enabled or disabled) Is IPv6 traffic not logged or does it bypass afwall+?

I did some more testing and am still confused about these IPv6 settings...

With IPv6 support disabled I had trouble with CalDAV and CardDAV synchronization. I also could see AppID 1000 being blocked regularly in AFWall+ Logs.
With IPv6 support enabled, CalDAV and CardDAV synchronization suddenly worked without any issue. I also could not see AppID 1000 being blocked anymore.
So it feels like enabling IPv6 supports allows some traffic to invisibly bypass the firewall.

Maybe @ukanth can clarify how IPv6 support is supposed to work?
The Following 2 Users Say Thank You to topaza For This Useful Post: [ View ] Gift topaza Ad-Free
21st August 2019, 05:40 AM |#5492  
Junior Member
Thanks Meter: 0
 
More
Hi !

Is there a way to edit the IPTables manually file and add restriction to trackers domain names ( avoir connexion to graphlytics or graph.facebook... for example)?

Thank you
21st August 2019, 05:42 AM |#5493  
PoochyX's Avatar
Senior Member
Thanks Meter: 347
 
More
Quote:
Originally Posted by Atomic Lutin

Hi !



Is there a way to edit the IPTables manually file and add restriction to trackers domain names ( avoir connexion to graphlytics or graph.facebook... for example)?



Thank you

Your messenger won't work without graph facebook.. Like you won't be able to access your shared content...

(09-09-18)
21st August 2019, 05:45 AM |#5494  
Junior Member
Thanks Meter: 0
 
More
I don't have facebook account...

And if not graph.facebook there are a lot of other trackers....

For the moment graph.facebook is blocked by netguard and everything works well...
21st August 2019, 09:49 AM |#5495  
Recognized Contributor
Thanks Meter: 3,249
 
More
Quote:
Originally Posted by Atomic Lutin

I don't have facebook account...

And if not graph.facebook there are a lot of other trackers....

For the moment graph.facebook is blocked by netguard and everything works well...

Simplest way is to add trackers to hosts file using something like AdAway. Some blacklists already include trackers
21st August 2019, 10:23 AM |#5496  
amg314's Avatar
Senior Member
Flag Kharkov
Thanks Meter: 166
 
More
Quote:
Originally Posted by Atomic Lutin

Hi !

Is there a way to edit the IPTables manually file and add restriction to trackers domain names ( avoir connexion to graphlytics or graph.facebook... for example)?

Thank you

Try Iptables Script Generator like http://www.mista.nu/iptables/

See also a useful post: https://www.linuxquestions.org/quest...3/#post2211152
21st August 2019, 11:35 PM |#5497  
Junior Member
Thanks Meter: 0
 
More
Xiaomi and Second Space
Quote:
Originally Posted by bobcov

Anybody using AFWall+ paid and SecondSpace on MIUI Xiaomi? All activity from SecondSpace is flagged and blocked by AFWall+. The blocked apps from SecondSpace show up in the log with UID prefaced by 101. When Dual App option is enabled, apps such as the Chrome browser which is installed in both partitions, get listed in the app list with a 999 UID prefix. Is there anyway I can change it to 101?
If I select all apps then the Internet works normally for SecondSpace, but I cannot find any single specific application to allow to get SecondSpace traffic through the firewall.

Has anyone managed to solve this problem yet?
22nd August 2019, 11:39 AM |#5498  
Junior Member
Thanks Meter: 0
 
More
Internet by bluetooth
Hello. Please add the ability to block the Internet received by bluetooth, this function would be very useful.
25th August 2019, 03:30 PM |#5499  
Senior Member
Thanks Meter: 17
 
More
Blocking Google, best practices?
I used this script to make a list of all Google IPs to block with AFWall+

https://notabug.org/maloe/ASN_IPFire_Script/wiki

Code:
asn_ipfire.sh  --afwall google
that then becomes a custom script. It works well. In a way too well.

There are some websites I want to visit (i.e. homedepot.com) which is hosted at *.googleusercontent.com and is blocked by one of the IP Ranges.

I thought of what I thought was a clever workaround - use the TOR browser. That didn't work because homedepot.com detects my IP as being from some strange land.

I'm looking for suggestions on how to block the most of Google while still being able to access a few sites hosted on googleusercontent.com

I'm on LOS with no GAPPS. I'm mostly concerned about privacy the automatic connections which still occur to Google by the guts of Android. I'm not concerned about adblocking as I have that covered with uBlock Origin in Firefox.

Thanks,
Mark
The Following 4 Users Say Thank You to markd89 For This Useful Post: [ View ] Gift markd89 Ad-Free
27th August 2019, 08:13 PM |#5500  
Member
Thanks Meter: 20
 
More
Quote:
Originally Posted by AmroIb

How to use with Adguard ?

How to build a rocket engine?
27th August 2019, 09:30 PM |#5501  
darfri's Avatar
Senior Member
Thanks Meter: 43
 
More
Quote:
Originally Posted by Ramihyn

How to build a rocket engine?

... by using Adguard for sure
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes