FORUMS
Remove All Ads from XDA

[5.0+][ROOT][3.3.1] AFWall+ IPTables Firewall [15 NOV 2019]

1,453 posts
Thanks Meter: 4,942
 
By ukanth, Recognized Developer on 26th October 2012, 06:41 PM
Post Reply Email Thread
1st November 2019, 12:03 AM |#5601  
webleeper's Avatar
Senior Member
Flag Long Island, NY
Thanks Meter: 93
 
More
Quote:
Originally Posted by dimm0k

I have an OG Pixel and an OG Pixel XL that are both running Android 10 with identical apps on both. while the Pixel works fine, if I enable the firewall on the XL all Internet stops working. I've contacted @ukanth on this before and have sent logs, but never heard back or seen a fix for it. anyone have any suggestions? all my firewall does is block Internet for 2 apps

Did you give Clat access, if not, give it access and try again
The Following User Says Thank You to webleeper For This Useful Post: [ View ] Gift webleeper Ad-Free
1st November 2019, 04:51 AM |#5602  
Senior Member
Thanks Meter: 583
 
More
Quote:
Originally Posted by webleeper

Did you give Clat access, if not, give it access and try again

THANK YOU! this worked!!
1st November 2019, 08:50 AM |#5603  
123xdagsm's Avatar
Senior Member
world
Thanks Meter: 23
 
More
#Sorry for my bad English
I update afwall 3.2.0 , but not working log service and firewall. When enable log service show error "kernels is missing log/nflog support" and when select fetch method "system" but returned to " busybox", and not stay in method "system"
I can't select fetch method "system" because returned to "busybox" and not working log method "busybox" for me.
In the version 3.1.0 not problem with log service. And good working
How to fix the problem in the version 3.2.0?
Thanks
1st November 2019, 09:01 PM |#5604  
Senior Member
Thanks Meter: 24
 
More
Quote:
Originally Posted by eriol1

I've had a similar experience (on different device) after switching to lineage 16. turned off battery optimization for afwall and it hasn't happened since.

I will try this, thanks.

I'm wondering if I'm doing this correctly:
I have 2 file explorer apps, ES file manager and Mixplorer. I want them to only use LAN.
So the way I'm using afwall+ is, select 'Block Selected' -> on the 2 apps, I check the 2nd and 3rd icon off (which is WAN and Data connection?).

However, when I go use the apps, I can't get it to connect to my network drives or start FTP to transfer files.
6th November 2019, 04:54 PM |#5605  
Member
Thanks Meter: 1
 
More
The log for AFWall on my HTC One M8 (LineageOS 14.1/Android 7.1.2) shows it is blocking "(kernel) - Linux kernel(-11)".

I am using AFWall's blacklist function and am not deliberately blocking anything that I'm aware is kernel-related. How can I determine the what service this is and, more to the point, whether I'd rather not be blocking it?
6th November 2019, 08:38 PM |#5606  
Member
Thanks Meter: 8
 
More
Quote:
Originally Posted by Hiroo Onoda

...
(android system - 1000)
- Block. Again, ...
So what I did was follow this guide (German) to set up an alternative captive portal check destination. I then added that IP as an IPTables exception in AFWall via custom script, so that even if 1000 was blocked, this particular connection would still go through.
....

@Hiroo Onoda could you please share that part of the script you used to allow UID1000 to connect to Kuketz Server?
Thanks in advance!
6th November 2019, 10:44 PM |#5607  
Junior Member
Thanks Meter: 19
 
More
Quote:
Originally Posted by ZXR

@Hiroo Onoda could you please share that part of the script you used to allow UID1000 to connect to Kuketz Server?
Thanks in advance!

Code:
# IPv4
$IPTABLES -A "afwall" -d 185.163.119.132 -p tcp -j ACCEPT
# IPv6
$IP6TABLES -A "afwall" -d 2a03:4000:3b:3cc:5480:6fff:fec0:ad9f -p tcp -j ACCEPT
Got this from https://www.kuketz-blog.de/empfehlun...captive-portal

I think what it does is not specifically allowing just UID1000 to connect, but any UID. If you wanna limit the connection to UID1000, I suppose you could do something like (not tested):

Code:
$IPTABLES -A "afwall" -d 185.163.119.132 -m owner --uid-owner 1000 -p tcp -j ACCEPT
----------------------------------

On another note: Does anyone know how I can get the Donate version for 3.1? Had issues with 3.2 which made me downgrade, but I can find only the standard apk 3.1 on F-Droid or Github.
The Following User Says Thank You to Hiroo Onoda For This Useful Post: [ View ] Gift Hiroo Onoda Ad-Free
7th November 2019, 11:57 AM |#5608  
Senior Member
/home
Thanks Meter: 298
 
More
Quote:
Originally Posted by Hiroo Onoda

On another note: Does anyone know how I can get the Donate version for 3.1? Had issues with 3.2 which made me downgrade, but I can find only the standard apk 3.1 on F-Droid or Github.

You install standard 3.1 and the unlock app?
7th November 2019, 07:13 PM |#5609  
Member
Thanks Meter: 8
 
More
Quote:
Originally Posted by Hiroo Onoda

...Had issues with 3.2 which made me downgrade, ...

Thx for your help on the script!
Regarding the 3.2, does it sporadically open the connections completely without any error message? This is what happened here (before I started adding any script). Maybe a real bug?
7th November 2019, 07:50 PM |#5610  
Member
Thanks Meter: 5
 
More
this question is in regards to the afwall "fix startup date leak" (thanks in advance)
im running
afwall v3.2.0
lineageos 14.120190608-UNOFFICIAL-z3c
kernel 3.4.0-lineage-ge023bb7c
magisk 20.1
xposed 29 API 25

is the "fix startup data leak" setting required?
how would i know if im leaking data at startup, where do i look, or any app that can tell me?
i know there is an xposed module available on my phone now (have not activated it), do i use that to "fix startup date leak" OR
do i just choose the path on afwall preferences > experimental menu and if so which path of the 4 available in the options should i choose? i know there is a magisk path there /sbin/.magisk/img/.core/service.d/

what is the proper way to use logs in afwall to see if i am leaking any data that should be blocked? (or any apps that i can install that can help me figure it out)
7th November 2019, 11:24 PM |#5611  
Junior Member
Thanks Meter: 19
 
More
Quote:
Originally Posted by action_papst

You install standard 3.1 and the unlock app?

I bought the donate version via playstore, I don't believe there's an option to downgrade there. As to unlocking a standard version, do you mean the Afwall apk unlocker? I think I've seen that somewhere. Do you know if that works with a playstore purchase?

Quote:
Originally Posted by ZXR

Thx for your help on the script!
Regarding the 3.2, does it sporadically open the connections completely without any error message? This is what happened here (before I started adding any script). Maybe a real bug?

I have two major issues with 3.2: the log doesn't work and, what is worse, the firewall won't apply a change from allow to block and vice versa instantly, but only after a few tries/a while. I don't get any error message, the rules supposedly apply correctly. But nothing is changed in fact. Confusing, and makes me feel like my phone is swiss cheese again. 3.1 works as intended, any changes are applied instantaneously.
The Following 2 Users Say Thank You to Hiroo Onoda For This Useful Post: [ View ] Gift Hiroo Onoda Ad-Free
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes