Would simply allowing your app LAN access and nothing else not be enough?
Totaly erratic on my Android 9 ... work .. then do not .... unreliable, and i'm using it for 8 years at least.. (started with AFWall) never met this kind of problems.
OK so after wiping app storage and resetting my rules, the app did in fact start working as intended and blocking internet access
OnePlus one
AospExtended-v6.6-bacon 9pie
Magisk-v20.3
Ggaps not installed
I select one application, save the rule, ok, turn on the firewall, an error message appears. all applications are blocked, and not one as I noted.
when you turn off the rule, the Internet does not appear.
---------- Post added at 11:54 AM ---------- Previous post was at 11:20 AM ----------
Error appluing iptables rules. :crying::crying:
No built in way to do it. Can be done with custom scripts.Hey, this is probably a dumb question and may be already answered but:
Is there a way to choose what domains are allow per app?
I mean like a whitelist of allow internet addresses per app.
If the answer is custom script-> where should I look to learn how to do it?
This does not speak to possible cause but here are some things which might (or might not) fix that temporarily.
Leave Afwall+ enabled while you select apps and apply rules. This may help flush out and narrow down where the issue is.
Change profile,
Test
Disable/enable firewall.
Test
Force stop Afwall+ then run it.
Test
Hey guys,
my setup cased in the same issiue.
If I select only one block or allow position for an app, all traffic will be blocked unless I disable the firewall.
Any news for this problem?
Spirit
- Make sure you understand and are using the “allow selected” (blacklist) or “block selected” (whitelist) modes properly.
Sorry, correct me if I'm wrong.
Wouldn't this be the other way around? point 1 and 2 of the FAQ.
https://github.com/ukanth/afwall/wiki/FAQ
Sorry, correct me if I'm wrong.
Wouldn't this be the other way around? point 1 and 2 of the FAQ.
https://github.com/ukanth/afwall/wiki/FAQ
^^:good:I agree that the Wiki is slightly irritating. However, from my personal point of view it's more important that the settings in the app aren't ambigious, and I think they are clear. I've chosen the option "allow selcted" and then tick the allowed connection for each UID. If I had to call this something in regard to the Wiki nomenclature I'd call it a blacklist mode i.e. everything is disabled/not allowed by default.Good point. Have I been happily using the wrong terminology forever? Although the terms "whitelist-mode" and "blacklist-mode" are mentioned in the FAQ , I see no clarification there as to which one is considered allow-selected or block-selected,
My interpretation has been that blacklist mode means everything is blocked (blacklisted) by default until specifically and individually allowed, while in whitelist mode everything is allowed (whitelisted) by default unless specifically and individually blocked.
That being said I could see an argument being made (albeit IMO a weaker one) for an interpretation whereim the terms blacklist and whitelist apply to the selected items rather than the default condition.
I suppose that's why
allow-selected or block-selected are used. Its just that blacklist and whitelist sound cooler. Case in point:
"That app is so chatty online that I blacklisted it."
vs.
"That app is so chatty online that I block-selected it."
No contest.:silly:
[EDIT] A bit of web searching indicates that the terms whitelist and Blacklist apply to the items being selected, (counter to what I had thought). Thanks again, corrected in earlier post.
Perhaps I am misunderstanding something but that does not sound like the same issue I described. To clarify the meaning of the post you quoted, it was describing a series of steps which could be taken if the firewall fails to block anything after a reboot or an FC. What you seem to be describing is a situation where the opposite is occurring and everything rather than nothing is being blocked.
Without details about your device and scenario it’s hard to say what the problem could be but here are some general diagnostic steps:
- Remove 3rd party factors such as VPN and any other firewalls. Test without them, then only after resolving this issue, work on VPN configuration.
- Make sure you understand and are using the “allow selected” (whitelist) or “block selected” (blacklist) modes properly.
- Test with a simple app that has no dependencies elsewhere in the system. For example, an individual browser app might be good choice for testing web browsing but when downloading files the same browser may use the system components which would also have to be allowed.
- Use logging and toasts to see what is being blocked.
If those basic steps don’t work then you would want to provide more details about the device and specific steps to reproduce the problem (literally each action listed) and perhaps a log and exported rules.
[EDIT] Corrected assignment of labels, blacklist and whitelist, which I had inverted.
^^:good:I agree that the Wiki is slightly irritating. However, from my personal point of view it's more important that the settings in the app aren't ambigious, and I think they are clear. I've chosen the option "allow selcted" and then tick the allowed connection for each UID. If I had to call this something in regard to the Wiki nomenclature I'd call it a blacklist mode i.e. everything is disabled/not allowed by default.
Just think if it this way: white=allowed/ok, black=forbidden; list=what you select (the rest isn't on the list).Monkey likes wurds and the analysis thereof. Pardon a bit of OT.
I agree that within the app it is quite clear, and even in the FAQ (about which I've got no complaint) the terms allow-selected and block-selected are used so people should not get lost there either.
It seems that your logic for the terms blacklist and whitelist is similar to mine. By that model; the selected items are exceptions from the default blacklist. By the alternate terminology for the same allow-selected mode where blacklist and whitelist are inverted then the selected items are the whitelist itself. I'm finding it easy to make logical arguments for each combination as either of them can be made to sound reasonable.
To your point, It's a good thing we have allow-selected and block-selected.
Like me, you "suffer" from Sprachgefühl.Monkey likes wurds and the analysis thereof. Pardon a bit of OT.
Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+
AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.
- Supports 5.x to 13.x
- Import/Export Rules to external storage
- Search Applications
- Multiple Profiles with custom names
- Tasker/Locale support
- Select All/None/Invert/Clear applications with single click
- Revamped Rules/Logs Viewer with copy/export to external storage
- Ability to view the network interfaces
- Highlight system applications with custom color
- Notify on new installations
- Ability to hide application icons( faster loading )
- Use LockPattern for application protection.
- Show/Hide application ID.
- Roaming Control for 3G/Edge
- VPN Control
- LAN Control
- Tether Control
- IPV6 Control
- Tor Control
- Choose able languages
- Choose able iptables/busybox binary
- Supports MIPS/x86/ARM
- DNS Hostname
To get Unlocker without Google services - Please follow the instructions here
1) AFWall+ opt-in for beta program
2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)
AFWall+ is an free & opensource application
Github
Log an issue
Frequently Asked Questions
Many Thanks to @CHEF-KOCH
Translations - Please help me with translations in your language.
http://crowdin.net/project/afwall
- German translations by chef@xda & user_99@xda & Gronkdalonka@xda
- French translations by GermainZ@xda & Looki75@xda
- Russian translations by Kirhe@xda & YaroslavKa78
- Spanish translations by spezzino@crowdin
- Dutch translations by DutchWaG@crowdin
- Japanese translation by nnnn@crowdin
- Ukrainian translation by andriykopanytsia@crowdin
- Slovenian translation by bunga bunga@crowdin
- Chinese Simplified translation by tianchaoren@crowdin
- Polish translations by tst,Piotr Kowalski@crowdin
- Swedish translations by CreepyLinguist@crowdin
- Greek Translations by mpqo@crowdin
- Portuguese translations by lemor2008@xda
- Chinese Traditional by shiuan@crowdin
- Chinese Simplified by wuwufei,tianchaoren @ crowdin
- Italian translations by benzo@crowdin
- Romanian tranlations by mysterys3by-facebook@crowdin
- Czech translations by Syk3s
Version 3.0.1
* Fix: Status toggle widget 1x1
* Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
* Fix: Firewall error notification on oreo and above
* Security: Tile toggle checks for password
* User reported crashes
* Updated translations
Previous version 3.0.0
Features:
* Better support for nougat/oreo and pie.
* Firewall toggle tile
* Adaptive Icons
* Notification channels
* Tor support
Bugs:
* General bug fixes and crash reports.
* Language selection bug
* Filter selection bug
* Compatible with magisk 17.x
* Better handling of background process
* Drops support for 4.x devices
* Update languages
* Updated libraries