FORUMS

[5.0+][ROOT][3.4.0] AFWall+ IPTables Firewall [9 FEB 2020]

1,466 posts
Thanks Meter: 5,042
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
3rd March 2020, 11:06 AM |#5801  
IronTechmonkey's Avatar
Recognized Contributor
Thanks Meter: 8,892
 
More
Quote:
Originally Posted by Ghjkjhgf

OnePlus one
AospExtended-v6.6-bacon 9pie
Magisk-v20.3
Ggaps not installed

I select one application, save the rule, ok, turn on the firewall, an error message appears. all applications are blocked, and not one as I noted.
when you turn off the rule, the Internet does not appear.

---------- Post added at 11:54 AM ---------- Previous post was at 11:20 AM ----------

Error appluing iptables rules.

This does not speak to possible cause but here are some things which might (or might not) fix that temporarily.

Leave Afwall+ enabled while you select apps and apply rules. This may help flush out and narrow down where the issue is.

Change profile,
Test
Disable/enable firewall.
Test
Force stop Afwall+ then run it.
Test
4th March 2020, 06:16 AM |#5802  
Senior Member
Thanks Meter: 84
 
More
Quote:
Originally Posted by Raen!

Hey, this is probably a dumb question and may be already answered but:

Is there a way to choose what domains are allow per app?
I mean like a whitelist of allow internet addresses per app.

If the answer is custom script-> where should I look to learn how to do it?

No built in way to do it. Can be done with custom scripts.

Learn about custom scripts at the afwall wiki:
https://github.com/ukanth/afwall/wiki/CustomScripts
14th March 2020, 12:05 PM |#5803  
Member
Thanks Meter: 7
 
More
Quote:
Originally Posted by IronTechmonkey

This does not speak to possible cause but here are some things which might (or might not) fix that temporarily.

Leave Afwall+ enabled while you select apps and apply rules. This may help flush out and narrow down where the issue is.

Change profile,
Test
Disable/enable firewall.
Test
Force stop Afwall+ then run it.
Test

Hey guys,

my setup cased in the same issiue.
If I select only one block or allow position for an app, all traffic will be blocked unless I disable the firewall.

Any news for this problem?

Spirit
14th March 2020, 12:49 PM |#5804  
IronTechmonkey's Avatar
Recognized Contributor
Thanks Meter: 8,892
 
More
Quote:
Originally Posted by Spirit_of_Eli

Hey guys,

my setup cased in the same issiue.
If I select only one block or allow position for an app, all traffic will be blocked unless I disable the firewall.

Any news for this problem?

Spirit


Perhaps I am misunderstanding something but that does not sound like the same issue I described. To clarify the meaning of the post you quoted, it was describing a series of steps which could be taken if the firewall fails to block anything after a reboot or an FC. What you seem to be describing is a situation where the opposite is occurring and everything rather than nothing is being blocked.

Without details about your device and scenario it’s hard to say what the problem could be but here are some general diagnostic steps:

- Remove 3rd party factors such as VPN and any other firewalls. Test without them, then only after resolving this issue, work on VPN configuration.

- Make sure you understand and are using the “allow selected” (whitelist) or “block selected” (blacklist) modes properly.

- Test with a simple app that has no dependencies elsewhere in the system. For example, an individual browser app might be good choice for testing web browsing but when downloading files the same browser may use the system components which would also have to be allowed.

- Use logging and toasts to see what is being blocked.

If those basic steps don’t work then you would want to provide more details about the device and specific steps to reproduce the problem (literally each action listed) and perhaps a log and exported rules.

[EDIT] Corrected assignment of labels, blacklist and whitelist, which I had inverted.
The Following User Says Thank You to IronTechmonkey For This Useful Post: [ View ] Gift IronTechmonkey Ad-Free
15th March 2020, 12:46 AM |#5805  
Senior Member
Thanks Meter: 222
 
More
Quote:
Originally Posted by IronTechmonkey


- Make sure you understand and are using the “allow selected” (blacklist) or “block selected” (whitelist) modes properly.

Sorry, correct me if I'm wrong.
Wouldn't this be the other way around? point 1 and 2 of the FAQ.

https://github.com/ukanth/afwall/wiki/FAQ
The Following User Says Thank You to custon3 For This Useful Post: [ View ] Gift custon3 Ad-Free
15th March 2020, 02:31 AM |#5806  
IronTechmonkey's Avatar
Recognized Contributor
Thanks Meter: 8,892
 
More
Quote:
Originally Posted by custon3

Sorry, correct me if I'm wrong.
Wouldn't this be the other way around? point 1 and 2 of the FAQ.

https://github.com/ukanth/afwall/wiki/FAQ

Good point. Have I been happily using the wrong terminology forever? Although the terms "whitelist-mode" and "blacklist-mode" are mentioned in the FAQ , I see no clarification there as to which one is considered allow-selected or block-selected,

My interpretation has been that blacklist mode means everything is blocked (blacklisted) by default until specifically and individually allowed, while in whitelist mode everything is allowed (whitelisted) by default unless specifically and individually blocked.

That being said I could see an argument being made (albeit IMO a weaker one) for an interpretation whereim the terms blacklist and whitelist apply to the selected items rather than the default condition.

I suppose that's why
allow-selected or block-selected are used. Its just that blacklist and whitelist sound cooler. Case in point:

"That app is so chatty online that I blacklisted it."

vs.

"That app is so chatty online that I block-selected it."

No contest.

[EDIT] A bit of web searching indicates that the terms whitelist and Blacklist apply to the items being selected, (counter to what I had thought). Thanks again, corrected in earlier post.
The Following 2 Users Say Thank You to IronTechmonkey For This Useful Post: [ View ] Gift IronTechmonkey Ad-Free
15th March 2020, 09:08 AM |#5807  
Oswald Boelcke's Avatar
Forum Moderator / Recognized Translator
Flag Preserving Air Supremacy over XDA
Thanks Meter: 11,459
 
More
Quote:
Originally Posted by custon3

Sorry, correct me if I'm wrong.
Wouldn't this be the other way around? point 1 and 2 of the FAQ.

https://github.com/ukanth/afwall/wiki/FAQ

Quote:
Originally Posted by IronTechmonkey

Good point. Have I been happily using the wrong terminology forever? Although the terms "whitelist-mode" and "blacklist-mode" are mentioned in the FAQ , I see no clarification there as to which one is considered allow-selected or block-selected,

My interpretation has been that blacklist mode means everything is blocked (blacklisted) by default until specifically and individually allowed, while in whitelist mode everything is allowed (whitelisted) by default unless specifically and individually blocked.

That being said I could see an argument being made (albeit IMO a weaker one) for an interpretation whereim the terms blacklist and whitelist apply to the selected items rather than the default condition.

I suppose that's why
allow-selected or block-selected are used. Its just that blacklist and whitelist sound cooler. Case in point:

"That app is so chatty online that I blacklisted it."

vs.

"That app is so chatty online that I block-selected it."

No contest.

[EDIT] A bit of web searching indicates that the terms whitelist and Blacklist apply to the items being selected, (counter to what I had thought). Thanks again, corrected in earlier post.

^^I agree that the Wiki is slightly irritating. However, from my personal point of view it's more important that the settings in the app aren't ambigious, and I think they are clear. I've chosen the option "allow selcted" and then tick the allowed connection for each UID. If I had to call this something in regard to the Wiki nomenclature I'd call it a blacklist mode i.e. everything is disabled/not allowed by default.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20200315-085748_AFWall+_(Spenden).jpg
Views:	192
Size:	249.0 KB
ID:	4971767   Click image for larger version

Name:	Screenshot_20200315-085810_AFWall+_(Spenden).jpg
Views:	192
Size:	246.6 KB
ID:	4971769  
The Following 2 Users Say Thank You to Oswald Boelcke For This Useful Post: [ View ] Gift Oswald Boelcke Ad-Free
15th March 2020, 10:17 AM |#5808  
Member
Thanks Meter: 7
 
More
Quote:
Originally Posted by IronTechmonkey

Perhaps I am misunderstanding something but that does not sound like the same issue I described. To clarify the meaning of the post you quoted, it was describing a series of steps which could be taken if the firewall fails to block anything after a reboot or an FC. What you seem to be describing is a situation where the opposite is occurring and everything rather than nothing is being blocked.

Without details about your device and scenario it’s hard to say what the problem could be but here are some general diagnostic steps:

- Remove 3rd party factors such as VPN and any other firewalls. Test without them, then only after resolving this issue, work on VPN configuration.

- Make sure you understand and are using the “allow selected” (whitelist) or “block selected” (blacklist) modes properly.

- Test with a simple app that has no dependencies elsewhere in the system. For example, an individual browser app might be good choice for testing web browsing but when downloading files the same browser may use the system components which would also have to be allowed.

- Use logging and toasts to see what is being blocked.

If those basic steps don’t work then you would want to provide more details about the device and specific steps to reproduce the problem (literally each action listed) and perhaps a log and exported rules.

[EDIT] Corrected assignment of labels, blacklist and whitelist, which I had inverted.

Hey, thanks for your responds and sorry if it isn't the same case.

I will try to explain my problem more detailed.

First of all my Device:
-OnePlus 6T
-Firmware 10.3.2
-ROM CrDroid 6.4
-Gapps 20200311 pico arm64
-Magisk 20.3
-TWRP 3.3.1-32-mauronofrio

There is no other firewall APP installed. Afwall is the only one.
I think the problem exists until I installed the march security patches with CrDroid update 6.4.
Now I couldn't block anything. If I do, all traffic will blocked. This happens If I select only one app or I select much more.
I try to change the Binaries, but that didnt solve.
By the way, if I want to apply a ruleset with an block, so I will get an error message like “error applying iptables rules”.
Afwall reinstalltion didnt help.

If you need more informations, so please ask me.

Spirit
15th March 2020, 01:36 PM |#5809  
IronTechmonkey's Avatar
Recognized Contributor
Thanks Meter: 8,892
 
More
Quote:
Originally Posted by Oswald Boelcke

^^I agree that the Wiki is slightly irritating. However, from my personal point of view it's more important that the settings in the app aren't ambigious, and I think they are clear. I've chosen the option "allow selcted" and then tick the allowed connection for each UID. If I had to call this something in regard to the Wiki nomenclature I'd call it a blacklist mode i.e. everything is disabled/not allowed by default.

Monkey likes wurds and the analysis thereof. Pardon a bit of OT.

I agree that within the app it is quite clear, and even in the FAQ (about which I've got no complaint) the terms allow-selected and block-selected are used so people should not get lost there either.

It seems that your logic for the terms blacklist and whitelist is similar to mine. By that model; the selected items are exceptions from the default blacklist. By the alternate terminology for the same allow-selected mode where blacklist and whitelist are inverted then the selected items are the whitelist itself. I'm finding it easy to make logical arguments for each combination as either of them can be made to sound reasonable.

To your point, It's a good thing we have allow-selected and block-selected.
The Following 2 Users Say Thank You to IronTechmonkey For This Useful Post: [ View ] Gift IronTechmonkey Ad-Free
15th March 2020, 05:56 PM |#5810  
Senior Member
Thanks Meter: 222
 
More
@IronTechmonkey , @Oswald Boelcke

Capture an old version of afwall.

https://www.movilzona.es//app/upload...oid-foto-2.png

This is only to "clarify, unify" terms when dealing with faults and possible solutions.
The Following 2 Users Say Thank You to custon3 For This Useful Post: [ View ] Gift custon3 Ad-Free
15th March 2020, 06:41 PM |#5811  
temporarium's Avatar
Senior Member
Thanks Meter: 210
 
More
Quote:
Originally Posted by IronTechmonkey

Monkey likes wurds and the analysis thereof. Pardon a bit of OT.

I agree that within the app it is quite clear, and even in the FAQ (about which I've got no complaint) the terms allow-selected and block-selected are used so people should not get lost there either.

It seems that your logic for the terms blacklist and whitelist is similar to mine. By that model; the selected items are exceptions from the default blacklist. By the alternate terminology for the same allow-selected mode where blacklist and whitelist are inverted then the selected items are the whitelist itself. I'm finding it easy to make logical arguments for each combination as either of them can be made to sound reasonable.

To your point, It's a good thing we have allow-selected and block-selected.

Just think if it this way: white=allowed/ok, black=forbidden; list=what you select (the rest isn't on the list).
The Following User Says Thank You to temporarium For This Useful Post: [ View ] Gift temporarium Ad-Free
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes