FORUMS
Remove All Ads from XDA

[5.0+][ROOT][3.3.1] AFWall+ IPTables Firewall [15 NOV 2019]

1,453 posts
Thanks Meter: 4,942
 
By ukanth, Recognized Developer on 26th October 2012, 06:41 PM
Post Reply Email Thread
28th December 2018, 07:27 AM |#5111  
Junior Member
Thanks Meter: 1
 
More
Hello Ukanth, and everyone
I need some help with afw, whole my question was fully described by user Torrify four years ago
https://forum.xda-developers.com/sho...postcount=2146
and no any answers since that

I try to use wifi Tethering and afw + Orbot at the same time, notebook connects to android via wifi, afw white list checkboxes settled a right way.
Tethering DNS + DCHP Cell network (Orbot checkboxes don't apply, i'll write why further)
Some apps i need to use on my phone when i provide internet to my PC
Override DNS ( for DNS change, actually only with this app i can use wifi tethering+ AFW correct, cuase without it doesnt work )
At android all works great, all trafic pass trought Orbot, when Orbot is down - packets is rejected/droped

But when i try to use tethering with Orbot, it doesnt work, best of i already achieved - it's a possibilty use internet on PC via wifi tethering with working AFW WITHOUT passing trought orbot.
I don't know why it's happen.
When i try to set Orbot checkbox on tethering - i see "Error applying iptables rules"
And this message i see in log (pic in attach)

Orbot option - "Open proxy on all interfaces" is ON

What i need to do? Please help

Log error
30th December 2018, 03:58 PM |#5112  
Member
Flag Mannheim
Thanks Meter: 24
 
More
Hey guys,

I have a similar problem with tethering (BT, Wifi and USB). I found some similar questions on github, but I still don't get it. Maybe you can point my to the right direction.

Here my devices:
  • Samsung S7 LOS 14.1 with AFWall <- primary phone. this phone shares Its internet connection (mobile or WiFi)
  • Google Nexus 4 LOS 15.1 (But same issue with other devices like Win10 Laptop or IPhone6 or Samungs S5 Mini Stock) <- sec. device which needs internet
Here my rules:
When firewall is enabled other connected devices don't have access.
When firewall is disabled other connected devices have access.
When firewall is enabled and core> "(any app)" is checked other connected devices have access.

So i thought it must be some configuration issue by me. But now it gets confusing:
When firewall is enabled other connected devices don't have access, but google.com search works in browser (FF in my case). First i thought its from the cache, but searching something new works too. Nothing else loading.
Sounds like the secondary phone dont resolving dns correctly.

Can you help me? Do need some logs? From which device?

Thanks

Edit: Found a solution here!
30th December 2018, 06:00 PM |#5113  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 4,942
 
Donate to Me
More
Quote:
Originally Posted by chrisrevoltes

Hey guys,

I have a similar problem with tethering (BT, Wifi and USB). I found some similar questions on github, but I still don't get it. Maybe you can point my to the right direction.

Here my devices:

  • Samsung S7 LOS 14.1 with AFWall <- primary phone. this phone shares Its internet connection (mobile or WiFi)
  • Google Nexus 4 LOS 15.1 (But same issue with other devices like Win10 Laptop or IPhone6 or Samungs S5 Mini Stock) <- sec. device which needs internet
Here my rules:
When firewall is enabled other connected devices don't have access.
When firewall is disabled other connected devices have access.
When firewall is enabled and core> "(any app)" is checked other connected devices have access.

So i thought it must be some configuration issue by me. But now it gets confusing:
When firewall is enabled other connected devices don't have access, but google.com search works in browser (FF in my case). First i thought its from the cache, but searching something new works too. Nothing else loading.
Sounds like the secondary phone dont resolving dns correctly.

Can you help me? Do need some logs? From which device?

Thanks

@chrisrevoltes,
enable logs and see what packets are getting blocked. I see you have VPN enabled. Do you want the hotspot traffic through VPN ?
@Vpr2k1,
Same as above, enable logs and see what is getting blocked. You can add custom rule to fix it.
30th December 2018, 07:24 PM |#5114  
Junior Member
Thanks Meter: 1
 
More
@ukanth
For start the trial i need to set the Orbot checkbox near Tethering. But as i had wrote above, i can't do it. I have "Error applying iptables rules" (log screenshot attached in my previous post)
The Following User Says Thank You to Vpr2k1 For This Useful Post: [ View ] Gift Vpr2k1 Ad-Free
31st December 2018, 03:38 AM |#5115  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 4,942
 
Donate to Me
More
Quote:
Originally Posted by Vpr2k1

@ukanth
For start the trial i need to set the Orbot checkbox near Tethering. But as i has wrote above, i can't do it. I have "Error applying iptables rules" (log screenshot attached in my previous post)

It's a bug, I fixed it in this commit-> https://github.com/ukanth/afwall/com...3e76e1a3c5a1b3. You will be able to use it in the next version.
The Following 2 Users Say Thank You to ukanth For This Useful Post: [ View ]
31st December 2018, 06:18 AM |#5116  
Junior Member
Thanks Meter: 1
 
More
Quote:
Originally Posted by ukanth

It's a bug, I fixed it in this commit-> https://github.com/ukanth/afwall/com...3e76e1a3c5a1b3. You will be able to use it in the next version.

Sounds great! Aftet that i'll try again. And maybe we will see in log what the point, or maybe it will work after that fix
1st January 2019, 01:45 AM |#5117  
Senior Member
Thanks Meter: 875
 
More
Quote:
Originally Posted by ukanth

Welcome to official support page for AFWall+...

Happy New Years everyone
Friendly reminder for the New Year
XDA etiquette
If someone helps you, etiquette requires you thank the person that helped you.
The way to do that on XDA is tap the thanks button/icon or tap the Developer's donate link.
The Following User Says Thank You to Homeboy76 For This Useful Post: [ View ] Gift Homeboy76 Ad-Free
1st January 2019, 11:45 AM |#5118  
Member
Thanks Meter: 11
 
More
Quote:
Originally Posted by freakerload

Hello in Android 7 and 8 this lines in a script for wifi are working.
settings put global captive_portal_mode 0
settings put global captive_portal_detection_enabled 0
settings put global captive_portal_server localhost

But in my older phone with Android 6.0.1 this is not working.
Wifi not tuns on.

What must i do?

Very late answer, I'm not sure this will fix your problem (if you not already have done it yourself):
The following rule:
settings put global captive_portal_mode 0
is for android 7.x (onwards?). Try to remove it from your script.
1st January 2019, 09:00 PM |#5119  
Member
Thanks Meter: 4
 
More
Quote:
Originally Posted by Tomatot-

It was already added. Switching to blacklist mode and inverting my selection (so it shouldn't change anything in theory) made the trick somehow. I'll let you know if it's stable. Thanks for your support anyway!

Hello there,

I have had the somehow the same issue:

I have updated my device to Android 9.0.0 and afterwards to 9.0.1, with both versions I have the following situation. I use the system with AFWall+ and block every internet connection not necessary (whitelist). Everything works fine a couple of hours after activating the firewall. But suddenly the internet connection for some apps is partially rejected especially google play store --> downloading is blocked, the weather widget (only the widget, the app could) is not able to update data and my calendar and contacts are not able to become updated.
I can still surf or download mails, look for apps etc.
Even if the firewall is blocking no apps, it won't change behaviour.

And this will only stop for some time, if I deactivate and activate AFWall+ while internet is on and give shortly all permissions to "google play-services". There is no changing in behaviour, when I switch status with flymode on. Everything is fine as long as I don't change the permissions.

Did you have any ideas, what I could do? I tried "blacklist" and "whitelist" no change in behaviour.

BR
Axel
2nd January 2019, 12:26 PM |#5120  
Senior Member
Thanks Meter: 42
 
More
Hello, any idea why i need to manually apply the rules every reboot?.

Mi A2 lite.
I am rooted with magisk 18.
I am on HavocOS with permisive Selinux.
I use adguard via proxy.
3rd January 2019, 01:35 AM |#5121  
hypern0va's Avatar
Senior Member
Flag Italy
Thanks Meter: 122
 
More
Still no one encountering problems with the WiFi hotspot? Devices connected to my hotspot have no internet connection until I disable AFWall. I hoped that it would've got even incidentally fixed with the updates but it didn't up to now.

I'm in whitelist mode with, among others, Android System, Linux kernel and DHCP+DNS services having full internet access.
The Following User Says Thank You to hypern0va For This Useful Post: [ View ] Gift hypern0va Ad-Free
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes