FORUMS
Remove All Ads from XDA

[5.0+][ROOT][3.2.0-BETA] AFWall+ IPTables Firewall [03 JULY 2019]

1,424 posts
Thanks Meter: 4,765
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
30th June 2019, 06:25 AM |#5421  
Senior Member
Thanks Meter: 686
 
More
Is AFWall+ working fine on Android Q Beta4? Anyone running it on Q yet? With root now available, the last hurdle is gone for Q4. But I am afraid some apps will be broken.

@ukanth: have you looked at Q4 yet to see if you need to make some changes in the app?
 
 
30th June 2019, 02:53 PM |#5422  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 4,765
 
Donate to Me
More
Quote:
Originally Posted by devsk

Is AFWall+ working fine on Android Q Beta4? Anyone running it on Q yet? With root now available, the last hurdle is gone for Q4. But I am afraid some apps will be broken.

@ukanth: have you looked at Q4 yet to see if you need to make some changes in the app?

Haven't tested yet. I will check it when I get some time. Thanks
The Following 3 Users Say Thank You to ukanth For This Useful Post: [ View ]
2nd July 2019, 05:13 PM |#5423  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 4,765
 
Donate to Me
More
Just released a new beta of AFWall+ for Beta testers on playstore and github. You can find changelog here https://github.com/ukanth/afwall/rel...ag/v3.2.0-BETA.
The Following 20 Users Say Thank You to ukanth For This Useful Post: [ View ]
3rd July 2019, 03:28 AM |#5424  
Senior Member
Flag Berkhamsted
Thanks Meter: 13
 
More
Quote:
Originally Posted by ukanth

Just released a new beta of AFWall+ for Beta testers on playstore and github. You can find changelog here https://github.com/ukanth/afwall/rel...g/v3.2.0-BETA.

Barfed immediately after upgrading in Play Store. Rolled back to pevious beta everything OK. Downloaded apk from github and installed and immediate barf.

Cleared data and cache in System and it loads. Restore saved profile from previous beta and it barfed.

Had to reset everything from scratch which was a PIA but one of the joys of being a beta tester

HTH

---------- Post added at 03:28 AM ---------- Previous post was at 03:26 AM ----------

Should have added I'm on a Pixel C running Lineageos 16
3rd July 2019, 07:41 AM |#5425  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by mark_at

Rooted, yes. With Magisk. Miui ROM. Android pie. EdXposed.

My phone is not rooted
3rd July 2019, 10:36 AM |#5426  
Senior Member
Thanks Meter: 122
 
More
Quote:
Originally Posted by brackenhill_mob

Barfed immediately after upgrading in Play Store. Rolled back to pevious beta everything OK. Downloaded apk from github and installed and immediate barf.

Cleared data and cache in System and it loads. Restore saved profile from previous beta and it barfed.

Had to reset everything from scratch which was a PIA but one of the joys of being a beta tester

HTH

---------- Post added at 03:28 AM ---------- Previous post was at 03:26 AM ----------

Should have added I'm on a Pixel C running Lineageos 16

Yes, me too. The only solution not to start from scratch was to restore previous version, backup only rules and then after updating restore only them.
The new version crashes if you restore a profile backup.
Other than that, it seems to be working fine.
The Following User Says Thank You to kost7 For This Useful Post: [ View ] Gift kost7 Ad-Free
4th July 2019, 09:32 PM |#5427  
Member
Thanks Meter: 9
 
More
allow/block
Should (except "[-10] same as selecting all apps") inverting rules selection and changing from allow to block (or the opposite) be equivalent?
Because on my Xiaomi Mi 9 SE with MIUI 10.2.2 Global it isn't. With block everything works as expected, while with allow no application has access.
It looks like there is something not listed in the app list that needs explicit access consent, otherwise nothing works. Could it be?
5th July 2019, 11:23 AM |#5428  
Member
Flag lawrence
Thanks Meter: 11
 
More
Quote:
Originally Posted by jeffshead

Can someone please tell me if it is possible to allow IPv6 for only VoLTE? Or instead of blocking all IPv6, just block it for Internet browsing so I am issued an easily identifiable IPv4 IP address instead of an IPv6 IP. If either option is feasible, what changes do I need to make to my script? Also, does turning off IPv6 cause other issues that I'm not aware of
J

Since all the network traffic passes through rmmet connections you cannot turn off ipv6 for all of them but as far as I know volte runs on only one of them newly rmnet_data0 hear is how to check
Turn off mobile data
Run this in a terminal ifconfig and see the interfaces
Turn on mobile data and check again the interface that is on when data if off is volte then change the script accordingly to all other network interfaces except that one.
I do not know why you want to have a ipv4 olny since ipv6 is more secure especially for browsing. Only for certain uses you can use ipytables for ipv6 to only certain apps and or protocols. If you need more help ask.
7th July 2019, 07:44 AM |#5429  
Senior Member
Flag Bielefeld
Thanks Meter: 207
 
More
Quote:
Originally Posted by onkeljoe

Hi,

I figured out that the IP tables rules are not working if wireguard and afwall are both active. Afwall and wireguard on its own are running like a charme.

VPN and apps running as root are allowed in afwall. It doesn't matter which app is started first.

What is the problem here?

Rename your wireguard interface to something starting with 'tun', then afwall+ recognizes the connenction as a vpn.
7th July 2019, 03:18 PM |#5430  
Member
Thanks Meter: 9
 
More
iptables name resolution
Quote:
Originally Posted by mocarela

Should (except "[-10] same as selecting all apps") inverting rules selection and changing from allow to block (or the opposite) be equivalent?
Because on my Xiaomi Mi 9 SE with MIUI 10.2.2 Global it isn't. With block everything works as expected, while with allow no application has access.
It looks like there is something not listed in the app list that needs explicit access consent, otherwise nothing works. Could it be?

This was while I had configured connection with DHCP. Once I have set it up using static IP everything started to work as expected, but I would still like to hear an explanation if somebody knows why does it behave like that.

Now I have another problem.
I'm using custom scripts in order to apply rules with more detail than just completely allow or disallow an application access through a selected interface. The problem I'm facing (and doesn't occur with DroidWall) is that when creating a rule specifying a hostname instead of an IP address, such rule doesn't get applied. However, if I execute the same command in the shell after AFWall+ finishes doing its job (i.e. applying rules), the rule is configured as expected.

e.g.: iptables -I afwall-wifi-wan 14 -m owner --uid-owner 10185 -d hostname -j RETURN

What concerns AFWall+ binaries used they are configured by default (auto/built-in). Also... IPv6 functionality is not enabled.

BTW: I noticed that before global rejection rule there is a general DNS allow for root rule set up that I haven't configured. Why?

38 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0
8th July 2019, 03:51 PM |#5431  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 4,765
 
Donate to Me
More
Has anyone tried latest beta ( I fixed and reuploaded after the crash reports) ? Any feedback ?
The Following User Says Thank You to ukanth For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes