FORUMS
Remove All Ads from XDA

[5.0+][ROOT][3.2.0-BETA-2] AFWall+ IPTables Firewall [16 OCT 2019]

1,426 posts
Thanks Meter: 4,782
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
27th July 2019, 12:23 AM |#5481  
Junior Member
Thanks Meter: 0
 
More
Problems with AFWall+ split apks
First of all, thanks for the APP, it's really good

I have a small problem, some APPs are blocked but not displayed, so I can't configure / unblock them.

Enclosed is the config and an exact error description. If anyone has a good tip I would be grateful

OnePlus 6 with microg Lineage 16 latest version
Yalp store
SAI Split APKs Installer

The Yalp store downloads some APPs only as Split APKs, which I can only install via detours (e.g. SAI).

These APPs are blocked by AFWall+, but not displayed in the config menu
The blocked apps are displayed in the logs.

Since I also use Shelter I have activated the Multiuser Mode as well as the Dual Apps Support.
28th July 2019, 12:49 PM |#5482  
Senior Member
Thanks Meter: 8
 
More
Hi,

first let me use this post to thank the developer for for this great App! I also will send a donation soon!

Can someone tell me how the Log Setting "show hostname" in AFWall+ works and if it is worth installing the proprietary unlock-apk?
It would be nice to see what FQDN the Apps contact but does it work well?
Does AFWall+ Capture the actual DNS Requests of the Apps?
Or is it just a DNS PTR Reverse-Lookup?
28th July 2019, 01:49 PM |#5483  
darfri's Avatar
Senior Member
Thanks Meter: 43
 
More
Hello. I would like to have a magisk module access my local net. Allowing "running as root" is too broad. Even allowing everything to a certain ip(+port!) would be good. Custom script?
3rd August 2019, 12:20 PM |#5484  
Senior Member
Thanks Meter: 55
 
More
I have nordvpn running on my android 9 with vpn control Enabled in afwall(3.2.0), connections are just fine everywhere except on google play, keeps telling me there's no connection eventhough it's allowed to communicate over VPN. Any ideas?
3rd August 2019, 01:35 PM |#5485  
Member
Thanks Meter: 9
 
More
custom scripts timeout
I'm wondering if there is any timeout implemented for execution of custom scripts?
Because on my older phone, that is considerable slower, AFWall+ throws an error at the end of the second one, but I have three.
If it is, could the developer increase this timeout or even better make an option to allow the user to configure it himself, please?
11th August 2019, 12:35 AM |#5486  
TiTiB's Avatar
Senior Member
Thanks Meter: 274
 
More
Anyone having this issue on every reboot?

Code:
android.app.RemoteServiceException: Context.startForegroundService() did not then call Service.startForeground(): ServiceRecord{e572d61 u0 dev.ukanth.ufirewall/.service.LogService}
	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1883)
	at android.os.Handler.dispatchMessage(Handler.java:106)
	at android.os.Looper.loop(Looper.java:214)
	at android.app.ActivityThread.main(ActivityThread.java:7075)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:965)
Started a few days ago, after months of error-free use.

Samsung Galaxy Tab S5e (SM-T720)
Android 9
Magisk 19.3 Manager 7.3.2
Riru - EdXposed v0.4.5.1_beta (4463) (YAHFA)
AFWall+ 3.2.0 beta
14th August 2019, 01:57 AM |#5487  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by TiTiB

Anyone having this issue on every reboot?

When you get these errors, is AFWall+ not starting properly at boot time? If so I'm seeing similar issues where it's not starting properly during at boot and blocked apps are gaining access during this time. I can't check the logs atm but I might see if I'm also getting similar errors later...Pretty much the same setup as you software wise, but phone is a Xiaomi Mi Mix 2S.
The Following User Says Thank You to silkyriver For This Useful Post: [ View ] Gift silkyriver Ad-Free
14th August 2019, 08:05 AM |#5488  
TiTiB's Avatar
Senior Member
Thanks Meter: 274
 
More
Quote:
Originally Posted by silkyriver

When you get these errors, is AFWall+ not starting properly at boot time? If so I'm seeing similar issues where it's not starting properly during at boot and blocked apps are gaining access during this time. I can't check the logs atm but I might see if I'm also getting similar errors later...Pretty much the same setup as you software wise, but phone is a Xiaomi Mi Mix 2S.

It still blocks apps and otherwise performs normally. Hadn't thought about it leaking data at boot...gotta look in to this. Trying out boot scripts to grab first minute or so of log.
14th August 2019, 01:07 PM |#5489  
Senior Member
Thanks Meter: 8
 
More
I have some questions regarding IPv6.
I would prefer to disable IPv6 on my phone completely but this does not seem to work reliable as the system settings in /proc/sys/net/ipv6/ are changed in the background while wifi is enabled/disabled etc.
So at least I want to make sure that all my app policies also apply to IPv6 and that there is no IPv6 Traffic allowed for apps, which are supposed to be denied internet access.

I am not sure about the meaning of some options/settings:
1) "ipv6 support"
1.1) "disabled" means that AFWall+ ignores any IPv6 traffic and denied apps can bypass the ipv4 policy by using ipv6? Or does afwall+ block any ipv6 traffic in that case?
1.2) "enabled" means that AFWall+ Applies the same policies to ipv6 traffic as tp ipv4 traffic?
2) "only control IPv6 Chains" What does this setting do? What is the difference to enabling "ipv6 support"?
3) I am also wondering that the AFWall+ log only displays blocked ipv4 addresses and no ipv6 addresse at all. (no matter if "ipv6 support" is enabled or disabled) Is IPv6 traffic not logged or does it bypass afwall+?
15th August 2019, 11:06 AM |#5490  
Member
Flag lawrence
Thanks Meter: 11
 
More
Quote:
Originally Posted by topaza

:
1) "ipv6 support"
1.1) "disabled" means that AFWall+ ignores any IPv6 traffic and denied apps can bypass the ipv4 policy by using ipv6? Or does afwall+ block any ipv6 traffic in that case?
1.2) "enabled" means that AFWall+ Applies the same policies to ipv6 traffic as tp ipv4 traffic?
2) "only control IPv6 Chains" What does this setting do? What is the difference to enabling "ipv6 support"?
3) I am also wondering that the AFWall+ log only displays blocked ipv4 addresses and no ipv6 addresse at all. (no matter if "ipv6 support" is enabled or disabled) Is IPv6 traffic not logged or does it bypass afwall+?

First off check of you are using ipv6 with your 4g provider and WiFi connection.
AFAIK (checked against iptables and ip6tables)
1) should turn on ipv6 rules I do not see a diffrence in the command line
2) this changes the default settings for the firewall chain like the ipv4 settings above in the setting panel
3) sorry I use free version (should switch to the paid just lazy)

If I can make a request that the firewall can change profiles based on a app in other words if you have a banking profile when you turn on your banking app afwall will switch to the appropriate profile (checking the uid for usage)
18th August 2019, 08:39 PM |#5491  
Senior Member
Thanks Meter: 8
 
More
Quote:
Originally Posted by topaza

I have some questions regarding IPv6.
I would prefer to disable IPv6 on my phone completely but this does not seem to work reliable as the system settings in /proc/sys/net/ipv6/ are changed in the background while wifi is enabled/disabled etc.
So at least I want to make sure that all my app policies also apply to IPv6 and that there is no IPv6 Traffic allowed for apps, which are supposed to be denied internet access.

I am not sure about the meaning of some options/settings:
1) "ipv6 support"
1.1) "disabled" means that AFWall+ ignores any IPv6 traffic and denied apps can bypass the ipv4 policy by using ipv6? Or does afwall+ block any ipv6 traffic in that case?
1.2) "enabled" means that AFWall+ Applies the same policies to ipv6 traffic as tp ipv4 traffic?
2) "only control IPv6 Chains" What does this setting do? What is the difference to enabling "ipv6 support"?
3) I am also wondering that the AFWall+ log only displays blocked ipv4 addresses and no ipv6 addresse at all. (no matter if "ipv6 support" is enabled or disabled) Is IPv6 traffic not logged or does it bypass afwall+?

I did some more testing and am still confused about these IPv6 settings...

With IPv6 support disabled I had trouble with CalDAV and CardDAV synchronization. I also could see AppID 1000 being blocked regularly in AFWall+ Logs.
With IPv6 support enabled, CalDAV and CardDAV synchronization suddenly worked without any issue. I also could not see AppID 1000 being blocked anymore.
So it feels like enabling IPv6 supports allows some traffic to invisibly bypass the firewall.

Maybe @ukanth can clarify how IPv6 support is supposed to work?
The Following 2 Users Say Thank You to topaza For This Useful Post: [ View ] Gift topaza Ad-Free
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes