FORUMS
Remove All Ads from XDA

[5.0+][ROOT][3.2.0-BETA] AFWall+ IPTables Firewall [03 JULY 2019]

1,424 posts
Thanks Meter: 4,764
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
11th May 2013, 09:55 AM |#1001  
Account currently disabled
Thanks Meter: 50
 
More
Quote:
Originally Posted by PonsAsinorem

@ukanth Any thoughts on how Google Play License Check access the network? More info at: http://forum.xda-developers.com/show...&postcount=914

Basically the app queries Google Play and Google Play queries Google and the response is being cached with the app's data.
If a LVL proxy is involved things get more complicated.

But more important: Did you also allow the kernel?
 
 
11th May 2013, 07:19 PM |#1002  
justthefacts's Avatar
Senior Member
Thanks Meter: 852
 
More
Regarding Android OS leak.
I installed Network Log app just to see if I can investigate this further and it turned out that all the leaks happen during the start up.
Android OS does not pass the Afwall after the start up.

I have Nexus 4 and have "fix Device Start Rules" checked


Edit: Android OS DOES pass Afwall after start up. So does Root.
Edit 2: I have to start all over again because I did not have the correct settings in Network Log. It showed all attempted transmissions. Now I have it on the transmissions that do pass the firewall. My bad. I will report my results.
Edit 3: Network Log no longer registers any trafic through Afwall but again that don't mean anything because by the time it gets loaded at start up the damage has already been done.
I am assuming that All the leaking happens during the start up. Sorry for the useless post....
I will let you know if Network Log will catch any Android OS leaks while the phone is up and running

Edit 4: While Data traffic in the phone settings shows the Android OS has used 5 KB after the start up, Network Log shows no leaks through the Firewall. i can not assume that phone setting is showing the attempted and the actual traffic because if that was the case then it should show all other apps attempted which it is not...
Started Maps which could not connect because it is blocked in AFwall. The phone settings says that maps has transmitted 572 KB of data but network Log says that it has not transmitted any data.
started the browser which is allowed by AFwall and Network log reported it along with the root and the kernel accessing the internet.
Is the data usage in the phone settings showing all attempted and successful access?


.
11th May 2013, 09:37 PM |#1003  
GermainZ's Avatar
Inactive Recognized Developer / Retired Forum Moderator
Thanks Meter: 8,914
 
More
If you're trying to see what is connecting, just read what's in /proc/uid_stat/. It resets every boot and you can be sure it's accurate.
The Following User Says Thank You to GermainZ For This Useful Post: [ View ] Gift GermainZ Ad-Free
11th May 2013, 10:34 PM |#1004  
justthefacts's Avatar
Senior Member
Thanks Meter: 852
 
More
Quote:
Originally Posted by GermainZ

If you're trying to see what is connecting, just read what's in /proc/uid_stat/. It resets every boot and you can be sure it's accurate.

Thanks for the info. It matches the info I get from Network Log
The only thing that I have enabled in AFwall is the browser. but when I launch Maps, it shows that Maps has used 36 KB. does it mean that there is a leak? Although Network Log does not show any usage from the Maps.
12th May 2013, 03:30 AM |#1005  
zman519's Avatar
Senior Member
Flag the Land of Beer & Cheese
Thanks Meter: 252
 
More
I am having problems with torrents. utorrent and bittorrent apps don't seem to work with the firewall on.

Can any one help? What kinda logs should I post.

Sent from my oversized ComBadge
12th May 2013, 06:58 PM |#1006  
Senior Member
Thanks Meter: 2,073
 
More
Quote:
Originally Posted by ukanth

It could be because of the required port is blocked ( whitelist ). Is it working in the blacklist mode ?

It didn't because the app wasn't declaring the use internet permission, so I couldn't allow/deny it.

Quote:
Originally Posted by pathologo

Basically the app queries Google Play and Google Play queries Google and the response is being cached with the app's data.
If a LVL proxy is involved things get more complicated.

But more important: Did you also allow the kernel?

Yes, I allowed the kernel. I figured that's how it works, but was just checking. But now they've added the use internet permission (so I've added it to be allowed in AFWall+), and everything is now working as expected.

Trickster MOD: About the new internet permission
16th May 2013, 06:17 PM |#1007  
ukanth's Avatar
OP Recognized Developer
Thanks Meter: 4,764
 
Donate to Me
More
Hello All,

Here is the quick preview of the upcoming version of AFWall+ v1.2.5

* Added Tether support. (Thanks to cernekee)
* Added LAN/WAN support. (Thanks to cernekee)
* Added Import from DroidWall (from Donate Version !)
* Fixed issue with special applications not showing in different color(system apps) (Thanks to cernekee)
* Fixed issue with preferences for defauly system application picker (Thanks to cernekee)
* Fixed issue with Language preferences default(Thanks to cernekee)
* Lots of code refactor/bug fixes (Again Thanks to cernekee!)
* Fixed issue with multiline in search text.
* Minor UI changes on the application list
* Fixed issue with application loading

I'm still working on customizable iptables/busybox binary along with NFLOG for newer devices. It might take one or 2 weeks.

Google introduced new alpha/beta testing feature on playstore. I'll create a afwall google+ group, so that if any one interest, you can join to get alpha/beta preview version.


Also in the new version INTERNET_PERMISSIONS will be added because of API limitation to get interfaces for older devices.
The Following 8 Users Say Thank You to ukanth For This Useful Post: [ View ]
16th May 2013, 06:27 PM |#1008  
Member
Thanks Meter: 6
 
More
Wink
Quote:
Originally Posted by ukanth

Hello All,

Here is the quick preview of the upcoming version of AFWall+ v1.2.5

Any chance of a pre-release build? Nightlies?
16th May 2013, 06:41 PM |#1009  
GermainZ's Avatar
Inactive Recognized Developer / Retired Forum Moderator
Thanks Meter: 8,914
 
More
Quote:
Originally Posted by ren0.1

Any chance of a pre-release build? Nightlies?

Read the line before the last. :|
The Following User Says Thank You to GermainZ For This Useful Post: [ View ] Gift GermainZ Ad-Free
16th May 2013, 07:48 PM |#1010  
User_99's Avatar
Senior Member
Thanks Meter: 1,108
 
More
German translation updated
The Following User Says Thank You to User_99 For This Useful Post: [ View ] Gift User_99 Ad-Free
16th May 2013, 08:31 PM |#1011  
Member
Thanks Meter: 6
 
More
Quote:
Originally Posted by GermainZ

Read the line before the last. :|

Whoops. Thanks for pointing that out.
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes