FORUMS

[5.0+][ROOT][3.4.0] AFWall+ IPTables Firewall [9 FEB 2020]

1,465 posts
Thanks Meter: 5,038
 
By ukanth, Recognized Developer on 26th October 2012, 05:41 PM
Post Reply Email Thread
30th November 2019, 07:47 AM |#5681  
Member
Thanks Meter: 7
 
More
hello. i seem to be having a weird problem with afwall. i have recently noticed that when i connect to a specific wifi network (have only noticed this on one wifi network so far, not sure if its occuring on others) the afwall rules just dont work at all whatsover. i am using it as whitelist mode and everything works fine but i noticed on this one specific home wifi network all the apps that i have selected to only allow on VPN connect and have internet access whether im connected to VPN or not connected to VPN. its weird because on other wifi networks EVERYTHING WORKS PERFECTLY AS IT SHOULD, the apps only work if my VPN connection is up and STOP working as soon as the VPN disconnects.

I have replicated this issue on every single custom rom i have tried on this device based on android 8.1 and 9.0 (have not tried on stock though). im running
Magisk 20.1
xposed-magisk module

I tried to enable logs in afwall but nothing shows up in the logs. i have never once been able to get logs to work on afwall. i go to prefrences > log > and i check "Turn on log service" but i never see anything in "View logs", it always says its empty.

anyone have any idea or similiar experience and anything i can do or send over for debug (other than afwall logs since they dont seem to turn on for me)?
3rd December 2019, 01:34 PM |#5682  
[] AL []'s Avatar
Recognized Contributor
Thanks Meter: 4,630
 
More
Tinny intermittent issue: the popup showing when rules are applied sometimes would not show the :
"Applying rule x of y" part - see pic.

Rules are applied anyway, so this seems like just a visual bug.... I do have a Sustratum theme applied to AFW+, but I just tried turning if off and issue is stiil happening (maybe half the time).

Latest OOS 9 OS (not 10) and AFW+ version.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20191203-082321.jpg
Views:	268
Size:	83.9 KB
ID:	4892973  
The Following 2 Users Say Thank You to [] AL [] For This Useful Post: [ View ] Gift [] AL [] Ad-Free
4th December 2019, 12:49 AM |#5683  
IronTechmonkey's Avatar
Recognized Contributor
Thanks Meter: 8,647
 
More
Quote:
Originally Posted by [

AL [];81090857]Tinny intermittent issue: the popup showing when rules are applied sometimes would not show the :
"Applying rule x of y" part - see pic.

Rules are applied anyway, so this seems like just a visual bug.... I do have a Sustratum theme applied to AFW+, but I just tried turning if off and issue is stiil happening (maybe half the time).

Latest OOS 9 OS (not 10) and AFW+ version.

Occurs to me in LOS 15 (Oreo) with Magisk as well. Additionally; after it has occurred, then sometimes when I manually apply rules it seems as if it's going through them more than once... as if the previous application of rules was incomplete and rerun along with the manual application of the rules. Some mental lint In my neural net says this might have to do with clogged root requests but that memory is as fuzzy as lint can be.
The Following User Says Thank You to IronTechmonkey For This Useful Post: [ View ] Gift IronTechmonkey Ad-Free
4th December 2019, 11:12 PM |#5684  
Knoth's Avatar
Senior Member
Thanks Meter: 20
 
More
Why, despite disabling the Internet for system applications, do they still leak data? Thanks.
5th December 2019, 08:52 AM |#5685  
Member
Thanks Meter: 7
 
More
Quote:
Originally Posted by sabotage154

hello. i seem to be having a weird problem with afwall. i have recently noticed that when i connect to a specific wifi network (have only noticed this on one wifi network so far, not sure if its occuring on others) the afwall rules just dont work at all whatsover. i am using it as whitelist mode and everything works fine but i noticed on this one specific home wifi network all the apps that i have selected to only allow on VPN connect and have internet access whether im connected to VPN or not connected to VPN. its weird because on other wifi networks EVERYTHING WORKS PERFECTLY AS IT SHOULD, the apps only work if my VPN connection is up and STOP working as soon as the VPN disconnects.

I have replicated this issue on every single custom rom i have tried on this device based on android 8.1 and 9.0 (have not tried on stock though). im running
Magisk 20.1
xposed-magisk module

I tried to enable logs in afwall but nothing shows up in the logs. i have never once been able to get logs to work on afwall. i go to prefrences > log > and i check "Turn on log service" but i never see anything in "View logs", it always says its empty.

anyone have any idea or similiar experience and anything i can do or send over for debug (other than afwall logs since they dont seem to turn on for me)?

just wanted to update this maybe it will help someone in the future:
it appears like the issue with the wifi network that is bypassing afwall is that the wifi network is an ipv6 network. so certain apps that support ipv6 get access to the internet on the wifi IPv6 network even when afwall is activated but afwall still blocks any apps that use ipv4. I changed some settings and it appears like it is now blocking connections on the ipv6 wifi network i was having issues with.
I did the following:

Preferences > Rules/Connectivity
scroll to the bottom "IPv6 Chains"
IPv6 Support : if checked: from what can tell this actually allows ipv6 connections thru afwall (please correct me if im wrong)
Only Control IPv6 chains : i checked this and it allowed me to modify the following settings:
INPUT Chain (IPv6) : I set this to BLOCK incoming connections
OUTPUT Chain (IPv6) : i set this to BLOCK outgoing connections
FORWARD Chain (IPv6) : i set this to BLOCK forwarding connections

I played around with different settings but those settings there appeared to make my afwall rules work the same on IPv6 wifi network as they do on IPv4 wifi network. I beleive it just BLOCKS all IPv6 traffic since i think rules cant be set for IPv6 traffic in afwall.

Can anyone confirm:
IS THIS THE CORRECT WAY TO BLOCK IPV6 networks in afwall?
The Following User Says Thank You to sabotage154 For This Useful Post: [ View ] Gift sabotage154 Ad-Free
5th December 2019, 02:55 PM |#5686  
Member
Flag Mannheim
Thanks Meter: 25
 
More
Quote:
Originally Posted by sabotage154

just wanted to update this maybe it will help someone in the future:
it appears like the issue with the wifi network that is bypassing afwall is that the wifi network is an ipv6 network. so certain apps that support ipv6 get access to the internet on the wifi IPv6 network even when afwall is activated but afwall still blocks any apps that use ipv4. I changed some settings and it appears like it is now blocking connections on the ipv6 wifi network i was having issues with.
I did the following:

Preferences > Rules/Connectivity
scroll to the bottom "IPv6 Chains"
IPv6 Support : if checked: from what can tell this actually allows ipv6 connections thru afwall (please correct me if im wrong)
Only Control IPv6 chains : i checked this and it allowed me to modify the following settings:
INPUT Chain (IPv6) : I set this to BLOCK incoming connections
OUTPUT Chain (IPv6) : i set this to BLOCK outgoing connections
FORWARD Chain (IPv6) : i set this to BLOCK forwarding connections

I played around with different settings but those settings there appeared to make my afwall rules work the same on IPv6 wifi network as they do on IPv4 wifi network. I beleive it just BLOCKS all IPv6 traffic since i think rules cant be set for IPv6 traffic in afwall.

Can anyone confirm:
IS THIS THE CORRECT WAY TO BLOCK IPV6 networks in afwall?

I am not sure if this is THE right way, but I didn't found any issues so far with that config:
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20191205-155137.png
Views:	296
Size:	224.3 KB
ID:	4894583  
6th December 2019, 02:04 PM |#5687  
TiTiB's Avatar
Senior Member
Thanks Meter: 419
 
More
Quote:
Originally Posted by chrisrevoltes

I am not sure if this is THE right way, but I didn't found any issues so far with that config:

By 'that' do you mean as configured in the attached pic? or the configuration setup that you quoted?
6th December 2019, 06:56 PM |#5688  
Member
Thanks Meter: 21
 
More
Quote:
Originally Posted by chrisrevoltes

I am not sure if this is THE right way, but I didn't found any issues so far with that config:

As far as I've understood, they way you've set it up (me, too) means that AFWall will create a corresponding IPv6 rule for every app that is selected as blocked (or allowed, for that matter). So if you've enabled IPv6 support in AFWall, whatever app you block or allow, that setting would affect both its IPv4 and IPv6 channel.
7th December 2019, 05:26 AM |#5689  
Senior Member
Thanks Meter: 16
 
More
For posterity (in hopes it might be useful to someone in the future)
I just switched to Android 10 and reinstalled Afwall - and copied over the rules from 9. After a while, I noticed that WiFi connection is working but keeps saying "no internet"
After looking at logcat, I found
Code:
12-06 21:12:58.825  1938  2951 D NetworkMonitor/105: PROBE_HTTPS https://www.google.com/generate_204 Probe failed with exception java.net.ConnectException: Failed to connect to www.google.com/216.58.194.196:443
12-06 21:12:58.850  1938  2952 D NetworkMonitor/105: PROBE_HTTP http://connectivitycheck.gstatic.com/generate_204 Probe failed with exception java.net.ConnectException: Failed to connect to connectivitycheck.gstatic.com/216.58.194.163:80
Apparently I needed to allow
Code:
NetworkStack, com.android.server.NetworkPermissionConfig
to have internet access
The Following User Says Thank You to Fry-kun For This Useful Post: [ View ] Gift Fry-kun Ad-Free
7th December 2019, 07:39 AM |#5690  
Member
Thanks Meter: 7
 
More
Quote:
Originally Posted by chrisrevoltes

I am not sure if this is THE right way, but I didn't found any issues so far with that config:

the way in your screenshot actually ALLOWS IPV6 to bypass afwall on my device. The only way i have been able to successfully block IPV6 on my device is via the attached screenshot. hope that helps.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20191207-013138.png
Views:	566
Size:	111.0 KB
ID:	4895753  
The Following User Says Thank You to sabotage154 For This Useful Post: [ View ] Gift sabotage154 Ad-Free
7th December 2019, 01:12 PM |#5691  
Member
Flag Mannheim
Thanks Meter: 25
 
More
Quote:
Originally Posted by Hiroo Onoda

As far as I've understood, they way you've set it up (me, too) means that AFWall will create a corresponding IPv6 rule for every app that is selected as blocked (or allowed, for that matter). So if you've enabled IPv6 support in AFWall, whatever app you block or allow, that setting would affect both its IPv4 and IPv6 channel.

Exactly what I was thinking.

Maybe @ukanth can clarify that.
Post Reply Subscribe to Thread

Tags
block internet, droidwall, firewall, iptables, security

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes