I got droidwall running on the SGY.
Please first read the whole post. I add changes at the end of it.
Here's what I did:
1. follow this great tut from irfanbagus. Thanks a lot irfanbagus!
2. After running "make bcm21553_totoro_05_defconfig", set this in .config:
and continue irfanbagus's steps
3. Install the new boot.img, e.g. via mai77's method as shown here
4. Profit! (as in: use droidwall )
Alternatively the changes in .config could be set in cm21553_totoro_05_defconfig or via make menuconfig
If you don't have your boot.img as a normal file, run this in adb, then pull the file:
dd if=/dev/block/bml7 of=/data/local/boot.img
I was surprised that there was no such modified kernel till now. Maybe this is because the TARGET_REJECT option is essential but only XT_MATCH_OWNER is largely discussed when dealing with droidwall.
See attachment (mikstev_SGY_Kernel_netfilter_for_droidwall_boot.i mg.zip) for a boot.img with only these modifications.
Please test and report. I only tested blacklist/whitelist mode with Google Play blocked/allowed on Wifi connection, but it worked.
Edit 1: I've added the necessary (and probably some more) modules so that droidwall's logging works. Use the second attached file instead the first one.
Here are the changes I made, compared to normal .config:
I guess the first two aren't necessary but I didn't bother to check every single module if it's the correct one which droidwall needs for logging. However this shouldn't matter anyway. See mikstev_SGY_Kernel_netfilter_for_droidwall_with_lo g_boot.img.zip
Edit 2: Due to request I've added init.d support to the latest release. Thanks irfanbagus! See mikstev_SGY_Kernel_droidwall_initd_boot.img.zip
Edit 2.5: Seems only the following modules are required but that only as a side note:
Edit 3: New method for adding init.d support to a (newest) boot.img, with kernel modules for droidwall (+logging) and init.d scripts to load these modules. Please read the readme, if you have questions, post here. Special thanks to irfanbagus See mikstev_add_initd_to_boot.img__kernel_modules_init d_scripts_for_droidwall.zip
Edit 4: Thanks to an idea by irfanbagus and another tutorial to include init.d support by kurotsugi, here's another release. Adding init.d support is now easier with kurotsugi's method plus there's a update.zip (modules_droidwall_signed.zip) which does the other steps for you (copying the modules, init.d scripts and applying the correct permissions for these files). NOTE: this update.zip is yet untested. If you test it please report. See mikstev_add_initd_to_boot.img__kernel_modules_init d_scripts_for_droidwall_v2.zip
Edit 5: The update.zip from edit 4 seems to work. If you're using a kernel with init.d support you only need to install the update.zip and it should work fine.