FORUMS

[CUSTOM][KERNEL][HOWTO] Droidwall on the Samsung Galaxy Y

115 posts
Thanks Meter: 45
 
By mikstev, Senior Member on 29th April 2012, 07:28 PM
Post Reply Email Thread
Hi there
I got droidwall running on the SGY.

Please first read the whole post. I add changes at the end of it.

Here's what I did:

1. follow this great tut from irfanbagus. Thanks a lot irfanbagus!

2. After running "make bcm21553_totoro_05_defconfig", set this in .config:
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y
and continue irfanbagus's steps

3. Install the new boot.img, e.g. via mai77's method as shown here

4. Profit! (as in: use droidwall )

Notes:
Alternatively the changes in .config could be set in cm21553_totoro_05_defconfig or via make menuconfig
If you don't have your boot.img as a normal file, run this in adb, then pull the file:
dd if=/dev/block/bml7 of=/data/local/boot.img
I was surprised that there was no such modified kernel till now. Maybe this is because the TARGET_REJECT option is essential but only XT_MATCH_OWNER is largely discussed when dealing with droidwall.

See attachment (mikstev_SGY_Kernel_netfilter_for_droidwall_boot.i mg.zip) for a boot.img with only these modifications.

Please test and report. I only tested blacklist/whitelist mode with Google Play blocked/allowed on Wifi connection, but it worked.

Edit 1: I've added the necessary (and probably some more) modules so that droidwall's logging works. Use the second attached file instead the first one.
Here are the changes I made, compared to normal .config:
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y

I guess the first two aren't necessary but I didn't bother to check every single module if it's the correct one which droidwall needs for logging. However this shouldn't matter anyway. See mikstev_SGY_Kernel_netfilter_for_droidwall_with_lo g_boot.img.zip

Edit 2: Due to request I've added init.d support to the latest release. Thanks irfanbagus! See mikstev_SGY_Kernel_droidwall_initd_boot.img.zip

Edit 2.5: Seems only the following modules are required but that only as a side note:
CONFIG_NETFILTER_XT_MATCH_OWNER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y

Edit 3: New method for adding init.d support to a (newest) boot.img, with kernel modules for droidwall (+logging) and init.d scripts to load these modules. Please read the readme, if you have questions, post here. Special thanks to irfanbagus See mikstev_add_initd_to_boot.img__kernel_modules_init d_scripts_for_droidwall.zip

Edit 4: Thanks to an idea by irfanbagus and another tutorial to include init.d support by kurotsugi, here's another release. Adding init.d support is now easier with kurotsugi's method plus there's a update.zip (modules_droidwall_signed.zip) which does the other steps for you (copying the modules, init.d scripts and applying the correct permissions for these files). NOTE: this update.zip is yet untested. If you test it please report. See mikstev_add_initd_to_boot.img__kernel_modules_init d_scripts_for_droidwall_v2.zip

Edit 5: The update.zip from edit 4 seems to work. If you're using a kernel with init.d support you only need to install the update.zip and it should work fine.
The Following 20 Users Say Thank You to mikstev For This Useful Post: [ View ] Gift mikstev Ad-Free
30th April 2012, 02:41 AM |#2  
Senior Member
Thanks Meter: 507
 
More
good job. i know droidwall depend on other kernel features beside CONFIG_NETFILTER_XT_MATCH_OWNER. since i don't have plan to use droidwall, i don't bother to find it.
The Following 2 Users Say Thank You to irfanbagus For This Useful Post: [ View ] Gift irfanbagus Ad-Free
30th April 2012, 06:15 AM |#3  
bumslayer's Avatar
Senior Member
Flag Near you
Thanks Meter: 143
 
More
Profit indeed! It works! Good job, mikstev! I was able to block dolphin HD on my phone just to test if it works and it did, much to my delight!

And to irfanbagus as well for that wonderful guide on how to compile a kernel.

Great job, guys!
30th April 2012, 09:54 AM |#4  
OP Senior Member
Thanks Meter: 45
 
More
Now let's hope that all the other kernel developers include this small bit of configuration in their builts
30th April 2012, 10:32 AM |#5  
Member
Thanks Meter: 3
 
More
finally! ive been waiting for this for ages. thank you very muchhhh!

Sent from my GT-S5360 using xda premium
30th April 2012, 11:28 AM |#6  
OP Senior Member
Thanks Meter: 45
 
More
Logging doesn't work yet. I'll try the solution from highlandsun: http://forum.xda-developers.com/show...&postcount=357 tonight and upload new kernel if successful.
The Following User Says Thank You to mikstev For This Useful Post: [ View ] Gift mikstev Ad-Free
30th April 2012, 06:21 PM |#7  
devilrulz4ever's Avatar
Senior Member
Flag Mumbai
Thanks Meter: 146
 
More
No need for so much hassel
Just use "lbe privacy guard" (free in store) it has much more features than droidwall and it doesnt require any special kind of kernel.

Y u no press "thanks"!?
Sent from my GT-S5360 using XDA
30th April 2012, 06:25 PM |#8  
OP Senior Member
Thanks Meter: 45
 
More
Ok, logging works now, I'll upload the new kernel. See first post.
The Following 2 Users Say Thank You to mikstev For This Useful Post: [ View ] Gift mikstev Ad-Free
30th April 2012, 06:57 PM |#9  
OP Senior Member
Thanks Meter: 45
 
More
Quote:
Originally Posted by devilrulz4ever

No need for so much hassel
Just use "lbe privacy guard" (free in store) it has much more features than droidwall and it doesnt require any special kind of kernel.

Y u no press "thanks"!?
Sent from my GT-S5360 using XDA

It seems that there're at least some people who see this differently. Here're some of my reasons, why I prefer droidwall over LBE Privacy Guard:
- it's a good and easy to use firewall. Not more, nor less. That's what I want.
- no "hassel" (to use your words) with resticting internet access of "trusted" apps
- I did not find a way in LBE to block LBE from using internet. In the iptables rules created by Droidwall I can clearly see that droidwall is not allowed = blocked
30th April 2012, 07:31 PM |#10  
kurotsugi's Avatar
Senior Member
Flag yogyakarta
Thanks Meter: 1,815
 
More
@mikstev: I'm just curious...is it based on sgy's newest kernel?
30th April 2012, 07:39 PM |#11  
OP Senior Member
Thanks Meter: 45
 
More
I think so, the source code is the one mentioned in irfanbagus' post (update2) which I linked above.
The Following User Says Thank You to mikstev For This Useful Post: [ View ] Gift mikstev Ad-Free
Post Reply Subscribe to Thread

Tags
droidwall, galaxy y, kernel, s5360, sgy

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes