[5.0+][ROOT][3.6.0] AFWall+ IPTables Firewall [28 AUG 2023]

[eriol1]

I have these blocked, and practically all other system apps as well.
I can see lots of stuff getting blocked in the logs, but everything works fine

 

[Utini]

I have these blocked, and practically all other system apps as well.
I can see lots of stuff getting blocked in the logs, but everything works fine

Oh that is interesting. I didnt block kernel, root apps, or similiar cause I thought that would break everything instantly. Thanks I will try.

 

[iunlock]

Hello fellow AFWall+ users, I'm having VPN connectivity issues with AFWall+ enabled with Android 11. I tried everything. I've since rolled back to Android 10 and I'm having the same issues. It's driving me crazy.

With AFWall+ Enabled and with VPN connected, browsers work, but apps like Playstore does not work.

It's nothing that I have blocked either in AFWall+ I made sure of it.. in fact, I tested it by unchecking everything but one random non related thing to anything and the problem persists.

I was using the v3.5.0 beta and thought it had something to do with it being beta, but I've also tested on v3.4.0 and it's having the same issues.

Q: In Preferences-> Binaries ->

Iptables binary: Should this be set to Auto or choose one System or Built-in?

BusyBox binary: Should this be selected on Built-In or System?

Thanks for your help.

 

[temporarium]

Hello fellow AFWall+ users, I'm having VPN connectivity issues with AFWall+ enabled with Android 11. I tried everything. I've since rolled back to Android 10 and I'm having the same issues. It's driving me crazy.

With AFWall+ Enabled and with VPN connected, browsers work, but apps like Playstore does not work.

It's nothing that I have blocked either in AFWall+ I made sure of it.. in fact, I tested it by unchecking everything but one random non related thing to anything and the problem persists.

I was using the v3.5.0 beta and thought it had something to do with it being beta, but I've also tested on v3.4.0 and it's having the same issues.

Q: In Preferences-> Binaries ->

Iptables binary: Should this be set to Auto or choose one System or Built-in?

BusyBox binary: Should this be selected on Built-In or System?

Thanks for your help.

Try the whitelist method, only allowing what you need.

Also, it may be Google is sensing that you're using very different IPs to connect and is blocking your VPN. Try Aurora Store.

 

[iunlock]

Try the whitelist method, only allowing what you need.

Also, it may be Google is sensing that you're using very different IPs to connect and is blocking your VPN. Try Aurora Store.

Thanks for your response. Regarding the binaries and any other specifics settings that's recommended to use:

Q: In Preferences-> Binaries ->

Iptables binary: Should this be set to Auto or choose one System or Built-in?

BusyBox binary: Should this be selected on Built-In or System?

Thanks for your help.

 

[n0j0e]

hi, is the AFWall Xposed extension still functional for A11? Do we still need it for more security. I'm switched to the LSPosed Xposed variante and AFWall (still) didn't support the new app scope feature like GravityBox.
Which apps needs to be enabled in LSPosed for the AFWall module?

 

[Hiroo Onoda]

AFWall user here with Android 11, and unless I see a better app, I will keep using this one for sure.

 

[SilentDevGuy]

That's dangerous advice. When it comes to Android system, LineageOS, and Google stuff, how do you define "everything"? If you block everything some phones might brick on boot or just stop working.

Meanwhile the AFWall+ FAQ referenced above recommends leaving almost all system & google apps unblocked or risk restricted operation.

Blocking stuff in afwall+ will never cause a brick on boot or your phone to stop working, thats ludicrous. Iptables is reset on boot.

 

[pleasetouchmenot]

I have these blocked, and practically all other system apps as well.
I can see lots of stuff getting blocked in the logs, but everything works fine

Is it safe to disable all connections on gps?

 

[eriol1]

Is it safe to disable all connections on gps?

I use GPS in what used to be called "device only" mode, and it still works when blocked.
Maybe high accuracy mode which uses also bluetooth/wifi/cell won't work? Haven't tried.

Anyway I'm guessing results might be different on other device/os combinations, so just try blocking and see if it works for you. If not simply change it back, no harm done.

 

[IronTechmonkey]

Is it safe to disable all connections on gps?

I use GPS in what used to be called "device only" mode, and it still works when blocked.
Maybe high accuracy mode which uses also bluetooth/wifi/cell won't work? Haven't tried.

Anyway I'm guessing results might be different on other device/os combinations, so just try blocking and see if it works for you. If not simply change it back, no harm done.

Safe? Yes absolutely, you won't damage anything by blocking GPS. Also, regarding a recent concern that was expressed about blocking everything, it is safe to block just about any app or service. Some things may not work but they won't break. If they did we sure would have trouble when disconnected from the internet.

As to functionality, to @eriol1's point, "device only" GPS does not seem to require any data connection even for the GPS service on the device. That being said, there are some 3rd party GPS utilities which will download a file possibly containing a list of satellites or other data but those request seemed to be made by the app which can be blocked. Another consideration is Google's ongoing attempt to obfuscate our granular control of location services. For instance, in newer versions of Android we can no longer simply enable “device only” mode. We must now manually disable the internet based location services. LOL, pardon that rant but this is one of my pet peeves about Google and one of the reasons I use Afwall+

 

[temporarium]

Safe? Yes absolutely, you won't damage anything by blocking GPS. Also, regarding a recent concern that was expressed about blocking everything, it is safe to block just about any app or service. Some things may not work but they won't break. If they did we sure would have trouble when disconnected from the internet.

As to functionality, to @eriol1's point, "device only" GPS does not seem to require any data connection even for the GPS service on the device. That being said, there are some 3rd party GPS utilities which will download a file possibly containing a list of satellites or other data but those request seemed to be made by the app which can be blocked. Another consideration is Google's ongoing attempt to obfuscate our granular control of location services. For instance, in newer versions of Android we can no longer simply enable “device only” mode. We must now manually disable the internet based location services. LOL, pardon that rant but this is one of my pet peeves about Google and one of the reasons Afwall+

<OT> There is also microG with alternative geolocation backends. </OT>

 

[savelbys]

Hello,

does anyone know how I can remove the x/no internet connection possible at the WLAN icon in Android 11 LineageOS 18.1?
I assume this has something to do with the captive portal check.
To solve the problem in the short term, you have to disable the firewall, turn WLAN off/on and enable it again. However, after a reboot the problem still persists.

I have already tried the following which unfortunately does nothing, but worked on Android 10:

su
setenforce 0
settings put global captive_portal_mode 0
setenforce 1

and

su
su
pm disable com.android.captiveportallogin
settings put global captive_portal_detection_enabled 0
settings put global captive_portal_server localhost
settings put global captive_portal_mode 0
reboot

 

[Hiroo Onoda]

Hello,

does anyone know how I can remove the x/no internet connection possible at the WLAN icon in Android 11 LineageOS 18.1?
I assume this has something to do with the captive portal check.
To solve the problem in the short term, you have to disable the firewall, turn WLAN off/on and enable it again. However, after a reboot the problem still persists.

I have already tried the following which unfortunately does nothing, but worked on Android 10:

su
setenforce 0
settings put global captive_portal_mode 0
setenforce 1

and

su
su
pm disable com.android.captiveportallogin
settings put global captive_portal_detection_enabled 0
settings put global captive_portal_server localhost
settings put global captive_portal_mode 0
reboot

It's been a while since I set AFWall up on my Android 11, so I can't tell you exactly. Also, I don't have Lineage, just stock Android 11. I have allowed connection on the following system apps and got the x to go away, so I believe they may be related:

[-11] Linux kernel
[1073] Tethering, Cell Broadcast Service, Network manager, com.android.server.NetworkPermissionConfig

 

[q1nt]

For AFW+ to work, do I need to leave super user access enabled (using Magisk) aways? Or can I disable su access after setting up AF+ the first time? Reason is I prefer to leave su disabled for a bit more security when I'm out running around.

Background: I'm rooted but now using Netguard. Considering switching to AFW+ so I can use another VPN.

 

[SilentDevGuy]

Is it safe to disable all connections on gps?

It is theorhetically SAFE to disable ANY and EVERYTHING. However if you require certain features its up to you to allow those

 

[ukanth]

hello all, any presssing issues from latest beta ? I'm aware of supporting android 11 and even android 12. I'm also fixing long pending private DNS and Logging issues. Kindly raise any issues to https://github.com/ukanth/afwall/ to get it prioritized .

Thanks.

 

[starbright_]

My knowledge becomes a bit outdated after switch to Android 11 (debloated Stock with microG).

From system side I blocked everything except Download Manager. But I found that Network manager is required to use Aurora (Playstore replacement).
Is this ok? Other things I have to take into account?

 

[SilentDevGuy]

My knowledge becomes a bit outdated after switch to Android 11 (debloated Stock with microG).

From system side I blocked everything except Download Manager. But I found that Network manager is required to use Aurora (Playstore replacement).
Is this ok? Other things I have to take into account?

What happens to aurora store if you have network manager blocked?

 

[greatestandroidfan]

Not on Github, therefore here: 1+8 with crDroid 7.4 (A11). After every boot, firewall enables with rules error. Need to wait like 2min, then disable and re-enable firewall again to get it running w/o errors.
Yes, could set the boot delay option, but I want protection even while booting.