• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[5.0+][ROOT][3.5.2] AFWall+ IPTables Firewall [16 May 2021]

Search This thread

ukanth

Recognized Developer
Nov 30, 2010
1,517
5,240
Nexus 7 (2013)
OnePlus X
Welcome to official support page for AFWall+

Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+

Introduction
AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.


Features
- Supports 5.x to 11.x
- Import/Export Rules to external storage
- Search Applications
- Multiple Profiles with custom names
- Tasker/Locale support
- Select All/None/Invert/Clear applications with single click
- Revamped Rules/Logs Viewer with copy/export to external storage
- Ability to view the network interfaces
- Highlight system applications with custom color
- Notify on new installations
- Ability to hide application icons( faster loading )
- Use LockPattern for application protection.
- Show/Hide application ID.
- Roaming Control for 3G/Edge
- VPN Control
- LAN Control
- Tether Control
- IPV6 Control
- Tor Control
- Choose able languages
- Choose able iptables/busybox binary
- Supports MIPS/x86/ARM
- DNS Hostname

Changelog - See third Post
Current Version - 3.5.2

To get Unlocker without Google services - Please follow the instructions here

AFWall+ BETA Program
1) AFWall+ opt-in for beta program
2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)

Source Code/Wiki/FAQ
AFWall+ is an free & opensource application
Github
Log an issue
Frequently Asked Questions
Many Thanks to @CHEF-KOCH

Translations
Translations - Please help me with translations in your language.
http://crowdin.net/project/afwall

Thanks To/Credits
- German translations by [email protected] & [email protected] & [email protected]
- French translations by [email protected] & [email protected]
- Russian translations by [email protected] & YaroslavKa78
- Spanish translations by [email protected]
- Dutch translations by [email protected]
- Japanese translation by [email protected]
- Ukrainian translation by [email protected]
- Slovenian translation by bunga [email protected]
- Chinese Simplified translation by [email protected]
- Polish translations by tst,Piotr [email protected]
- Swedish translations by [email protected]
- Greek Translations by [email protected]
- Portuguese translations by [email protected]
- Chinese Traditional by [email protected]
- Chinese Simplified by wuwufei,tianchaoren @ crowdin
- Italian translations by [email protected]
- Romanian tranlations by [email protected]
- Czech translations by Syk3s

Cheers,
ukanth

XDA:DevDB Information
AFWall+ [ IPTables Firewall ], App for the Android General

Contributors
ukanth
Source Code: https://github.com/ukanth/afwall


Version Information
Status:
Stable
Current Stable Version: 3.4.0
Stable Release Date: 2020-02-09
Current Beta Version: 3.5.0-BETA1
Beta Release Date: 2020-09-05

Created 2013-12-03
Last Updated 2020-09-05
 

Attachments

  • logs.jpg
    logs.jpg
    59.5 KB · Views: 41,166
  • main.jpg
    main.jpg
    80.1 KB · Views: 42,061
  • menu.jpg
    menu.jpg
    65.1 KB · Views: 40,649
  • mode.jpg
    mode.jpg
    54.3 KB · Views: 38,666
  • preferences.jpg
    preferences.jpg
    78.8 KB · Views: 38,296
  • Profile.jpg
    Profile.jpg
    71.9 KB · Views: 37,061
  • rules.jpg
    rules.jpg
    99.7 KB · Views: 36,964
  • search.jpg
    search.jpg
    83.4 KB · Views: 35,402
  • 20140117_082541.jpg
    20140117_082541.jpg
    33.5 KB · Views: 34,026
Last edited:

ukanth

Recognized Developer
Nov 30, 2010
1,517
5,240
Nexus 7 (2013)
OnePlus X
Version 3.0.1

* Fix: Status toggle widget 1x1
* Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
* Fix: Firewall error notification on oreo and above
* Security: Tile toggle checks for password
* User reported crashes
* Updated translations

Previous version 3.0.0

Features:
* Better support for nougat/oreo and pie.
* Firewall toggle tile
* Adaptive Icons
* Notification channels
* Tor support

Bugs:
* General bug fixes and crash reports.
* Language selection bug
* Filter selection bug
* Compatible with magisk 17.x
* Better handling of background process
* Drops support for 4.x devices
* Update languages
* Updated libraries

Complete Changelog

 
Last edited:

ukanth

Recognized Developer
Nov 30, 2010
1,517
5,240
Nexus 7 (2013)
OnePlus X
Great, I have been waiting for someone to take over and update best firewall for our phones. Anything that we should now about this release in particular?

Sent from my HTC Sensation Z710e using Tapatalk 2


Thanks for feedback... I've updated the second post for changelog.
Please check the same.


Sent from my HTC Desire
 

vault1965

Senior Member
Dec 13, 2010
515
115
Bergamo
Samsung Galaxy S20 FE
It works fine, but highlights in red makes it difficult to read. Maybe it would be better just to have red font for system apps without highlight. Of course, this is only cosmetics. Will post further as I use it now as main firewall.

Sent from my HTC Sensation Z710e using Tapatalk 2
 

CHEF-KOCH

Senior Member
Jan 2, 2012
451
235
here are some fr

Hey, very good app. I like apps that doesn't consume much resources on my devices and that's why i prefer this app here.

Here are some feature requests, i know the list is pretty big but most of them are important:

* translation support (e.g. to translate the app into german)
* google play store support (when the app are nearly "final")
* saving/loading profiles
* select all / select none / invert selection
* backup and restore rules (the most important point for me)
* IPv6 support (also vey important)
* Tasker/Locale Integration
* Orbot (Tor) support (because of some problems to connect into it)
* an Option for SSL/TLS only connection
* tablet interface support
* special rules for VPN



Here are some bugs or problems i found (some of theme are small and easy to fix i think)
* Apps can bypass droidwalls whitelist if started before droidwall upon boot
* On Jelly Bean the user interface looks different (a picture above explain it better), maybe remove the black background and the red one, and make it so that only the text have different colors and not the background
* The Widget needs to much space, the icon takes 4x1 for me (see screenshot)
* The notification about new apps only show one, but if you install right after that another app nothing was shown up
* In the help dialog there is an google code link, seems that that link does not work maybe you change this to the github repro

Thank you for that great app!
 

Attachments

  • Screenshot_2012-10-27-13-18-23.jpg
    Screenshot_2012-10-27-13-18-23.jpg
    34.2 KB · Views: 12,107
  • Screenshot_2012-10-27-13-39-31.jpg
    Screenshot_2012-10-27-13-39-31.jpg
    30.4 KB · Views: 11,769

ukanth

Recognized Developer
Nov 30, 2010
1,517
5,240
Nexus 7 (2013)
OnePlus X
Thanks for the list.I fixed the following issue, please get the latest apk ( fixed along with vault1965 issue) . I've been using DroidWall for last 2 years and most of the issues that you reported was in my mind.

I'll set up the github with issue tracker, so that we can track the progress better.

"On Jelly Bean the user interface looks different (a picture above explain it better), maybe remove the black background and the red one, and make it so that only the text have different colors and not the background"
 

crancker

Senior Member
Sep 29, 2012
81
28
great

Omg this is so cool. I was looking for a great firewall application since I switched from MIUI to Cm10 on my defy. Keep up the good work. :)
 

gogyly

Senior Member
May 5, 2012
588
199
Kraljevo
Hi, just downloaded your app. Im glad that someone work on this perfect firewall. Will try it and see whats new. Couse my beta miui have no working firewall. Cheers
Edit : i' got constant fc on v1.01.

Sent from my LG-P350 using xda premium
 
Last edited:

mx828

Senior Member
Sep 29, 2012
61
9
Running cm10 nightly and it only force closes on me. Even after i uninstalled droidwall and reinstalled your apk. Looks very promising hope the problem is fixed and thanx for the app. :)
 

Top Liked Posts

  • 2
    I have two entries for that option - which one should I select?
    I'v got the same entries as well. It got me wondering what the two are.
    Came across this for the for the two options and what they mean.

    • post-fs-data mode
      • This stage is BLOCKING. The boot process is paused before execution is done, or 10 seconds have passed.
      • Scripts run before any modules are mounted. This allows a module developer to dynamically adjust their modules before it gets mounted.
      • This stage happens before Zygote is started, which pretty much means everything in Android
      • Run scripts in this mode only if necessary!
    • late_start service mode ( service.d )
      • This stage is NON-BLOCKING. Your script runs in parallel along with the booting process.
      • This is the recommended stage to run most scripts!
    This is taken from the Magisk guide

    1
    So, should we use post-fs-data mode, or is this too risky that it could lockup the device is something is wrong?
    At the moment i'm using the post-fs-data.d option. It may take a bit longer to start.
    While i do get errors occasionally, mainly with applying rules, it still blocks connection to apps. I don't think it's due the startup configuration ( check Github as other people have issues to ).
    My startup is also due to the other crap on my phone as well, and mainly needs time to settle down so to speak.
    Also looking back on this post not every has the same options. @Uluru25 has service.d option only, while i don't have his device but @EEngineer has completely different options.
    As to what option to use it will be up to you but the magisk guide does recommend using service.d option in most cases.

  • 4
    Wow - so apps can get internet access for around a minute right after bootup (before afwall can apply the rules).
    yes they cld and thats all some apps need so as to send info home but the simplest way around that is to turn off mobile internet as well as wifi before reboot and wait about a minute after boot for the firewall to have started before reconnecting internet access :)
    2
    I know this may sound like a newbie question, but I just want to understand how this app works.

    From what I understand, it modifies the "IPTables" which I believe are config files that tell the internal network system how to route data packets.
    No it is not any config files...
    It is the name of the networking functionality of the kernel.
    It's rules are kept in memory and need to be reapplied after each boot.
    2
    I have two entries for that option - which one should I select?
    I'v got the same entries as well. It got me wondering what the two are.
    Came across this for the for the two options and what they mean.

    • post-fs-data mode
      • This stage is BLOCKING. The boot process is paused before execution is done, or 10 seconds have passed.
      • Scripts run before any modules are mounted. This allows a module developer to dynamically adjust their modules before it gets mounted.
      • This stage happens before Zygote is started, which pretty much means everything in Android
      • Run scripts in this mode only if necessary!
    • late_start service mode ( service.d )
      • This stage is NON-BLOCKING. Your script runs in parallel along with the booting process.
      • This is the recommended stage to run most scripts!
    This is taken from the Magisk guide

    1
    I know this may sound like a newbie question, but I just want to understand how this app works.

    From what I understand, it modifies the "IPTables" which I believe are config files that tell the internal network system how to route data packets.

    So, if this app modifies the IPTables files to apply my rules, then why when I reboot my device, it displays "Applying Rules" again on boot up? Meaning, if the IPTables were modified when I last used this app, then I would think these IPTables files would remember their settings in-between boots, so there should be no reason to reapply them after a reboot. So why does this app need to reapply the same rules after a reboot?

    Or is it that any changes to the IPTables are only valid for the current device session, and when the device gets rebooted, the iptables are cleared, and that is why this app needs to reapply them?

    If this second theory is the case, then does that mean that apps (that I blocked in afall) will be able to reach the internet for the first ~30 seconds right when the device is booting up, but before afwall+ has the chance to reapply the rules?
    1
    So, should we use post-fs-data mode, or is this too risky that it could lockup the device is something is wrong?
    At the moment i'm using the post-fs-data.d option. It may take a bit longer to start.
    While i do get errors occasionally, mainly with applying rules, it still blocks connection to apps. I don't think it's due the startup configuration ( check Github as other people have issues to ).
    My startup is also due to the other crap on my phone as well, and mainly needs time to settle down so to speak.
    Also looking back on this post not every has the same options. @Uluru25 has service.d option only, while i don't have his device but @EEngineer has completely different options.
    As to what option to use it will be up to you but the magisk guide does recommend using service.d option in most cases.

  • 384
    Welcome to official support page for AFWall+

    Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+

    Introduction
    AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
    discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.


    Features
    - Supports 5.x to 11.x
    - Import/Export Rules to external storage
    - Search Applications
    - Multiple Profiles with custom names
    - Tasker/Locale support
    - Select All/None/Invert/Clear applications with single click
    - Revamped Rules/Logs Viewer with copy/export to external storage
    - Ability to view the network interfaces
    - Highlight system applications with custom color
    - Notify on new installations
    - Ability to hide application icons( faster loading )
    - Use LockPattern for application protection.
    - Show/Hide application ID.
    - Roaming Control for 3G/Edge
    - VPN Control
    - LAN Control
    - Tether Control
    - IPV6 Control
    - Tor Control
    - Choose able languages
    - Choose able iptables/busybox binary
    - Supports MIPS/x86/ARM
    - DNS Hostname

    Changelog - See third Post
    Current Version - 3.5.2

    To get Unlocker without Google services - Please follow the instructions here

    AFWall+ BETA Program
    1) AFWall+ opt-in for beta program
    2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)

    Source Code/Wiki/FAQ
    AFWall+ is an free & opensource application
    Github
    Log an issue
    Frequently Asked Questions
    Many Thanks to @CHEF-KOCH

    Translations
    Translations - Please help me with translations in your language.
    http://crowdin.net/project/afwall

    Thanks To/Credits
    - German translations by [email protected] & [email protected] & [email protected]
    - French translations by [email protected] & [email protected]
    - Russian translations by [email protected] & YaroslavKa78
    - Spanish translations by [email protected]
    - Dutch translations by [email protected]
    - Japanese translation by [email protected]
    - Ukrainian translation by [email protected]
    - Slovenian translation by bunga [email protected]
    - Chinese Simplified translation by [email protected]
    - Polish translations by tst,Piotr [email protected]
    - Swedish translations by [email protected]
    - Greek Translations by [email protected]
    - Portuguese translations by [email protected]
    - Chinese Traditional by [email protected]
    - Chinese Simplified by wuwufei,tianchaoren @ crowdin
    - Italian translations by [email protected]
    - Romanian tranlations by [email protected]
    - Czech translations by Syk3s

    Cheers,
    ukanth

    XDA:DevDB Information
    AFWall+ [ IPTables Firewall ], App for the Android General

    Contributors
    ukanth
    Source Code: https://github.com/ukanth/afwall


    Version Information
    Status:
    Stable
    Current Stable Version: 3.4.0
    Stable Release Date: 2020-02-09
    Current Beta Version: 3.5.0-BETA1
    Beta Release Date: 2020-09-05

    Created 2013-12-03
    Last Updated 2020-09-05
    70
    Version 3.0.1

    * Fix: Status toggle widget 1x1
    * Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
    * Fix: Firewall error notification on oreo and above
    * Security: Tile toggle checks for password
    * User reported crashes
    * Updated translations

    Previous version 3.0.0

    Features:
    * Better support for nougat/oreo and pie.
    * Firewall toggle tile
    * Adaptive Icons
    * Notification channels
    * Tor support

    Bugs:
    * General bug fixes and crash reports.
    * Language selection bug
    * Filter selection bug
    * Compatible with magisk 17.x
    * Better handling of background process
    * Drops support for 4.x devices
    * Update languages
    * Updated libraries

    Complete Changelog

    41
    Hello All,

    After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.

    Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md

    This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.

    Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.

    BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=0
    40
    Hello everyone,

    I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.

    Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.

    I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.

    Thanks again and have a great day.
    35
    Hello everyone,

    I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here

    https://github.com/ukanth/afwall/releases/tag/v3.1.0

    Thank you all for your continuous support in AFWall+ development.