• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[5.0+][ROOT][3.5.2] AFWall+ IPTables Firewall [16 May 2021]

Search This thread

ukanth

Recognized Developer
Nov 30, 2010
1,528
5,270
Nexus 7 (2013)
OnePlus X
About the missing internet connection on Android 9, I just tried inverting all rules and using blacklist mode instead of whitelist (even if I definitely prefer the latter). Apps are able to connect to the internet, for some hours by now, but the "No internet connection" message appears both on WiFi and mobile data.
Try the above version and let me know.
 

aaargh777

Senior Member
Apr 9, 2009
178
37
Hello Everyone,

I have rolled out another version of 3.0.0 with following changes for BETA users of playstore.

* Whitelist issue with Pie - DNS related
* Fixed notification sound in android < 8 devices
* Fixed few exceptions on moto devices
* Fixed crash in experimental UI for startup

Thanks.

You can also download from GDrive - https://drive.google.com/open?id=18uIJm2LptR3FsX4sFrfxSu-aJBLYqM67
So the custom rule for dns is no longer needed with this version?
FYI happened to me on mobile data too.
 

kagwind

Senior Member
Sep 26, 2014
101
225
Hello Everyone,

I have rolled out another version of 3.0.0 with following changes for BETA users of playstore.

* Whitelist issue with Pie - DNS related
Test results from OnePlus 6, Pie stable:
Whitelist mode works.
In the "Private DNS" setting, if use "Off" or "Automatic", no need for special setup; if use "Private DNS provider hostname", need to allow (root) in AFWall+.

I can upload logs if needed.

Appreciation for dev @ukanth 's work!:highfive:
 
  • Like
Reactions: ukanth

DoR3M3

Senior Member
Feb 17, 2018
1,255
378
Portwenn
If you have gapps installed ( even minimum ones) it will connect to Google servers to send data (like sim provider/ phone no etc.,) constantly. You can block it completely using AFWall+ ( equal to not having it - meaning if you want playstore, you can't deny internet access to it ).

You need to have solutions like "Xprivacy/Xprivacy Lua" to stop that.
@ukanth, so Google can't sneak past the firewall unless we allowed it? I'm not sure I'm understanding what you mean about Xprivacy, as if to be safe in regards to Google we should be using this in addition to AFWall+?

What I'm trying to understand, because I only run sometimes the Services/Framework in the phone, but the most of the time it's debloated.

So in AFWall+ does the Google Play Services and Google Framework show up? I'm more concerned about the Framework, back-end of the system, if can sneak past us. Or no, everything that is of concern will be displayed in AFWall+ for use to allow or block?

Thanks
 
Last edited:

ukanth

Recognized Developer
Nov 30, 2010
1,528
5,270
Nexus 7 (2013)
OnePlus X
Hello everyone,

I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.

Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.

I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.

Thanks again and have a great day.
 

kagwind

Senior Member
Sep 26, 2014
101
225
Test results from OnePlus 6, Pie stable:
Whitelist mode works.
In the "Private DNS" setting, if use "Off" or "Automatic", no need for special setup; if use "Private DNS provider hostname", need to allow (root) in AFWall+.
@ukanth @dorqus
It seems that applying the following custom rule will let Whitelist mode work when using "Private DNS provider hostname", even without allowing (root):
$IPTABLES -A afwall-wifi-wan -p tcp -m tcp --dport 853 -j RETURN

ukanth, have a good time with your family! ;)

Edit: For mobile data, the following rule is needed:
$IPTABLES -A afwall-3g-home -p tcp -m tcp --dport 853 -j RETURN
 
Last edited:
Hello everyone,

I have released 3.0.0 stable on playstore today. It's been a crazy month so far.....

Thanks again and have a great day.

Hi ukanth,
I just installed the latest release and was very pleased with the support for Tor and the AFWall tile.
By the way the tile seems not to work correctly on nougat. One can Deactivate AFWall by tile but activation doesn't work.

But the main thing for me, which was really shocking, is that the option to hide app icon from status bar in settings has disappeared. I hope this was by accident and not by intent. Please bring back this option. AFWall is running fine also without the ongoing notification present in the statusbar. Not being able to hide this makes some beautiful features of my ROM no more available.
Disabling AFWall notifications completely would be a solution, but that's inadequate cause one looses all information about applying rules and other important and dismissable notifications.
Please bring back this option in the next release when you're back from holidays.

Thanks Elveneleven

Sent from my [device_name] using XDA-Developers Legacy app
 
  • Like
Reactions: voroxda and Seuche2

hypern0va

Senior Member
Sep 18, 2014
365
136
Italy
Latest beta fixed the internet connection problems for me on Android 9.

However, I still have the "no internet connection" message both on WiFi and mobile data. Does anyone else on Android 9 face this too?

BTW I'm on the latest beta (not 3.0.0 stable) since I use F-Droid, in case this could the problem.
 

HerrT

Senior Member
Aug 23, 2013
156
172
Vienna
Latest beta fixed the internet connection problems for me on Android 9.

However, I still have the "no internet connection" message both on WiFi and mobile data. Does anyone else on Android 9 face this too?

BTW I'm on the latest beta (not 3.0.0 stable) since I use F-Droid, in case this could the problem.

According to the change log (between latest beta and stable), your issue should be fixed with 3.0.0 stable:
* Whitelist issue with Pie - DNS related
 

hypern0va

Senior Member
Sep 18, 2014
365
136
Italy
According to the change log (between latest beta and stable), your issue should be fixed with 3.0.0 stable:
* Whitelist issue with Pie - DNS related
Just downloaded it from APKMirror, as soon as I enable the firewall and reconnect to the WiFi the "No internet connection" message reappears. Same on mobile data.

The connection does work btw.

Maybe I'm missing some system app permissions in AFWall+, is there anything else which could cause this other than CaptivePortalLogin?
 

Portgas D. Ace

Recognized Contributor
Jun 12, 2014
4,339
3,132
Bergisches Land
Just downloaded it from APKMirror, as soon as I enable the firewall and reconnect to the WiFi the "No internet connection" message reappears. Same on mobile data.

The connection does work btw.

Maybe I'm missing some system app permissions in AFWall+, is there anything else which could cause this other than CaptivePortalLogin?

Try allowing internet access to Android System.
 
  • Like
Reactions: hypern0va

Portgas D. Ace

Recognized Contributor
Jun 12, 2014
4,339
3,132
Bergisches Land
Yup that worked, I was having a feeling it was just a missing permission. Thank you! :)

Sadly though the entry containing Android System also contains a lot of other things which got allowed to reach the internet too.

From what I remember, you can disable the internet permission of Android System, only downsides are the "no network available" notification as well as the "x" on the network symbols in your statusbar.
 

gazzacbr

Senior Member
Dec 3, 2007
1,175
244
Dubai
Hi, is the status bar icon gone now or am I missing a setting? I did actually like it as a constant check that I have re-enabled it after using a vpn (still can't get vpn to work with afwall+ active)
 

easy_mac

Senior Member
Jan 22, 2015
446
196
Hi, thanks for making the best firewall for android :)

I was wondering why some apps do not show up in AFWall+

Does this confirm the app doesn't have internet access to begin with? I've had this happen several times, the current application I am wondering about is the apk listed here https://forum.xda-developers.com/showpost.php?p=77825503&postcount=94

Its the ONLY quickpic I've found without pink text, but I haven't been running it because I can't block it via AFWall

---------- Post added at 04:04 PM ---------- Previous post was at 04:03 PM ----------

Hi, is the status bar icon gone now or am I missing a setting? I did actually like it as a constant check that I have re-enabled it after using a vpn (still can't get vpn to work with afwall+ active)

Status bar icon and constant notification seem to have been introduced with the latest update, not the other way around for me at least
 

jchen12

Member
Apr 29, 2015
44
2
Thanks for the update, the quick toggle tile is the best! I just wished we could hide the notification icon again without disabling it as I still want to see other afwall notifications
 

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    Hello. I have a question, i'm using LSPosed with AFWall right now, my question is, how to use AFWall with LSPosed, what to check inside LSPosed module app? Can someone enlighten me? Thank you.
    I did not add support for LSPosed. Also going forward, xposed module will be independent and not to be part of AFWall+ itself.
    4
    Is AFWall+ breaks SafetyNet?
    AFWall+ itself shouldn't. But you need root to use it, and rooting generally breaks "safetynet", as some consider a rooted device to be unsafe 🙄
    1
    Despite being blocked by AFWall+, occasionally Google Play still used to notify me of app updates and even worse I could access Play Store, again despite Play Services & Store being blocked by AFWall+.

    So in LOS PrivacyGuard I disabled Modify Systems Settings for both packages. So far, no more successful network access. I do see from time to time Store or Services trying to access the internet. AFWall+ logging notifies me of this. Oddly, whenever Google Play Services/Store attempts to access the network I also see AFWall+ reapplying rules.
    1
    I would expect that those modules have something to do with issues with tethering such as an unknown app /service being blocked therefore requiring firewall be disabled in order to tether, eg the modules might be required to help tethering function at all. I could be wrong and there are more knowledgeable people here that might be able to speak to this but I don't think a hack to circumvent service provider limits would go over well at Playstore. No moral judgement, I just think it might not be worth the risk for an app to allow that. Let's see what others and the developer have to say.
    I totally understand what you are saying.

    I would think it shouldn't be much of a risk because the NetShare app allows tether limit circumvention and it is still in the playstore with 1M+ downloads.
    1
    Afwall Xposed module, what is it exactly for? If I use LSPosed, to what apps should I appy this module?
    @ukanth statement here might be of useto you. No timeline, but...
  • 385
    Welcome to official support page for AFWall+

    Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+

    Introduction
    AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
    discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.


    Features
    - Supports 5.x to 11.x
    - Import/Export Rules to external storage
    - Search Applications
    - Multiple Profiles with custom names
    - Tasker/Locale support
    - Select All/None/Invert/Clear applications with single click
    - Revamped Rules/Logs Viewer with copy/export to external storage
    - Ability to view the network interfaces
    - Highlight system applications with custom color
    - Notify on new installations
    - Ability to hide application icons( faster loading )
    - Use LockPattern for application protection.
    - Show/Hide application ID.
    - Roaming Control for 3G/Edge
    - VPN Control
    - LAN Control
    - Tether Control
    - IPV6 Control
    - Tor Control
    - Choose able languages
    - Choose able iptables/busybox binary
    - Supports MIPS/x86/ARM
    - DNS Hostname

    Changelog - See third Post
    Current Version - 3.5.2

    To get Unlocker without Google services - Please follow the instructions here

    AFWall+ BETA Program
    1) AFWall+ opt-in for beta program
    2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)

    Source Code/Wiki/FAQ
    AFWall+ is an free & opensource application
    Github
    Log an issue
    Frequently Asked Questions
    Many Thanks to @CHEF-KOCH

    Translations
    Translations - Please help me with translations in your language.
    http://crowdin.net/project/afwall

    Thanks To/Credits
    - German translations by [email protected] & [email protected] & [email protected]
    - French translations by [email protected] & [email protected]
    - Russian translations by [email protected] & YaroslavKa78
    - Spanish translations by [email protected]
    - Dutch translations by [email protected]
    - Japanese translation by [email protected]
    - Ukrainian translation by [email protected]
    - Slovenian translation by bunga [email protected]
    - Chinese Simplified translation by [email protected]
    - Polish translations by tst,Piotr [email protected]
    - Swedish translations by [email protected]
    - Greek Translations by [email protected]
    - Portuguese translations by [email protected]
    - Chinese Traditional by [email protected]
    - Chinese Simplified by wuwufei,tianchaoren @ crowdin
    - Italian translations by [email protected]
    - Romanian tranlations by [email protected]
    - Czech translations by Syk3s

    Cheers,
    ukanth

    XDA:DevDB Information
    AFWall+ [ IPTables Firewall ], App for the Android General

    Contributors
    ukanth
    Source Code: https://github.com/ukanth/afwall


    Version Information
    Status:
    Stable
    Current Stable Version: 3.4.0
    Stable Release Date: 2020-02-09
    Current Beta Version: 3.5.0-BETA1
    Beta Release Date: 2020-09-05

    Created 2013-12-03
    Last Updated 2020-09-05
    70
    Version 3.0.1

    * Fix: Status toggle widget 1x1
    * Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
    * Fix: Firewall error notification on oreo and above
    * Security: Tile toggle checks for password
    * User reported crashes
    * Updated translations

    Previous version 3.0.0

    Features:
    * Better support for nougat/oreo and pie.
    * Firewall toggle tile
    * Adaptive Icons
    * Notification channels
    * Tor support

    Bugs:
    * General bug fixes and crash reports.
    * Language selection bug
    * Filter selection bug
    * Compatible with magisk 17.x
    * Better handling of background process
    * Drops support for 4.x devices
    * Update languages
    * Updated libraries

    Complete Changelog

    41
    Hello All,

    After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.

    Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md

    This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.

    Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.

    BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=0
    40
    Hello everyone,

    I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.

    Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.

    I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.

    Thanks again and have a great day.
    35
    Hello everyone,

    I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here

    https://github.com/ukanth/afwall/releases/tag/v3.1.0

    Thank you all for your continuous support in AFWall+ development.