• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[5.0+][ROOT][3.5.2] AFWall+ IPTables Firewall [16 May 2021]

Search This thread

Gerdje_

Member
Jan 20, 2018
49
11
.......When the Firewall is enabled, the two sliders are gray, so INPUT chain and FORWARD chain (IPv4) are blocked, but the OUTPUT chain isn't. When AFWall is disabled INPUT and FORWARD (and OUTPUT ofcourse) are enabled.

........maybe I really noobish question, but whenever the firewall is enabled or disabled, should these settings toggle itself anyway, or is that strange behaviour?

To anyone who would like to answer my last question, please go ahead. :) If my (custom rules are not the problem and are functioning normally, is it normal, when the script drops certain chains, that the sliders of the IPv4 chains toggle themselves off? Thanks!

If not, I have commented out a lot of the rules, and the only commented lines that stops this behaviour are the flush rules.
 
I am sorry, i thought that you would just hide the icon on statusbar. I am also using 7.1.2 but lineage. There is a setting on lineage, that set up the notification in low priority and hide entirely it. IDK about resurrection remix.

Hi, Ressurection Remix is based on Lineage. I have the same possibilities to hide notifications as in lineage. But blocking the notification in the rom. Would block all AFWall notifications. So i wouldn't get a notification when a new app with internet permissions is installed. That's not what I want and the reason why I asked ukanth to fix it.

Regards Elveneleven

Sent from my GT-I9300 using XDA Labs
 

GrayJack

Senior Member
Sep 16, 2012
521
207
Silent Hill
About a few months ago another problem appeared: the program cannot find root when applying rules. In the same time no internet could be found at all (no IPv4/IPv6 interfaces) - and it could be solved only be restoring iptables in AFWall and re-applying rules again (in this case the program mysteriously finds root!)
With latest update to MIUI 10 (but still Android 7.1) the problem became even worse.
Now every time I connect to WiFi I need manually delete all iptables rules and then re-apply them in AFWall.
In other way - there is no connection at all.
What is going on?
 

ukanth

Recognized Developer
Nov 30, 2010
1,528
5,270
Nexus 7 (2013)
OnePlus X
Hi ukanth,
is there a way to hide the permanent notification from statusbar like in the versions before 3.0. My settings are exact the same as in the old version 2.9.9 but the notification is still present. In 2.9.9 the notification is gone.
Please see the attached screenshots. Even if the first checkbox is disabled the permanent notification won't dissappear. It would be nice to have the old behavior back. Can you please fix this in the next release.

Thanks and Regards Elveneleven

As I explained earlier, Permanent notification is enable (can't be disabled ) because of SDK target to 26. Atleast I didn't find a way to get network change notification without affecting performance (blame google for that). If I find a way, I will remove it. Otherwise it's going to be there.

Hello in Android 7 and 8 this lines in a script for wifi are working.
settings put global captive_portal_mode 0
settings put global captive_portal_detection_enabled 0
settings put global captive_portal_server localhost

But in my older phone with Android 6.0.1 this is not working.
Wifi not tuns on.

What must i do?

this could be not related to captive portal. firewall rules might give some hint.

I recently rooted my phone and installed Afwall+ firewall....

I have been using on all my devices without any issues. I can help identifying the issue if you are willing to share the rules/device details. Try disabling Data savers or any other programs from your android os.

Testing 3.0.1, new user here.

There's a bug, if the custom script has error, even for something like No chain/target match.
* setting is Block all selected, but nothing is selected
* firewall status is "disabled"
But I cannot access the internet at all!! I have to remove the custom script, enable the firewall then disable the firewall to access the internet!

Then you need to fix the custom rules. AFWall+ disables internet before apply rules to prevent leaks. Custom rules are applied in the middle. So if any error happen, it will not reenable the internet ( which might leak the apps )

I have tried a couple of times to switch from droidwall, but every time afwall has shown itself as unreliable.
The last time (on 7.1.2) the issue was that iptables didn't resolve hostnames under ipv4 - it did later under ipv6. I tried to use the trick to skip ipv4 config in the scripts and use common iptables binary under ipv6. It seemed that it did the trick, but after a while network traffic was completely blocked and I had no choice other than going back to droidwall.

Any hint to solve this?

Which device and OS versions. Please share menu-show rules -export / send error report. I can get an idea of what's going on.

Hello, Ive got a potentichal problem not sure though.
Thanks Ben

If you configure right, it should work without any leaks.
 

jcmm11

Recognized Contributor
Feb 10, 2012
3,579
3,593
Google Pixel 4a 5G
With Magisk v18.0 update boot script path changed. Has this any effects on using AFWall startup scripts?
- [General] Boot scripts are moved from <magisk_img>/.core/<stage>.d to /data/adb/<stage>.d
https://forum.xda-developers.com/showpost.php?p=78368595&postcount=48
At least for the moment no. The more important change is the fact that /sbin/.core/ is now deprecated in favor of /sbin/.magisk/. Although /sbin/.core/ is still available for the moment it will be going away.
The physical location of the startup scripts has changed, but there are symlinks in /sbin/.magisk/img/.core/ pointing to the new physical locations (and /sbin/.core/ is now a symlink pointing to /sbin/.magisk)
 

zputnyq

Senior Member
Apr 19, 2013
597
273
@ukanth @jcmm11 @jaydee 77
Due to update of magisk to v18.0, It brings an effect to boot script, probably on some device, I'm not sure.
After removing boot script, the option for choosing script's directory is missing & its start up data leak is greyed out.

I'm on rooted stock 6.0.1 xperia m4 magisk 18.0 afwall+ 3.0.1
 

Attachments

  • _20181210_201825.JPG
    _20181210_201825.JPG
    133.6 KB · Views: 279

DoR3M3

Senior Member
Feb 17, 2018
1,255
378
Portwenn
At least for the moment no. The more important change is the fact that /sbin/.core/ is now deprecated in favor of /sbin/.magisk/. Although /sbin/.core/ is still available for the moment it will be going away.
The physical location of the startup scripts has changed, but there are symlinks in /sbin/.magisk/img/.core/ pointing to the new physical locations (and /sbin/.core/ is now a symlink pointing to /sbin/.magisk)


So are we suppose to see a /path now in "Startup directory path for script" because mine is empty now...


@ukanth @jcmm11 @jaydee 77
Due to update of magisk to v18.0, It brings an effect to boot script, probably on some device, I'm not sure.
After removing boot script, the option for choosing script's directory is missing & its start up data leak is greyed out.

I'm on rooted stock 6.0.1 xperia m4 magisk 18.0 afwall+ 3.0.1


It's not greyed out on my device, I can check it, and it says startup script installed, but as I mentioned above the path for the script is now empty.

I have 2 afwallstart applications/paths on my device, are these correct besides having the startup init path, we are suppose to have this script in 3 locations?

/data/adb/service.d
/data/data/dev.ukanth.ufirewall/app_bin

If I create /etc/init.d and mark it in the preferences "Fix startup data leak" won't stay check marked, it keeps unmarking itself... hmm
 
Last edited:

zputnyq

Senior Member
Apr 19, 2013
597
273
So are we suppose to see a /path now in "Startup directory path for script" because mine is empty now...





It's not greyed out on my device, I can check it, and it says startup script installed, but as I mentioned above the path for the script is now empty.
Yes, we suppose to see a path for it. It is empty too on mine after update to magisk 18.0
For the greyed out, it appears only after the script is completely removed.
Sorry haven't mentioned it before. In chrinological I removed the script using explorer which support root at that time, then do a fresh install of afwall+
 

ukanth

Recognized Developer
Nov 30, 2010
1,528
5,270
Nexus 7 (2013)
OnePlus X
I keep getting "AFWall+ denied access to Download Manager ..." eventhough I have all (any app) set. I tried disabling the firewall, even force stopping it, but I still get the message.
Disable xposed plugin of AFWall+


Hello everyone, I'm aware of Magisk 18.0, There is already a pull request on Github. Will review and push an update this week. Thanks.
 
Last edited:

Tomatot-

Senior Member
May 11, 2012
1,593
1,511
OnePlus 6
Hi, I'm coming back with my issues of AFWALL+ not working, especially on mobile data. I've allowed most entries, including
Code:
 (root) - Apps running as root
but still, I can't access most of the internet. When I check log, it says "(root) - Apps running as root has access denied". Could I be doing something wrong?

It seems it only affects mobile data and not wifi, also, youtube videos work for example but the description doesn't load. My browser doesn't work at all.
 
Last edited:

ukanth

Recognized Developer
Nov 30, 2010
1,528
5,270
Nexus 7 (2013)
OnePlus X
Hi, I'm coming back with my issues of AFWALL+ not working, especially on mobile data. I've allowed most entries, including
Code:
 (root) - Apps running as root
but still, I can't access most of the internet. When I check log, it says
Code:
 (root) - Apps running as root
has access denied. Could I be doing something wrong?

It seems it only affects mobile data and not wifi, also, youtube videos work for example but the description doesn't load. My browser doesn't work at all.
Have you allowed/disabled ipv6 in connectivity ? Also would be useful to get insight if you share rules from menu -> show rules -> export,
 

Tomatot-

Senior Member
May 11, 2012
1,593
1,511
OnePlus 6
Have you allowed/disabled ipv6 in connectivity ? Also would be useful to get insight if you share rules from menu -> show rules -> export,

Sorry, I should have given them to you directly.

Here you go, see attachment. I tried to tick IPv6 support as well as "only control IPv6 chains" (and tick none of them), and nothing change.
 

Attachments

  • IPv4rules.log
    41.5 KB · Views: 4

ukanth

Recognized Developer
Nov 30, 2010
1,528
5,270
Nexus 7 (2013)
OnePlus X
Here is the version which fixes couple of minor issues

<Link Removed> Released on Playstore (you can still get apk from github release)

* Fix: Issue with Pixel C devices
* Support for Magisk 18.0 and startup leak
* Fix: Notification sound issue on some devices
* Fix: Duplicate name appears on main screen

Kindly confirm the above. I will push it today/tomorrow to f-droid and playstore.

Thanks.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    Hello. I have a question, i'm using LSPosed with AFWall right now, my question is, how to use AFWall with LSPosed, what to check inside LSPosed module app? Can someone enlighten me? Thank you.
    I did not add support for LSPosed. Also going forward, xposed module will be independent and not to be part of AFWall+ itself.
    4
    Is AFWall+ breaks SafetyNet?
    AFWall+ itself shouldn't. But you need root to use it, and rooting generally breaks "safetynet", as some consider a rooted device to be unsafe 🙄
    1
    Despite being blocked by AFWall+, occasionally Google Play still used to notify me of app updates and even worse I could access Play Store, again despite Play Services & Store being blocked by AFWall+.

    So in LOS PrivacyGuard I disabled Modify Systems Settings for both packages. So far, no more successful network access. I do see from time to time Store or Services trying to access the internet. AFWall+ logging notifies me of this. Oddly, whenever Google Play Services/Store attempts to access the network I also see AFWall+ reapplying rules.
    1
    I would expect that those modules have something to do with issues with tethering such as an unknown app /service being blocked therefore requiring firewall be disabled in order to tether, eg the modules might be required to help tethering function at all. I could be wrong and there are more knowledgeable people here that might be able to speak to this but I don't think a hack to circumvent service provider limits would go over well at Playstore. No moral judgement, I just think it might not be worth the risk for an app to allow that. Let's see what others and the developer have to say.
    I totally understand what you are saying.

    I would think it shouldn't be much of a risk because the NetShare app allows tether limit circumvention and it is still in the playstore with 1M+ downloads.
    1
    Afwall Xposed module, what is it exactly for? If I use LSPosed, to what apps should I appy this module?
    @ukanth statement here might be of useto you. No timeline, but...
  • 385
    Welcome to official support page for AFWall+

    Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+

    Introduction
    AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
    discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.


    Features
    - Supports 5.x to 11.x
    - Import/Export Rules to external storage
    - Search Applications
    - Multiple Profiles with custom names
    - Tasker/Locale support
    - Select All/None/Invert/Clear applications with single click
    - Revamped Rules/Logs Viewer with copy/export to external storage
    - Ability to view the network interfaces
    - Highlight system applications with custom color
    - Notify on new installations
    - Ability to hide application icons( faster loading )
    - Use LockPattern for application protection.
    - Show/Hide application ID.
    - Roaming Control for 3G/Edge
    - VPN Control
    - LAN Control
    - Tether Control
    - IPV6 Control
    - Tor Control
    - Choose able languages
    - Choose able iptables/busybox binary
    - Supports MIPS/x86/ARM
    - DNS Hostname

    Changelog - See third Post
    Current Version - 3.5.2

    To get Unlocker without Google services - Please follow the instructions here

    AFWall+ BETA Program
    1) AFWall+ opt-in for beta program
    2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)

    Source Code/Wiki/FAQ
    AFWall+ is an free & opensource application
    Github
    Log an issue
    Frequently Asked Questions
    Many Thanks to @CHEF-KOCH

    Translations
    Translations - Please help me with translations in your language.
    http://crowdin.net/project/afwall

    Thanks To/Credits
    - German translations by [email protected] & [email protected] & [email protected]
    - French translations by [email protected] & [email protected]
    - Russian translations by [email protected] & YaroslavKa78
    - Spanish translations by [email protected]
    - Dutch translations by [email protected]
    - Japanese translation by [email protected]
    - Ukrainian translation by [email protected]
    - Slovenian translation by bunga [email protected]
    - Chinese Simplified translation by [email protected]
    - Polish translations by tst,Piotr [email protected]
    - Swedish translations by [email protected]
    - Greek Translations by [email protected]
    - Portuguese translations by [email protected]
    - Chinese Traditional by [email protected]
    - Chinese Simplified by wuwufei,tianchaoren @ crowdin
    - Italian translations by [email protected]
    - Romanian tranlations by [email protected]
    - Czech translations by Syk3s

    Cheers,
    ukanth

    XDA:DevDB Information
    AFWall+ [ IPTables Firewall ], App for the Android General

    Contributors
    ukanth
    Source Code: https://github.com/ukanth/afwall


    Version Information
    Status:
    Stable
    Current Stable Version: 3.4.0
    Stable Release Date: 2020-02-09
    Current Beta Version: 3.5.0-BETA1
    Beta Release Date: 2020-09-05

    Created 2013-12-03
    Last Updated 2020-09-05
    70
    Version 3.0.1

    * Fix: Status toggle widget 1x1
    * Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
    * Fix: Firewall error notification on oreo and above
    * Security: Tile toggle checks for password
    * User reported crashes
    * Updated translations

    Previous version 3.0.0

    Features:
    * Better support for nougat/oreo and pie.
    * Firewall toggle tile
    * Adaptive Icons
    * Notification channels
    * Tor support

    Bugs:
    * General bug fixes and crash reports.
    * Language selection bug
    * Filter selection bug
    * Compatible with magisk 17.x
    * Better handling of background process
    * Drops support for 4.x devices
    * Update languages
    * Updated libraries

    Complete Changelog

    41
    Hello All,

    After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.

    Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md

    This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.

    Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.

    BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=0
    40
    Hello everyone,

    I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.

    Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.

    I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.

    Thanks again and have a great day.
    35
    Hello everyone,

    I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here

    https://github.com/ukanth/afwall/releases/tag/v3.1.0

    Thank you all for your continuous support in AFWall+ development.