• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[5.0+][ROOT][3.5.2] AFWall+ IPTables Firewall [16 May 2021]

Search This thread

IronTechmonkey

Recognized Contributor
Feb 12, 2013
7,897
11,447
I searched all over Google for bw_INPUT and couldn't find anything useful. How does that rule even work? Every connection uses bandwidth...

Again with the understanding that I don't necessarily understand the topic at hand and I am guessing quite a bit, I entered this block of text into Google

bw_INPUT
bw_FORWARD
bw_OUTPUT

Which returned the two following links both of which seem to imply bw is bandwidth.



Also there was this link and a few others specifically about iptables, where it also seems to be used in the context of bandwidth although I don't know how that figures in the big picture here.

 
  • Like
Reactions: eriol1

eriol1

Senior Member
Feb 16, 2015
177
119
Again with the understanding that I don't necessarily understand the topic at hand and I am guessing quite a bit, I entered this block of text into Google

bw_INPUT
bw_FORWARD
bw_OUTPUT

Which returned the two following links both of which seem to imply bw is bandwidth.



Also there was this link and a few others specifically about iptables, where it also seems to be used in the context of bandwidth although I don't know how that figures in the big picture here.

From a quick glance at the links you posted, these chains seem to be related to:
  • bandwidth tracking (possibly so android can show you how much data each app is using)
  • quota limiting (possibly so android can restrict data usage when data limit is reached)
  • data saving (not sure how this comes into play since I believe data saving is each app's responsibility to implement)
 
  • Like
Reactions: IronTechmonkey

IronTechmonkey

Recognized Contributor
Feb 12, 2013
7,897
11,447
From a quick glance at the links you posted, these chains seem to be related to:
  • bandwidth tracking (possibly so android can show you how much data each app is using)
  • quota limiting (possibly so android can restrict data usage when data limit is reached)
  • data saving (not sure how this comes into play since I believe data saving is each app's responsibility to implement)

Thank you. Those do seem to be about more about reporting status then controlling the firewall. As to device wide data saving there have been such functions in Android for quite some time, in the past called restrict background data and now called Data saver which line up with what you are saying. In any event those details I introduced don't answer the original posters question. Thanks again for the clarification.
 
  • Like
Reactions: eriol1

eriol1

Senior Member
Feb 16, 2015
177
119
Thank you. Those do seem to be about more about reporting status then controlling the firewall. As to device wide data saving there have been such functions in Android for quite some time, in the past called restrict background data and now called Data saver which line up with what you are saying. In any event those details I introduced don't answer the original posters question. Thanks again for the clarification.
I don't even remember the original question anymore 😅
I was more interested in the code itself...
If you read a bit through the code you linked it's rather amusing;
There's a "penalty_box" chain where "naughty apps" go when they're denied internet connection.
Not sure if the programmer was having a really good or really bad day when he wrote that 😂
 
  • Like
Reactions: IronTechmonkey

freakerload

Senior Member
Mar 17, 2011
362
72
I use Android 10, and switching Wifi is not working.
I set allow wifi to CaptivePortalLogin but not working.

If i set allow wifi to this see screenshot it is working.
Screenshot_20201230-113049_AFWall+.jpg


The old script with that also not working.

settings put global captive_portal_mode 0
settings put global captive_portal_detection_enabled 0
settings put global captive_portal_server localhost
 
Last edited:

IronTechmonkey

Recognized Contributor
Feb 12, 2013
7,897
11,447
Is this app being developed anymore? The github page is just useless. Can anyone please confirm this?

The latest activity by dev in GitHub and here was about six weeks ago. That's not really that long ago, and even though I myself really would like to see a fix for logging, considering the state of the world I'd be glad to wait for that and I hope the developer is okay.
 

ukanth

Recognized Developer
Nov 30, 2010
1,517
5,240
Nexus 7 (2013)
OnePlus X
The latest activity by dev in GitHub and here was about six weeks ago. That's not really that long ago, and even though I myself really would like to see a fix for logging, considering the state of the world I'd be glad to wait for that and I hope the developer is okay.

Thanks. I'm ok, like everyone, stressed out with this whole pandemic. Hope to turn around. is there place to find motivation ?
🤔
 
I have signed up for the beta version, but while I wait for the beta version to arrive.

Can someone point me in the right direction for trouble shooting why Afwall is blocking samsung email from received under android 10 ..? My device is a Galaxy S20FE (G781B).

I surmised that because I restored my rules from my S7 to the S20 that some corruption may have occured, and sure enough nuking data/cache and redoing all the rules from scratch fixed it. Now Im back to just being unable to being unable to receive email when connected under wifi, so have to use mobile data as a work around etc.

I am hoping the latest beta might resolve that last issue/annoyance, as changing the DNS proxy from Auto to Enable DNS via netd has no effect.
 
Last edited:

eriol1

Senior Member
Feb 16, 2015
177
119
I have signed up for the beta version, but while I wait for the beta version to arrive.

Can someone point me in the right direction for trouble shooting why Afwall is blocking samsung email from received under android 10 ..? My device is a Galaxy S20FE (G781B).

I surmised that because I restored my rules from my S7 to the S20 that some corruption may have occured, and sure enough nuking data/cache and redoing all the rules from scratch fixed it. Now Im back to just being unable to being unable to receive email when connected under wifi, so have to use mobile data as a work around etc.
Maybe the app package name changed between phones/android versions? I think that may cause a problem when restoring a backup.

Might be worthwhile investigating further
 

EEngineer

Senior Member
Oct 20, 2011
884
155
USA
T-Mobile LG G5
I'm using AFWall+ with LineageOS 14.1 (Nougat) and it is working flawlessly. Do I need to disable battery optimization in LOS Settings for this firewall? Sorry if this has been asked before but XDA thread search isn't working.

Also, is there a PayPal link to get a key for the Donate version? Thanks!
 
Last edited:

eriol1

Senior Member
Feb 16, 2015
177
119
  • Like
Reactions: IronTechmonkey

IronTechmonkey

Recognized Contributor
Feb 12, 2013
7,897
11,447
Well I signed up for the beta version of Afwall+ and haven't heard back and the beta version hasen't appeared in google play...

You could look through recent posts by the developer to see if the beta is still linked to a recent post, which is where I got it IRC. If you find such a link but it's dead then you know it was pulled and there's no point in going for it. You could also check GitHub but I don't know if beta versions are shared there.
 

EEngineer

Senior Member
Oct 20, 2011
884
155
USA
T-Mobile LG G5
I read the Android system recommendations for AFWall+ here:

I have Google Play Store, Google Play Services, and Market Feedback Agent all blocked for everything except WiFi on all my Android devices that have a firewall. Of course I have auto-updates disabled for everything.

Also, since I do not sync anything at all with Google, I have Google Contacts sync and google Calendar Sync completely blocked.

I see about a 15% increase in battery life. I rarely connect to anyone's WiFi except my own. I'm not interrupted during the day with app update notices. I only update apps from home on my own WiFi. Since nowadays an app update can mean a completely different app with new permissions, I investigate each app update on my home PC before deciding to update.

FYI I do not play games, my phone is mostly business use.

YMMV
 

sabei

Senior Member
Jul 9, 2020
57
16
I read the Android system recommendations for AFWall+ here:

I have Google Play Store, Google Play Services, and Market Feedback Agent all blocked for everything except WiFi on all my Android devices that have a firewall. Of course I have auto-updates disabled for everything.

Also, since I do not sync anything at all with Google, I have Google Contacts sync and google Calendar Sync completely blocked.

I see about a 15% increase in battery life. I rarely connect to anyone's WiFi except my own. I'm not interrupted during the day with app update notices. I only update apps from home on my own WiFi. Since nowadays an app update can mean a completely different app with new permissions, I investigate each app update on my home PC before deciding to update.

FYI I do not play games, my phone is mostly business use.

YMMV
I noted those recs are over 4 years old. Because I have Xiaomi phone it has always been trying to contact home so even with a custom rom I don't allow many of the items recommended to be left. In fact just checking now, on the list, other than Internet time servers they are pretty much all blocked......
I have read in this thread of others who do the same but it seems to be trial and error what you can get away with.
 

EEngineer

Senior Member
Oct 20, 2011
884
155
USA
T-Mobile LG G5
I noted those recs are over 4 years old. Because I have Xiaomi phone it has always been trying to contact home so even with a custom rom I don't allow many of the items recommended to be left. In fact just checking now, on the list, other than Internet time servers they are pretty much all blocked......
I have read in this thread of others who do the same but it seems to be trial and error what you can get away with.
I agree, that list is way out of date. I posted what I blocked for a few Android & google system apps but I'm nervous about posting what else I've blocked on Android & google, because other people's ROMs and usage may react differently than mine.
 
Last edited:

temporarium

Senior Member
I agree, that list is way out of date. I posted what I blocked for a few Android & google system apps but I'm nervous about posting what else I've blocked on Android & google, because other people's ROMs and usage may react differently than mine.
Just block everything and allow only what you need and trust.
 
  • Like
Reactions: sabei

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    So, should we use post-fs-data mode, or is this too risky that it could lockup the device is something is wrong?
    At the moment i'm using the post-fs-data.d option. It may take a bit longer to start.
    While i do get errors occasionally, mainly with applying rules, it still blocks connection to apps. I don't think it's due the startup configuration ( check Github as other people have issues to ).
    My startup is also due to the other crap on my phone as well, and mainly needs time to settle down so to speak.
    Also looking back on this post not every has the same options. @Uluru25 has service.d option only, while i don't have his device but @EEngineer has completely different options.
    As to what option to use it will be up to you but the magisk guide does recommend using service.d option in most cases.

    5
    Wow - so apps can get internet access for around a minute right after bootup (before afwall can apply the rules).
    yes they cld and thats all some apps need so as to send info home but the simplest way around that is to turn off mobile internet as well as wifi before reboot and wait about a minute after boot for the firewall to have started before reconnecting internet access :)
    3
    I have two entries for that option - which one should I select?
    I'v got the same entries as well. It got me wondering what the two are.
    Came across this for the for the two options and what they mean.

    • post-fs-data mode
      • This stage is BLOCKING. The boot process is paused before execution is done, or 10 seconds have passed.
      • Scripts run before any modules are mounted. This allows a module developer to dynamically adjust their modules before it gets mounted.
      • This stage happens before Zygote is started, which pretty much means everything in Android
      • Run scripts in this mode only if necessary!
    • late_start service mode ( service.d )
      • This stage is NON-BLOCKING. Your script runs in parallel along with the booting process.
      • This is the recommended stage to run most scripts!
    This is taken from the Magisk guide

    2
    Wow - so apps can get internet access for around a minute right after bootup (before afwall can apply the rules).
    That could be the case, I don't know because I haven't used AFWall for years so I don't know how and when it applies the rules.
    My answer is from a general Linux knowledge point of view. ;)
    2
    yes they cld and thats all some apps need so as to send info home but the simplest way around that is to turn off mobile internet as well as wifi before reboot and wait about a minute after boot for the firewall to have started before reconnecting internet access :)
    I have AFWall+ and before I reboot or shut down my phone (which is at least once a week) I put my phone in airplane mode first.

    I also have "Fix startup data leak" greyed out, and I have both int.d and SU installed. What's the deal?
  • 384
    Welcome to official support page for AFWall+

    Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+

    Introduction
    AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
    discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.


    Features
    - Supports 5.x to 11.x
    - Import/Export Rules to external storage
    - Search Applications
    - Multiple Profiles with custom names
    - Tasker/Locale support
    - Select All/None/Invert/Clear applications with single click
    - Revamped Rules/Logs Viewer with copy/export to external storage
    - Ability to view the network interfaces
    - Highlight system applications with custom color
    - Notify on new installations
    - Ability to hide application icons( faster loading )
    - Use LockPattern for application protection.
    - Show/Hide application ID.
    - Roaming Control for 3G/Edge
    - VPN Control
    - LAN Control
    - Tether Control
    - IPV6 Control
    - Tor Control
    - Choose able languages
    - Choose able iptables/busybox binary
    - Supports MIPS/x86/ARM
    - DNS Hostname

    Changelog - See third Post
    Current Version - 3.5.2

    To get Unlocker without Google services - Please follow the instructions here

    AFWall+ BETA Program
    1) AFWall+ opt-in for beta program
    2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)

    Source Code/Wiki/FAQ
    AFWall+ is an free & opensource application
    Github
    Log an issue
    Frequently Asked Questions
    Many Thanks to @CHEF-KOCH

    Translations
    Translations - Please help me with translations in your language.
    http://crowdin.net/project/afwall

    Thanks To/Credits
    - German translations by [email protected] & [email protected] & [email protected]
    - French translations by [email protected] & [email protected]
    - Russian translations by [email protected] & YaroslavKa78
    - Spanish translations by [email protected]
    - Dutch translations by [email protected]
    - Japanese translation by [email protected]
    - Ukrainian translation by [email protected]
    - Slovenian translation by bunga [email protected]
    - Chinese Simplified translation by [email protected]
    - Polish translations by tst,Piotr [email protected]
    - Swedish translations by [email protected]
    - Greek Translations by [email protected]
    - Portuguese translations by [email protected]
    - Chinese Traditional by [email protected]
    - Chinese Simplified by wuwufei,tianchaoren @ crowdin
    - Italian translations by [email protected]
    - Romanian tranlations by [email protected]
    - Czech translations by Syk3s

    Cheers,
    ukanth

    XDA:DevDB Information
    AFWall+ [ IPTables Firewall ], App for the Android General

    Contributors
    ukanth
    Source Code: https://github.com/ukanth/afwall


    Version Information
    Status:
    Stable
    Current Stable Version: 3.4.0
    Stable Release Date: 2020-02-09
    Current Beta Version: 3.5.0-BETA1
    Beta Release Date: 2020-09-05

    Created 2013-12-03
    Last Updated 2020-09-05
    70
    Version 3.0.1

    * Fix: Status toggle widget 1x1
    * Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
    * Fix: Firewall error notification on oreo and above
    * Security: Tile toggle checks for password
    * User reported crashes
    * Updated translations

    Previous version 3.0.0

    Features:
    * Better support for nougat/oreo and pie.
    * Firewall toggle tile
    * Adaptive Icons
    * Notification channels
    * Tor support

    Bugs:
    * General bug fixes and crash reports.
    * Language selection bug
    * Filter selection bug
    * Compatible with magisk 17.x
    * Better handling of background process
    * Drops support for 4.x devices
    * Update languages
    * Updated libraries

    Complete Changelog

    41
    Hello All,

    After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.

    Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md

    This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.

    Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.

    BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=0
    40
    Hello everyone,

    I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.

    Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.

    I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.

    Thanks again and have a great day.
    35
    Hello everyone,

    I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here

    https://github.com/ukanth/afwall/releases/tag/v3.1.0

    Thank you all for your continuous support in AFWall+ development.