• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[5.0+][ROOT][3.5.2] AFWall+ IPTables Firewall [16 May 2021]

Search This thread
I know this may sound like a newbie question, but I just want to understand how this app works.

From what I understand, it modifies the "IPTables" which I believe are config files that tell the internal network system how to route data packets.
No it is not any config files...
It is the name of the networking functionality of the kernel.
It's rules are kept in memory and need to be reapplied after each boot.
 
  • Like
Reactions: TiTiB and JohnC
Wow - so apps can get internet access for around a minute right after bootup (before afwall can apply the rules).
That could be the case, I don't know because I haven't used AFWall for years so I don't know how and when it applies the rules.
My answer is from a general Linux knowledge point of view. ;)
 

Uluru25

Senior Member
Nov 27, 2016
144
51
Samsung Galaxy A6
Redmi Note 8

Attachments

  • Screenshot_20210729-120134_Trebuchet_1.png
    Screenshot_20210729-120134_Trebuchet_1.png
    235.1 KB · Views: 37

b00b

Senior Member
Oct 24, 2010
191
49
Wow - so apps can get internet access for around a minute right after bootup (before afwall can apply the rules).
yes they cld and thats all some apps need so as to send info home but the simplest way around that is to turn off mobile internet as well as wifi before reboot and wait about a minute after boot for the firewall to have started before reconnecting internet access :)
 
Last edited:

EEngineer

Senior Member
Oct 20, 2011
920
164
USA
T-Mobile LG G5
yes they cld and thats all some apps need so as to send info home but the simplest way around that is to turn off mobile internet as well as wifi before reboot and wait about a minute after boot for the firewall to have started before reconnecting internet access :)
I have AFWall+ and before I reboot or shut down my phone (which is at least once a week) I put my phone in airplane mode first.

I also have "Fix startup data leak" greyed out, and I have both int.d and SU installed. What's the deal?
 

Uluru25

Senior Member
Nov 27, 2016
144
51
Samsung Galaxy A6
Redmi Note 8
I have two questions:

1) How do i use the "Startup Directory Path for Script" setting?
2) The "Fix startup data leak" is greyed out - is this because I have Magisk (systemless)?
Just click (first!) on the startup directory path and activate it here. Then the outgreying of fixing the startup data leak will dissappear and you can activate it.
 

Attachments

  • Screenshot_20210729-194442_Trebuchet.png
    Screenshot_20210729-194442_Trebuchet.png
    159.9 KB · Views: 21

spawnlives

Senior Member
Jan 27, 2018
1,051
396
Samsung Galaxy S8
Samsung Galaxy S9
I have two entries for that option - which one should I select?
I'v got the same entries as well. It got me wondering what the two are.
Came across this for the for the two options and what they mean.

  • post-fs-data mode
    • This stage is BLOCKING. The boot process is paused before execution is done, or 10 seconds have passed.
    • Scripts run before any modules are mounted. This allows a module developer to dynamically adjust their modules before it gets mounted.
    • This stage happens before Zygote is started, which pretty much means everything in Android
    • Run scripts in this mode only if necessary!
  • late_start service mode ( service.d )
    • This stage is NON-BLOCKING. Your script runs in parallel along with the booting process.
    • This is the recommended stage to run most scripts!
This is taken from the Magisk guide

 

JohnC

Senior Member
May 5, 2007
562
112
Amazon Fire TV
Google Pixel 4a
I'v got the same entries as well. It got me wondering what the two are.
Came across this for the for the two options and what they mean.

  • post-fs-data mode
    • This stage is BLOCKING. The boot process is paused before execution is done, or 10 seconds have passed.
    • Scripts run before any modules are mounted. This allows a module developer to dynamically adjust their modules before it gets mounted.
    • This stage happens before Zygote is started, which pretty much means everything in Android
    • Run scripts in this mode only if necessary!
  • late_start service mode ( service.d )
    • This stage is NON-BLOCKING. Your script runs in parallel along with the booting process.
    • This is the recommended stage to run most scripts!
This is taken from the Magisk guide

WOW - thanks awesome!

Thank you for taking the time to research that and post your findings!

So, should we use post-fs-data mode, or is this too risky that it could lockup the device is something is wrong?
 

spawnlives

Senior Member
Jan 27, 2018
1,051
396
Samsung Galaxy S8
Samsung Galaxy S9
So, should we use post-fs-data mode, or is this too risky that it could lockup the device is something is wrong?
At the moment i'm using the post-fs-data.d option. It may take a bit longer to start.
While i do get errors occasionally, mainly with applying rules, it still blocks connection to apps. I don't think it's due the startup configuration ( check Github as other people have issues to ).
My startup is also due to the other crap on my phone as well, and mainly needs time to settle down so to speak.
Also looking back on this post not every has the same options. @Uluru25 has service.d option only, while i don't have his device but @EEngineer has completely different options.
As to what option to use it will be up to you but the magisk guide does recommend using service.d option in most cases.

 

JohnC

Senior Member
May 5, 2007
562
112
Amazon Fire TV
Google Pixel 4a
@JohnC

I should clarify this a bit

The magisk thread/quote explains what the two options are and how they work.

The magisk guide refers to options when building a app.

If the app itself is giving you the options then you can choose what ever you like.
Understood. I am going to use the suggested choice, but understand that it could leave the firewall down for a few seconds when booting up.
 
  • Like
Reactions: spawnlives

Top Liked Posts