[5.0+][ROOT][3.5.3] AFWall+ IPTables Firewall [28 JUN 2022]

Search This thread

TiTiB

Senior Member
Jun 19, 2015
926
729
Earth, for now
Hello all,

Hope all are doing fine. I was out for past couple of months due to my surgery. I'm still recovering from it. Here is the latest BETA version to add support for Android 12+

I have not tested it on Android 13. I will try to do it this week.


Kindly raise the issue on github (existing or new one)
Hope your road to recovery is a short one!
 

lenoid

Senior Member
Dec 10, 2013
52
8
Germany
I'm trying to use AfWall+ 3.5.3 (Google Play) on LineageOS 19.1 (Android 12L) on my Note 8.0 but get the message that no root access is possible when I try to activate AfWall+. Root is granted with Magisk 24.1. Any ideas what went wrong?
 

mythos_

Senior Member
May 27, 2012
128
48
I still have the issue that sometimes the rules fail to apply (manual application). With this version when that happens the firewall is turned off. This didn't happen with the previous version. Rule application failed sometimes but the firewall wasn't turned off.
 

ukanth

Recognized Developer
Nov 30, 2010
1,539
5,367
Nexus 7 (2013)
OnePlus X
I still have the issue that sometimes the rules fail to apply (manual application). With this version when that happens the firewall is turned off. This didn't happen with the previous version. Rule application failed sometimes but the firewall wasn't turned off.
Make sure you have enable delay for rules in the preference.
 
  • Like
Reactions: IronTechmonkey

IronTechmonkey

Recognized Contributor
Feb 12, 2013
8,632
13,583
I still have the issue that sometimes the rules fail to apply (manual application). With this version when that happens the firewall is turned off. This didn't happen with the previous version. Rule application failed sometimes but the firewall wasn't turned off.

The same thing happened to me. FYI in the previous iteration after the rules failure the firewall was not active even though the icon indicating enabled persisted. IIRC the fact that after the same type of incident the firewall now reveals that it is disabled is the restoration of a formerly missing indicator.

As to the rules application failure and the delay setting I just wait until the rules have been applied before closing the panel but have also tried the suggested delay setting which was effective. If I was changing rules more frequently I would use the delay setting.
 

mythos_

Senior Member
May 27, 2012
128
48
Make sure you have enable delay for rules in the preference.
I've enabled this setting. The last few times I tried it (with the setting off) the rules applied with success so I don't know if it's fixed now. Not sure when the failures happen, it seems random. It only seems to happen on manual application though. Anyway I'll keep it on and hope it helps.

The same thing happened to me. FYI in the previous iteration after the rules failure the firewall was not active even though the icon indicating enabled persisted. IIRC the fact that after the same type of incident the firewall now reveals that it is disabled is the restoration of a formerly missing indicator.

As to the rules application failure and the delay setting I just wait until the rules have been applied before closing the panel but have also tried the suggested delay setting which was effective. If I was changing rules more frequently I would use the delay setting.
Well at least now we have the right indication whether it's on or not. That's a step in the right direction.

Also the log still doesn't work. I enable it but it's always empty. Any fix for that too ?
 

this-is-me

Member
Sep 9, 2010
38
8
I would like a custom script or rule to block all tethering through bluetooth/wifi/USB. I have tethering unchecked, and so I can't get a DHCP address through USB tether, but I can manually specify an IPv4 address, and still access the internet through tethering.
 

wonzay

Member
Nov 4, 2015
46
6
3.5.3 works good, but I need to start afwall manually after boot. I use "mtk easy su" root method. Root is "available" in about 30 sec. Custom "startup delay timer" in afwall doesn't work in this configuration.
 

lenoid

Senior Member
Dec 10, 2013
52
8
Germany
@wonzay
Since my device is an Exynos4 device and not an Mediatek one and also has the June 2022 security patch, Mtk easy su won't work.


@temporarium
Yes, I tried this. And I also uninstalled AfWall. Both didn't help. Any Magisk version after 24.1 won't work on my device since the developers made huge changes.
 

temporarium

Senior Member
[SER=4645704]@temporarium[/USER]
Yes, I tried this. And I also uninstalled AfWall. Both didn't help. Any Magisk version after 24.1 won't work on my device since the developers made huge changes.
I have 25.1 working perfectly on my Android 7.1.2 tablet with the latest AFWall. There was an incompatible version inbetween, but this latest Magisk works fine (here).
 

lenoid

Senior Member
Dec 10, 2013
52
8
Germany
I have 25.1 working perfectly on my Android 7.1.2 tablet with the latest AFWall. There was an incompatible version inbetween, but this latest Magisk works fine (here).
There seems to be no chance to get 24.2+ (which got a rewrite and the developers mentioned, that it may not work on all devices) working. I flashed 25.1 in TWRP but Magisk Manager 25.1 says it's not installed and I also don't have root access in other apps. Flashing 24.1 in TWRP and all apps except AfWall are working fine again. Maybe I could check 24.3 again.

AfWall 3.5.2 worked fine on the same device on LineageOS 14.1 (7.1.2) and Magisk 24.1.

EDIT: Magisk 24.3 also doesn't work. :(
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Have you tried removing the AFWall entry from Magisk and having AFWall request root permissions again?

    Also, latest Magisk is 25.1.
    1
    @ukanth I'm a beta tester on Play Store. On 3.5.3 when I turn on logging, the rules won't load with an error "Error applying iptable rules". I've tried with just IP4, just IP6 and the combo of both. The moment I disable logging, the rules load

    Anything you need me to check/change to help debug this?
    1
    forgive my noob question. Which app should i tick at the lsposed ui for afwall+? is it system framework or any other?
    you just check system framework, however you used to have to select download manager also but since I don't use the xposed module anymore (ukanth deprecated it in latest releases) I would just wait for him to push a new one out, but you should be good with system framework and download manager (unless someone else can chime in here)
    1
    AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall).
    (...)

    Features
    - Supports 5.x to 12.x
    (...)
    Is and how is it possible that it works in android 12.1 on older devices as described in LineageOS Changelog 26:

    Let’s talk about legacy devices…

    Bad news lies ahead, sadly. I know many of you were expecting the usual myriad of legacy devices to surprise you with a 19 release, but at the moment they won’t be.

    This is due to AOSP’s removal of iptables in favor of eBPF. This is a newer, much more efficient kernel side implementation.

    The issue lies in the fact that only devices with Linux kernel 4.9 or newer have the needed capabilities to make use of eBPF. Usually, these things can be backported to older kernel versions, but at the moment, even something as close to version 4.9 as 4.4 proved challenging due to the sheer number of commits and structure changes in BPF’s introduction. Those of you on a 4.4 kernel, fear not, a backport has been created, but for devices using kernel versions 3.18 and below, this may be the end of the road. If you become aware of a functional backport, or create one yourself, feel free to let us know via devrel(at)lineageos.org!

    Additionally, iptables can’t be restored in any meaningful way, which makes things all the harder. At the moment, with some hacky workarounds (that we won’t be merging, as they break packet filtering, etc.) legacy devices can boot, but until a proper workaround/backport of BPF is brought to older kernel versions, don’t expect legacy devices to ship LineageOS 19.
    1
    Those unofficial maintainers should get their kernels together, IMHO.
    So you think that these great guys, who spend a lot of time for getting LOS working on legacy devices and give them a new life, should develop a working kernel or spend some extra time and knowledge?

    And BTW because you were asking why the latest:
    1. Android 12L has some optimizations for tablets and also other new useful features compared to older versions
    2. old Roms are often not maintained anymore and are getting no security or bug fixes anymore, especially when the developer is the same
    3. sometimes you don't have a selection of good roms
    4. some apps don't get updates on old Android versions like 7.1.2 anymore
  • 394
    Welcome to official support page for AFWall+

    Disclaimer - As Usual. I'll not take any responsible if something goes wrong when using AFWall+

    Introduction
    AFWall+ is an improved version of DroidWall(front-end application for the powerful iptables Linux firewall). It allows you to restrict which applications are permitted to access your data networks (2G/3G/4G/LTE and/or Wi-Fi and while in roaming).Since the original author of Droidwall
    discontinued the project, I decided to keep the app instead of Avast Firewall. I'll continue to add more features as I can.


    Features
    - Supports 5.x to 12.x
    - Import/Export Rules to external storage
    - Search Applications
    - Multiple Profiles with custom names
    - Tasker/Locale support
    - Select All/None/Invert/Clear applications with single click
    - Revamped Rules/Logs Viewer with copy/export to external storage
    - Ability to view the network interfaces
    - Highlight system applications with custom color
    - Notify on new installations
    - Ability to hide application icons( faster loading )
    - Use LockPattern for application protection.
    - Show/Hide application ID.
    - Roaming Control for 3G/Edge
    - VPN Control
    - LAN Control
    - Tether Control
    - IPV6 Control
    - Tor Control
    - Choose able languages
    - Choose able iptables/busybox binary
    - Supports MIPS/x86/ARM
    - DNS Hostname

    Changelog - See third Post
    Current Version - 3.5.3

    To get Unlocker without Google services - Please follow the instructions here

    AFWall+ BETA Program
    1) AFWall+ opt-in for beta program
    2) Install AFWall+ and If you have any issues, just send email from (Menu -> Firewall Rules - > Send error report)

    Source Code/Wiki/FAQ
    AFWall+ is an free & opensource application
    Github
    Log an issue
    Frequently Asked Questions
    Many Thanks to @CHEF-KOCH

    Translations
    Translations - Please help me with translations in your language.
    http://crowdin.net/project/afwall

    Thanks To/Credits
    - German translations by [email protected] & [email protected] & [email protected]
    - French translations by [email protected] & [email protected]
    - Russian translations by [email protected] & YaroslavKa78
    - Spanish translations by [email protected]
    - Dutch translations by [email protected]
    - Japanese translation by [email protected]
    - Ukrainian translation by [email protected]
    - Slovenian translation by bunga [email protected]
    - Chinese Simplified translation by [email protected]
    - Polish translations by tst,Piotr [email protected]
    - Swedish translations by [email protected]
    - Greek Translations by [email protected]
    - Portuguese translations by [email protected]
    - Chinese Traditional by [email protected]
    - Chinese Simplified by wuwufei,tianchaoren @ crowdin
    - Italian translations by [email protected]
    - Romanian tranlations by [email protected]
    - Czech translations by Syk3s

    Cheers,
    ukanth

    XDA:DevDB Information
    AFWall+ [ IPTables Firewall ], App for the Android General

    Contributors
    ukanth
    Source Code: https://github.com/ukanth/afwall


    Version Information
    Status:
    Stable
    Current Stable Version: 3.5.3
    Stable Release Date: 2022-06-28
    Current Beta Version:
    3.5.3
    Beta Release Date: 2022-06-28

    Created 2013-12-03
    Last Updated 2020-09-05
    70
    Version 3.0.1

    * Fix: Status toggle widget 1x1
    * Fix: Ability to hide ongoing notification (Stop firewall and restart to hide after disable it in preferences)
    * Fix: Firewall error notification on oreo and above
    * Security: Tile toggle checks for password
    * User reported crashes
    * Updated translations

    Previous version 3.0.0

    Features:
    * Better support for nougat/oreo and pie.
    * Firewall toggle tile
    * Adaptive Icons
    * Notification channels
    * Tor support

    Bugs:
    * General bug fixes and crash reports.
    * Language selection bug
    * Filter selection bug
    * Compatible with magisk 17.x
    * Better handling of background process
    * Drops support for 4.x devices
    * Update languages
    * Updated libraries

    Complete Changelog

    41
    Hello All,

    After careful analysis and testing, I decided not to rewrite the way rules are being applied due to lot of under hood changes required. Instead added few enhancements. Now applying rules from menu will show how many rules are getting applied with progress status. Also when adding/removing few rules , it will apply only those related rules instead of full apply.

    Also fixed couple of bugs and enhancements. You can get the full changelog from https://github.com/ukanth/afwall/blob/beta/Changelog.md

    This is BETA Version which is not released on playstore. I have been using this for past week and it's stable. But there might be bugs which I haven't encountered. Please test it and report it in case of any issues.

    Also I have been following XPrivacy thread on the decision by it's author. Just as FYI, I might fix it for my own usage when I update to nougat, I will share it here if anybody uses it here.

    BETA Link - https://www.dropbox.com/s/isvi413qyx6vb4d/AFWall+ 2.9.7-BETA-TESTER.apk?dl=0
    40
    Hello everyone,

    I have released 3.0.0 stable on playstore today. It's been a crazy month so far. After going through lot of dilemma of whether to support the existing afwall or write a new one from scratch, finally able to pull myself and release stable version of afwall with lots of bug fixes and new features along with pie support. Since I don't do full time Android development, it was hard to keep track of what's going on with sdk level changes.

    Thank you all for your support in AFWall+ development. Without your support it would simply not possible to pull through this.

    I will be out for couple of days ( taking off to spend time with my family ) and hopefully will be able to reply to questions once back.

    Thanks again and have a great day.
    35
    Hello everyone,

    I have released stable version of 3.1.0 to playstore and github. Its live on playstore. You can find the changelog along with md5/sha here

    https://github.com/ukanth/afwall/releases/tag/v3.1.0

    Thank you all for your continuous support in AFWall+ development.