[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 424 30.9%
  • Saving battery

    Votes: 295 21.5%
  • Increasing privacy

    Votes: 737 53.7%
  • Blocking ads

    Votes: 890 64.8%

  • Total voters
    1,373
Search This thread

M66B

Recognized Developer
Aug 1, 2010
23,843
48,901
ic_launcher.png


NetGuard provides simple and advanced ways to block access to the internet - no root required.
Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

Blocking access to the internet can help:
  • reduce your data usage
  • save your battery
  • increase your privacy

Features:
  • Simple to use
  • No root required
  • 100% open source
  • No calling home
  • No tracking or analytics
  • No advertisements
  • Actively developed and supported
  • Android 5.1 and later supported
  • IPv4/IPv6 TCP/UDP supported
  • Tethering supported
  • Optionally allow when screen on
  • Optionally block when roaming
  • Optionally block system applications
  • Optionally forward ports, also to external addresses (not available if installed from the Play store)
  • Optionally notify when an application accesses the internet
  • Optionally record network usage per application per address
  • Optionally block ads using a hosts file (not available if installed from the Play store)
  • Material design theme with light and dark theme

PRO features
  • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
  • Allow/block individual addresses per application
  • New application notifications; configure NetGuard directly from the notification
  • Display network speed graph in a status bar notification
  • Select from five additional themes in both light and dark version

There is no other no-root firewall, except for clones, offering all these features.

This XDA thread is about using the latest version of NetGuard.
Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

Discussion of purchases is not allowed here, please contact me via here instead.

NetGuard is being maintained and supported, but new features won't be added anymore.

For ad blocking, see here. Ad blocking is provide "as-is".

More information on Github:

Downloads:

Screenshots:
101-main.png
102-main-details.png

103-main-access.png
108-notifications.png


For more screenshots, see here.






XDA:DevDB Information
NetGuard, App for all devices (see above for details)

Contributors
M66B
Source Code: https://github.com/M66B/NetGuard/


Version Information
Status: Stable

Created 2015-10-25
Last Updated 2020-03-11
 
Last edited:

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,537
11,593
So what the best setting... Use the pic U posted as a reference

Sent from my SAMSUNG-SM-N920A using Tapatalk

There's no "best" - this is subjective.

You have a list of apps, and you can choose whether or not to allow an app access to the Internet over WiFi or Mobile data.

Whether or not you want to let an app access the Internet is up to you.
 
  • Like
Reactions: 1977theone

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,537
11,593
Is it (technically) possible to add "on-demand" feature ?
Maybe something close to how LBE works ... Yes/No/Don't ask again
Suggestion...

Not on a granular, per-app basis, at least right now.

NetGuard for Android works by creating a VPN service at system level. Based on your choices in the allow/deny screen, NetGuard will set up VPN rules for which apps are forced through the "VPN". The "VPN" isn't a real VPN; rather, it just sinkholes the traffic to nowhere.

The limitation here is that when creating these rules, we can only set which applications' traffic enters the VPN. We can't granularly control which requests or hosts they can talk to, on a per-app basis. It would be possible to set "for all apps" a whitelist/blacklist of IP addresses, but this would be quite different, and would likely be less useful as a firewall, and more useful as simply an "ad blocker".

The VPN interface doesn't tell us which app is trying to access the internet though - we need to set it up before-hand. There are ways to tell, but Google (or a careful OEM) could easily block those with SELinux policy updates, and the goal here is to try to get all the functionality we need without any kind of root access.
 

Primokorn

Senior Member
  • Nov 17, 2012
    11,436
    7,681
    Nice app for non rooted users.
    I've just created an issue on Github though.

    French translation done.

    I'll try to create an icon this weekend if I have free time. Let me know if you want a specific color,... etc.
     

    M66B

    Recognized Developer
    Aug 1, 2010
    23,843
    48,901
    Nice app for non rooted users.
    I've just created an issue on Github though.

    French translation done.

    I'll try to create an icon this weekend if I have free time. Let me know if you want a specific color,... etc.

    The problem you have reported is probably caused by a broken VPN implementation in your ROM. I will look into it later this week more detailed.

    I like to keep the current colors, realizing not everybody will like them, but I know from experience I can't make everybody happy anyway.

    Thanks for your translation!
     

    Top Liked Posts

    • 1
      No way to do this?
      There is no button to clear manually added rules.
      1
      Can someone explain me why an app is trying to access a server from other app? For example, like you can see in screenshot, a camera app is trying to access an address linked to an encrypted mail app (protonmailView attachment 5300563)
      I don't think this is a server of another app. Please see this FAQ:


      Both apps are probably served by the same server.
    • 2
      I don't see that setting in Network Settings, unless the Lockdown Wi-Fi setting actually allows LAN access over the WiFi?
      You must first enable Subnet routing to be able to enable LAN access. Both settings are in the Network settings.
      1
      Well, NetGuard itself can sort of measure data, but I haven't figured out how to go about it yet. I don't know if it would be suitable. That was one of the reasons I originally post this issue here. Though mostly to ask if there is a way NetGuard could either be altering the data usage reported. Or if it could help find the problem.

      But, yeah, I will update in this thread if I find a suitable monitoring app. Anyone?

      This isn't a NetGuard issue, but it happened on my rooted LG G5 with AFWall+. I blocked an Android system service in AFWall+. It's one of those Android services that includes 27 additional services including com.qtfi.service.colorservice, Android system, LGDoze settings, and the important com.qualcomm.timeservice.

      With that Android service blocked my phone was getting LAN access to files, but I discovered my internet WiFi was blocked and instead was using cellular data! When I unblocked that service my battery usage improved & my cell data usage decreased. You should check in NetGuard and see if you have a similar service blocked, and unblock it.

      Keep in mind I have a rooted phone running Lineage OS 14.1 with AFWall+, so this might not be directly applicable to your situation but at least it might give you some hints as to where to look.
      1
      This isn't a NetGuard issue, but it happened on my rooted LG G5 with AFWall+. I blocked an Android system service in AFWall+. It's one of those Android services that includes 27 additional services including com.qtfi.service.colorservice, Android system, LGDoze settings, and the important com.qualcomm.timeservice.

      With that Android service blocked my phone was getting LAN access to files, but I discovered my internet WiFi was blocked and instead was using cellular data! When I unblocked that service my battery usage improved & my cell data usage decreased. You should check in NetGuard and see if you have a similar service blocked, and unblock it.

      Keep in mind I have a rooted phone running Lineage OS 14.1 with AFWall+, so this might not be directly applicable to your situation but at least it might give you some hints as to where to look.
      You may be on to something (and thanks again!). Basically, I have NetGuard blocking cell data for almost everything it can see, system and user app, but I have a lot of system stuff allowed in WiFi (I was experimenting with blocking system apps, but couldn't find any guides on what is safe to block). Anyway, for a few months I have been using WiFi a lot less than normal. So MAYBE Android got impatient and got online secretly with the cell data (bypassing NetGuard and the built-in phone data measuring software) so Android could... uh, do its non-transparent Android stuff.

      Questions (Marcel? Anyone?):
      1) Can system cell data, or ANY data, get passed NetGuard?
      2) Could this theoretical cell data also bypass the built-in phone data measuring software?
      3) Can anyone give me any kind of help blocking Android systemic data collection?
      1
      First of all thanks Marcel for your continued support of this great app!

      Quick question from my side to the community whether the app on my phone is working as intended:

      I am using the paid version of Netguard and downloaded the hostfile to block ads etc.

      In my log, I can see that those unwanted connections are blocked (see screenshot below)

      View attachment 5277363

      However, even though the domain appears to be blocked in the Netguard log, my Pi-hole tells me that a query was still made and that it was blocked by Pi-hole instead (see screenshot below)


      View attachment 5277365


      Is this behavior as expected?
      Yes, please see this FAQ:

      https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq63
      1
      Did you enable filtering in the advanced settings.

      Please see also this FAQ:

      https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq54
      Many thanks for the info, after enabling filtering, the SOCKS5 proxy options got enabled.
      In fact I had read that link before but didn't find the "enable filtering" option mentioned there,

      Thanks again.

      Also another detail that's not mentioned is do I need to enable VPN mode in Orbot after opening it and pressing the start button, or just leave it in "non vpn" mode?

      I was running with only Orbot in VPN mode since I couldn't get Netguard to use the SOCKS5 options.
      Now I would use it with Netguard (Socks5 Proxy) + Orbot (listening on 9050)

      in this mode will all system requests go thru Tor?
      Are there any chances of an IP or DNS leak?

      Can I set the Android VPN setting to Netguard and also there is another setting for "VPN always on"?
    • 341
      ic_launcher.png


      NetGuard provides simple and advanced ways to block access to the internet - no root required.
      Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

      Blocking access to the internet can help:
      • reduce your data usage
      • save your battery
      • increase your privacy

      Features:
      • Simple to use
      • No root required
      • 100% open source
      • No calling home
      • No tracking or analytics
      • No advertisements
      • Actively developed and supported
      • Android 5.1 and later supported
      • IPv4/IPv6 TCP/UDP supported
      • Tethering supported
      • Optionally allow when screen on
      • Optionally block when roaming
      • Optionally block system applications
      • Optionally forward ports, also to external addresses (not available if installed from the Play store)
      • Optionally notify when an application accesses the internet
      • Optionally record network usage per application per address
      • Optionally block ads using a hosts file (not available if installed from the Play store)
      • Material design theme with light and dark theme

      PRO features
      • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
      • Allow/block individual addresses per application
      • New application notifications; configure NetGuard directly from the notification
      • Display network speed graph in a status bar notification
      • Select from five additional themes in both light and dark version

      There is no other no-root firewall, except for clones, offering all these features.

      This XDA thread is about using the latest version of NetGuard.
      Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

      Discussion of purchases is not allowed here, please contact me via here instead.

      NetGuard is being maintained and supported, but new features won't be added anymore.

      For ad blocking, see here. Ad blocking is provide "as-is".

      More information on Github:

      Downloads:

      Screenshots:
      101-main.png
      102-main-details.png

      103-main-access.png
      108-notifications.png


      For more screenshots, see here.






      XDA:DevDB Information
      NetGuard, App for all devices (see above for details)

      Contributors
      M66B
      Source Code: https://github.com/M66B/NetGuard/


      Version Information
      Status: Stable

      Created 2015-10-25
      Last Updated 2020-03-11
      25
      25
      I have just released stable version 2.39.

      Changelog/download
      https://github.com/M66B/NetGuard/releases/tag/2.39

      This version will be available in the Play store after Google's approval.

      Usage data sharing has been removed from this version.

      The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
      17
      I have just released beta version 2.268

      Changelog/download:
      https://github.com/M66B/NetGuard/releases

      This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
      17
      I have just released beta version 2.21.

      Changelog/download:
      https://github.com/M66B/NetGuard/releases/tag/2.21

      This version will be available as beta version in the Play store after Google's approval.
    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone