[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 420 30.8%
  • Saving battery

    Votes: 293 21.5%
  • Increasing privacy

    Votes: 731 53.6%
  • Blocking ads

    Votes: 884 64.8%

  • Total voters
    1,364
Search This thread

orgshooter

Member
Feb 1, 2008
24
9
@M66B
I have the same settings in the 2.290 as with the 2.293 from yesterday.
Screenshot_20210302-100601_Device care.jpg

Now the consumption is better.
 
Last edited:

M66B

Recognized Developer
Aug 1, 2010
23,742
48,638
Suggestion:
A - integrate wireguard support, import .conf
B - Block all outbond tcp 80
C - If using secure DNS, block all udp 53

thanks,
If there was enough support for this project and the average Play store rating wasn't going down about each and every day, I would consider adding this.
 

AndroAlex

Member
Feb 25, 2021
48
23
That is really sad to read, but especially these * beep * reviews from users on the GPS who believe a firewall AND ad blocker would be ready-made for their own needs without their own user-work.
For me, NetGuard is the most informative and therefore the best open source (!) Firewall there is for this * beep * Android, which is owned more and more by Google anyway.
 
  • Like
Reactions: jsusang

M66B

Recognized Developer
Aug 1, 2010
23,742
48,638
That is really sad to read, but especially these * beep * reviews from users on the GPS who believe a firewall AND ad blocker would be ready-made for their own needs without their own user-work.
For me, NetGuard is the most informative and therefore the best open source (!) Firewall there is for this * beep * Android, which is owned more and more by Google anyway.
I am afraid it will get worse first, until the EU, etc are going to enforce things, but this is unfortunately a very slow process.

I am afraid more independent developers will give up because developing apps this way is rather frustrating.

I will keep maintaining and supporting NetGuard, as I have been doing for over 5 years already, but I am currently not motivated to put energy in new features.
 
  • Like
Reactions: jsusang

xdawallah

Member
Aug 14, 2016
17
2
Can you please help me to understand Netguard's output and behaviour?
I am trying to use the Eddy app from eddy-sharing.de
I can load the map, but the login fails with "unknown error occurred". The password works on another phone with this app.

My questions:
1. Why does the URL eddy-sharing.frontend.fleetbird.eu occur in the protocol (first screenshot), but the rule is green (second screenshot)? Is the URL now allowed or not?
2. T4 android.googleapis.com is shown in red ,but with a green checkmark. Is it now allowed or not?
3. T4 connectivitycheck.gstatic.com is shown in red, though I selected the WiFiin green in the upper right corner. Why? Is it now allowed or not?
4. Is it an issue that the phone currently has only WiFi enabled, but no sim card inserted?

Looking forward to some enlightenment.
Thanks.

Xdawallah
 

Attachments

  • Screenshot_20210303-215356_NetGuard.png
    Screenshot_20210303-215356_NetGuard.png
    277.6 KB · Views: 39
  • Screenshot_20210303-215505_NetGuard.jpg
    Screenshot_20210303-215505_NetGuard.jpg
    667.9 KB · Views: 41

M66B

Recognized Developer
Aug 1, 2010
23,742
48,638
Can you please help me to understand Netguard's output and behaviour?
I am trying to use the Eddy app from eddy-sharing.de
I can load the map, but the login fails with "unknown error occurred". The password works on another phone with this app.

My questions:
1. Why does the URL eddy-sharing.frontend.fleetbird.eu occur in the protocol (first screenshot), but the rule is green (second screenshot)? Is the URL now allowed or not?
2. T4 android.googleapis.com is shown in red ,but with a green checkmark. Is it now allowed or not?
3. T4 connectivitycheck.gstatic.com is shown in red, though I selected the WiFiin green in the upper right corner. Why? Is it now allowed or not?
4. Is it an issue that the phone currently has only WiFi enabled, but no sim card inserted?

Looking forward to some enlightenment.
Thanks.

Xdawallah
Please see this FAQ for an explanation:

 

brwgamer

Member
Jun 1, 2018
10
0
Hi, I'm facing a network problem on Android 10 that happens only randomly:

Code:
java.net.SocketTimeoutException: failed to connect to www.mydomain.com/81.NN.NN.NN (port 443) from /10.9.1.178 (port 49640) after 10000ms

In my Android App, in the method that performs the https connection I have this line of code:

Java:
java.security.Security.setProperty("networkaddress.cache.ttl" , "0");

With my previous phone with Android 6 the same code works without problems.

I've done lots efforts to try to discover the reason of that error.
Recently I tried to run my code after disabled NetGuard: sometimes my app immediately works, sometimes it works after some minutes, sometimes after reinstalling my app (always from Android Studio), sometimes while NetGuard is active normally.

Today while the problem was happening I tried to leave NetGuard active, I activated the airplane mode, then disabled airplane mode and my app successes on connecting without the need to reopen/reinstall it and without closing NetGuard.

Maybe the problem is related to the caching DNS TTL? Does my line of code is ignored or wrong?

How can I set properly NetGuard?

I'm using NetGuard to block all traffic for applications that I cannot uninstall, so I need it, I'll use it since years and it worked always fine!

Here you can find lots other info:
https://stackoverflow.com/questions/66303303/http-request-fails-even-if-the-connection-is-active

Thanks for your work and for your support!
 

M66B

Recognized Developer
Aug 1, 2010
23,742
48,638
Hi, I'm facing a network problem on Android 10 that happens only randomly:

Code:
java.net.SocketTimeoutException: failed to connect to www.mydomain.com/81.NN.NN.NN (port 443) from /10.9.1.178 (port 49640) after 10000ms

In my Android App, in the method that performs the https connection I have this line of code:

Java:
java.security.Security.setProperty("networkaddress.cache.ttl" , "0");

With my previous phone with Android 6 the same code works without problems.

I've done lots efforts to try to discover the reason of that error.
Recently I tried to run my code after disabled NetGuard: sometimes my app immediately works, sometimes it works after some minutes, sometimes after reinstalling my app (always from Android Studio), sometimes while NetGuard is active normally.

Today while the problem was happening I tried to leave NetGuard active, I activated the airplane mode, then disabled airplane mode and my app successes on connecting without the need to reopen/reinstall it and without closing NetGuard.

Maybe the problem is related to the caching DNS TTL? Does my line of code is ignored or wrong?

How can I set properly NetGuard?

I'm using NetGuard to block all traffic for applications that I cannot uninstall, so I need it, I'll use it since years and it worked always fine!

Here you can find lots other info:
https://stackoverflow.com/questions/66303303/http-request-fails-even-if-the-connection-is-active

Thanks for your work and for your support!
Sorry, this forum is not for helping you with development problems.
Android resolves domain names on behalf of all apps, so this is not related to NetGuard.
 
  • Like
Reactions: fraschi51

penroid

Member
Jan 29, 2012
25
4
I'm having issues when using netguard vpn dns 1.1.1.1 and 8.8.8.8. All cellular netguard filtered traffic will not work but on wifi everything works. Otherwise removing 8.8.8.8 it also works.
 
Last edited:

xdawallah

Member
Aug 14, 2016
17
2
Please see this FAQ for an explanation:


Hi Marcel,

the Text in the FAQ

NetGuard blocks traffic based on the IP addresses an application is trying to connect to. If more than one domain name is on the same IP, they cannot be distinguished. If you set different rules for 2 domains which resolve to the same IP, both will be blocked.

refers to rules for a single appID, right?
So, if I block firebase for my app, googleapis.com might also be blocked. But it is still independent of blocking firebase for other apps.
I now allowed all Google related URLs, but the eddy-sharing.frontend.fleetbird.eu has no IP range in common with the rest of ruled for this app.
I still do not understand the log entry for this URL in the protocol.
And this seems to be the main reason for the failure.

Question 4, I answered by myself. Of course, there was no difference, after adding a SIM to the phone. The WiFi rules apply.
 

M66B

Recognized Developer
Aug 1, 2010
23,742
48,638
I'm having issues when using netguard vpn dns 1.1.1.1 and 8.8.8.8. All cellular netguard filtered traffic will not work but on wifi everything works. Otherwise removing 8.8.8.8 it also works.
Your mobile internet provider doesn't seem to allow these DNS servers.
 

M66B

Recognized Developer
Aug 1, 2010
23,742
48,638
Hi Marcel,

the Text in the FAQ



refers to rules for a single appID, right?
So, if I block firebase for my app, googleapis.com might also be blocked. But it is still independent of blocking firebase for other apps.
I now allowed all Google related URLs, but the eddy-sharing.frontend.fleetbird.eu has no IP range in common with the rest of ruled for this app.
I still do not understand the log entry for this URL in the protocol.
And this seems to be the main reason for the failure.

Question 4, I answered by myself. Of course, there was no difference, after adding a SIM to the phone. The WiFi rules apply.
Looking again at the screenshots I don't understand your problem. eddy-sharing.frontend.fleetbird.eu is just allowed on both screenshots.
 

brwgamer

Member
Jun 1, 2018
10
0
Sorry, this forum is not for helping you with development problems.
Android resolves domain names on behalf of all apps, so this is not related to NetGuard.

If NetGuard show a notify saying this:
Tentativo di accesso internet
05 19:06 mil04s41-in-f10.1e100.net
05 19:06 myuser.webapps.net

It means that NetGuard block these connections?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Yes it works fine for DoT but Ad blocking in NetGuard is not ok in this case with private DNS defined in Android.

    You wrote that NetGuard has to be defined with traffic filter off and subnet routing on, to permit private DNS to be active.

    In my test today with private DNS, traffic filter was on and subnet routing off in NetGuard.

    I am a little confused.

    Do you have an explanation ?

    Thanks in advance for your reply.
    You can't use ad blocking with filtering disabled and you can't use filtering with private DNS enabled.
    2
    I don't see that setting in Network Settings, unless the Lockdown Wi-Fi setting actually allows LAN access over the WiFi?
    You must first enable Subnet routing to be able to enable LAN access. Both settings are in the Network settings.
    1
    Have a look at Adguard, they have two DNS servers which filter ads but I don't know if they have a private DNS service.
    1
    Marsel, I enjoy your app very much (I have full pro version). Can I use multiple host files? I now use default but I think I'll need a bit more in the future.
    Yes, you can import a second host file (either created by yourself or downloaded somewhere else) via the setting item 'Import host file (append)', which will then be merged with the first one.
    1
    First of all thanks Marcel for your continued support of this great app!

    Quick question from my side to the community whether the app on my phone is working as intended:

    I am using the paid version of Netguard and downloaded the hostfile to block ads etc.

    In my log, I can see that those unwanted connections are blocked (see screenshot below)

    View attachment 5277363

    However, even though the domain appears to be blocked in the Netguard log, my Pi-hole tells me that a query was still made and that it was blocked by Pi-hole instead (see screenshot below)


    View attachment 5277365


    Is this behavior as expected?
    Yes, please see this FAQ:

    https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq63
  • 339
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    25
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    17
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone