[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 424 30.9%
  • Saving battery

    Votes: 295 21.5%
  • Increasing privacy

    Votes: 737 53.7%
  • Blocking ads

    Votes: 890 64.8%

  • Total voters
    1,373
Search This thread
Hi,

Sorry to ask this way, however I couldn't find a clear answer to this.

In filtering mode, (how) can I whitelist a single app to access internet fo all addreses? For example a browser?

Background: I am trying to use NG v2.295 with active private DNS (nextdns) and blocked Non-VPN traffic. Seems to work. However unchecking "aplply rules...." has no effect, still blocked traffic which makes sense as non-vpn traffic is blocked. Therefore the question.

Thanks!
 

M66B

Recognized Developer
Aug 1, 2010
23,868
48,978
Hi,

Sorry to ask this way, however I couldn't find a clear answer to this.

In filtering mode, (how) can I whitelist a single app to access internet fo all addreses? For example a browser?

Background: I am trying to use NG v2.295 with active private DNS (nextdns) and blocked Non-VPN traffic. Seems to work. However unchecking "aplply rules...." has no effect, still blocked traffic which makes sense as non-vpn traffic is blocked. Therefore the question.

Thanks!
You can't use private DNS and filtering mode together because NetGuard will not be able to see domain names in this situation anymore.

Moreover, blocking connections without VPN will result in blocking all connections, see also the FAQ.
 
D

Deleted member 11553097

Guest
First of all thanks Marcel for your continued support of this great app!

Quick question from my side to the community whether the app on my phone is working as intended:

I am using the paid version of Netguard and downloaded the hostfile to block ads etc.

In my log, I can see that those unwanted connections are blocked (see screenshot below)

netguard.jpg


However, even though the domain appears to be blocked in the Netguard log, my Pi-hole tells me that a query was still made and that it was blocked by Pi-hole instead (see screenshot below)


pihole.jpg



Is this behavior as expected?
 

M66B

Recognized Developer
Aug 1, 2010
23,868
48,978
First of all thanks Marcel for your continued support of this great app!

Quick question from my side to the community whether the app on my phone is working as intended:

I am using the paid version of Netguard and downloaded the hostfile to block ads etc.

In my log, I can see that those unwanted connections are blocked (see screenshot below)

View attachment 5277363

However, even though the domain appears to be blocked in the Netguard log, my Pi-hole tells me that a query was still made and that it was blocked by Pi-hole instead (see screenshot below)


View attachment 5277365


Is this behavior as expected?
Yes, please see this FAQ:

https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq63
 
You can't use private DNS and filtering mode together because NetGuard will not be able to see domain names in this situation anymore.

Moreover, blocking connections without VPN will result in blocking all connections, see also the FAQ.
M66B,
thanks for your response. IP filtering and seeing domain names in the protokoll works well with private DNS active and non-VPN blocked - at least on my device (Samsung ZFlip, OneUi 3.1, Android 11)

So I can in fact use DNS based filtering via private DNS and have an additional IP based filtering via NG on top. NG filters IPs not DN if I understood this correctly.

Well, Samsung is deeply manilulating the Android system, so maybe this is a Samsuns-special-feature/bug.

So I understood that a whitelisting of a single app is not possible?

Thanks, M
 

M66B

Recognized Developer
Aug 1, 2010
23,868
48,978
M66B,
thanks for your response. IP filtering and seeing domain names in the protokoll works well with private DNS active and non-VPN blocked - at least on my device (Samsung ZFlip, OneUi 3.1, Android 11)

So I can in fact use DNS based filtering via private DNS and have an additional IP based filtering via NG on top. NG filters IPs not DN if I understood this correctly.

Well, Samsung is deeply manilulating the Android system, so maybe this is a Samsuns-special-feature/bug.

So I understood that a whitelisting of a single app is not possible?

Thanks, M
I guess you are seeing reverse resolved domain names. This will not work out nicely when there are many IP addresses for the same domain name, which is these days most often the case with Cloudflare, etc.

If you don't want to block an app, just do not block it. Ad blocking works globally though and this can't be changed because Android resolves domain names on behalf of all apps.
 
Thank you for you help, M66B!
Michael

I guess you are seeing reverse resolved domain names. This will not work out nicely when there are many IP addresses for the same domain name, which is these days most often the case with Cloudflare, etc.

If you don't want to block an app, just do not block it. Ad blocking works globally though and this can't be changed because Android resolves domain names on behalf of all apps.
 

xenon_rays

New member
Apr 20, 2021
3
1
Many thanks for this great app.
For the last few days I'm trying to use Netguard with Orbot, using the inbuilt socks5 proxy in Netguard.
But when I go to advance settings
I find all the Socks5 options are disabled. I'm not sure why this is ocurring. I uninstalled and reinstalled Netguard, but to no avail.
Am I missing something here?
 

M66B

Recognized Developer
Aug 1, 2010
23,868
48,978
Many thanks for this great app.
For the last few days I'm trying to use Netguard with Orbot, using the inbuilt socks5 proxy in Netguard.
But when I go to advance settings
I find all the Socks5 options are disabled. I'm not sure why this is ocurring. I uninstalled and reinstalled Netguard, but to no avail.
Am I missing something here?
Did you enable filtering in the advanced settings.

Please see also this FAQ:

https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq54
 

xenon_rays

New member
Apr 20, 2021
3
1
Did you enable filtering in the advanced settings.

Please see also this FAQ:

https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq54
Many thanks for the info, after enabling filtering, the SOCKS5 proxy options got enabled.
In fact I had read that link before but didn't find the "enable filtering" option mentioned there,

Thanks again.

Also another detail that's not mentioned is do I need to enable VPN mode in Orbot after opening it and pressing the start button, or just leave it in "non vpn" mode?

I was running with only Orbot in VPN mode since I couldn't get Netguard to use the SOCKS5 options.
Now I would use it with Netguard (Socks5 Proxy) + Orbot (listening on 9050)

in this mode will all system requests go thru Tor?
Are there any chances of an IP or DNS leak?

Can I set the Android VPN setting to Netguard and also there is another setting for "VPN always on"?
 
  • Like
Reactions: whitebeard9

xenon_rays

New member
Apr 20, 2021
3
1
I also noticed that when "Block connections without VPN" is turned on in Android, Netguard doesn't work.

It was mentioned here


Is there a workaround to this, so that if Netguard fails we are not exposed to the internet.
 

M66B

Recognized Developer
Aug 1, 2010
23,868
48,978
I also noticed that when "Block connections without VPN" is turned on in Android, Netguard doesn't work.

It was mentioned here


Is there a workaround to this, so that if Netguard fails we are not exposed to the internet.
There is no workaround for this because Android disables DNS with this setting enabled.
 

LoWbAtErRy

New member
Jan 28, 2021
1
0
ic_launcher.png


NetGuard provides simple and advanced ways to block access to the internet - no root required.
Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

Blocking access to the internet can help:
  • reduce your data usage
  • save your battery
  • increase your privacy

Features:
  • Simple to use
  • No root required
  • 100% open source
  • No calling home
  • No tracking or analytics
  • No advertisements
  • Actively developed and supported
  • Android 5.1 and later supported
  • IPv4/IPv6 TCP/UDP supported
  • Tethering supported
  • Optionally allow when screen on
  • Optionally block when roaming
  • Optionally block system applications
  • Optionally forward ports, also to external addresses (not available if installed from the Play store)
  • Optionally notify when an application accesses the internet
  • Optionally record network usage per application per address
  • Optionally block ads using a hosts file (not available if installed from the Play store)
  • Material design theme with light and dark theme

PRO features
  • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
  • Allow/block individual addresses per application
  • New application notifications; configure NetGuard directly from the notification
  • Display network speed graph in a status bar notification
  • Select from five additional themes in both light and dark version

There is no other no-root firewall, except for clones, offering all these features.

This XDA thread is about using the latest version of NetGuard.
Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

Discussion of purchases is not allowed here, please contact me via here instead.

NetGuard is being maintained and supported, but new features won't be added anymore.

For ad blocking, see here. Ad blocking is provide "as-is".

More information on Github:

Downloads:

Screenshots:
101-main.png
102-main-details.png

103-main-access.png
108-notifications.png


For more screenshots, see here.






XDA:DevDB Information
NetGuard, App for all devices (see above for details)

Contributors
M66B
Source Code: https://github.com/M66B/NetGuard/


Version Information
Status:
Stable

Created 2015-10-25
Last Updated 2020-03-11
thanks
 

adon-

New member
Jul 1, 2017
4
0
Hi, great M66B, great app, (REDMI NOTE 8 PRO) I have a problem sometimes during the day I often open NETGUARD and every time I get a window telling me that NETGUARD needs to be optimized, I go to battery optimization setting all apps, I put the tick without optimization, but the problem comes up again after a while, from developer settings I removed MIUI optimization, due to the fact of notifications, I don't know if I did a right thing, but I noticed some improvements, FairMAIL does not I have problems and not even with other apps, in my opinion it needs an update, for everything else they work great, it only does it with netguard.



Salve, grande M66B, grande app, (REDMI NOTE 8 PRO) ho un problema certe volte durante la giornata apro spesso NETGUARD e ogni volta mi si presenta una finestra che mi dice che NETGUARD deve essere ottimizzato, vado impostazione ottimizzazione batteria tutte le app, metto la spunta senza ottimizzazione, ma il problema mi si presenta di nuovo dopo un po, da impostazioni sviluppatore ho tolto ottimizzazione MIUI, per il fatto anche delle notifiche, non so se ho fatto una cosa giusta, pero ho notato delle migliorie, FairMAIL non ho problemi e neanche con altre app, secondo me ce bisogno di un aggiornamento, per tutto il resto funzionanno alla grande, lo fa solo con netguard.
IMG_20210412_101433.jpg
 
Last edited by a moderator:

starbright_

Senior Member
Apr 11, 2010
1,290
209
I use netguard on a stock samsung Android 11.
I blocked all system apps, enabled just a few of my apps. With these apps I see that blocking works.
I am wondering why none of the apps complain of either no gapps or no ethernet. Why these apps works? I think many apps depend on the gsf, right?
 

M66B

Recognized Developer
Aug 1, 2010
23,868
48,978
I use netguard on a stock samsung Android 11.
I blocked all system apps, enabled just a few of my apps. With these apps I see that blocking works.
I am wondering why none of the apps complain of either no gapps or no ethernet. Why these apps works? I think many apps depend on the gsf, right?
If you block Google Play services, you'll block push messages and ads (which are cached, so this might not be noticable at first).
 

starbright_

Senior Member
Apr 11, 2010
1,290
209
If you block Google Play services, you'll block push messages and ads (which are cached, so this might not be noticable at first).
Ok, most important for notification are my messangers (Signal, Whatsapp) and the phone / FritzPhone ... all that work. Does it mean it isn't really blocked? For the messangers I think they use even own ways to notify.
On the device I talk about - I have not created a google account and all that google stuff is blocked right from the beginning. That is why I am confused.
 

M66B

Recognized Developer
Aug 1, 2010
23,868
48,978
Ok, most important for notification are my messangers (Signal, Whatsapp) and the phone / FritzPhone ... all that work. Does it mean it isn't really blocked? For the messangers I think they use even own ways to notify.
On the device I talk about - I have not created a google account and all that google stuff is blocked right from the beginning. That is why I am confused.
Google Play services is used for push messages if the apps are in the background. Most apps can receive push messages themselves when in the foreground.
 
  • Like
Reactions: starbright_

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    First of all thanks Marcel for your continued support of this great app!

    Quick question from my side to the community whether the app on my phone is working as intended:

    I am using the paid version of Netguard and downloaded the hostfile to block ads etc.

    In my log, I can see that those unwanted connections are blocked (see screenshot below)

    View attachment 5277363

    However, even though the domain appears to be blocked in the Netguard log, my Pi-hole tells me that a query was still made and that it was blocked by Pi-hole instead (see screenshot below)


    View attachment 5277365


    Is this behavior as expected?
    Yes, please see this FAQ:

    https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq63
    1
    Did you enable filtering in the advanced settings.

    Please see also this FAQ:

    https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq54
    Many thanks for the info, after enabling filtering, the SOCKS5 proxy options got enabled.
    In fact I had read that link before but didn't find the "enable filtering" option mentioned there,

    Thanks again.

    Also another detail that's not mentioned is do I need to enable VPN mode in Orbot after opening it and pressing the start button, or just leave it in "non vpn" mode?

    I was running with only Orbot in VPN mode since I couldn't get Netguard to use the SOCKS5 options.
    Now I would use it with Netguard (Socks5 Proxy) + Orbot (listening on 9050)

    in this mode will all system requests go thru Tor?
    Are there any chances of an IP or DNS leak?

    Can I set the Android VPN setting to Netguard and also there is another setting for "VPN always on"?
    1
    Ok, most important for notification are my messangers (Signal, Whatsapp) and the phone / FritzPhone ... all that work. Does it mean it isn't really blocked? For the messangers I think they use even own ways to notify.
    On the device I talk about - I have not created a google account and all that google stuff is blocked right from the beginning. That is why I am confused.
    Google Play services is used for push messages if the apps are in the background. Most apps can receive push messages themselves when in the foreground.
    1
    All this notifications above was when leave phone alone for a awhile. Of course they need to set to "not battery optimized".
    I can't exclude that some apps will not work, but I don't need pushs from most of the apps.

    I was thinking play services are required for many more things, so as location. But I just test the Bahn-App, that uses my current position. But due to missing connection of playservices I assume this position is not transferred to google. App just doesn't show the map - but this I can live with.
    Even if Play services is used for locations, this is not related to blocking internet access because there is a GPS, etc.
    1
    In the first run, there's a privacy warning with a link to read the privacy statement, but the link is dead (http://www.cyanogenmod.org/docs/privacy)
    Somebody change this link in the translation. I will fix this in the next release.
  • 341
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    25
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    17
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone