• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 431 30.4%
  • Saving battery

    Votes: 302 21.3%
  • Increasing privacy

    Votes: 767 54.2%
  • Blocking ads

    Votes: 912 64.4%

  • Total voters
    1,416
Search This thread

mel2000

Senior Member
Apr 26, 2011
193
26
My "OMRON connect" and "Material Files" Android apps won't connect to the Internet unless NetGuard's (github version) "Filter traffic" option is disabled. Both apps have the Internet connectivity option enabled. Other Internet apps connect as expected. Both apps are ad-free or offer IAP. Any troubleshooting tips regarding this issue will be greatly appreciated. Thanks.

Default: Allow all
Filter traffic: On
NetGuard battery optimization: Off
 

M66B

Recognized Developer
Aug 1, 2010
24,470
50,524
My "OMRON connect" and "Material Files" Android apps won't connect to the Internet unless NetGuard's (github version) "Filter traffic" option is disabled. Both apps have the Internet connectivity option enabled. Other Internet apps connect as expected. Both apps are ad-free or offer IAP. Any troubleshooting tips regarding this issue will be greatly appreciated. Thanks.

Default: Allow all
Filter traffic: On
NetGuard battery optimization: Off
NetGuard does not block anything by default, so please double check your rules.
If you are using ad blocking, please disable it.
You can try to disabled 'Apply rules and conditions'.
 
  • Like
Reactions: mel2000

mel2000

Senior Member
Apr 26, 2011
193
26
NetGuard does not block anything by default, so please double check your rules.
If you are using ad blocking, please disable it.
You can try to disabled 'Apply rules and conditions'.
Thank you for your reply. When I unchecked "Apply rules and conditions" for those apps both worked as expected. However, since I have concerns about the OMRON app constantly scanning for Bluetooth, I only allow it Internet access when needed. I'm now able to keep ad-blocking working for all apps. However, I don't like having to disable rules to use the app, and then reenable the app's rules afterwards.
 
Last edited:

Okiba

Senior Member
Feb 16, 2015
52
3
Having a problem using NetGuard and WhatsApp - maybe someone already familiar with that:

I noticed that when the phone idling for a while, I will stop getting Whatapp message. When I'll open Whats up again on the phone - , I'll be getting all those 30 message in a single batch. Another thing, is that I work with the Whats-App web-Client, and it will often loss connection to the phone ("Phone not Connected" popup). I was checking the Whats-App again on Netguard, and noticed messages are being sent with Google Play Service. Google Play Service is indeed blocked (also Google Services Framework. Blocking one will also block the other, I guess they are related).

When un-blocking Google Play Service, I get messages even while the phone is idle and the Whatsapp web client never die.

This is a bit strange, because technically - If message sending is done with Google Play Service, how can I use what's up when the phone is on - and why will it just start playing strangely when the phone is idling and locked? I didn't disabled the Service, so why would It stop working when there's no internet?

Did anyone found a way around it? I own the Pro version - but I haven't been playing with the specific address blocking. Anyone know if there's a way to block anything sent to google besides those Whatsapp Keep-alive requests? I wasn't able to detect those Keep alive queries.

Thank you!
 
Last edited:

M66B

Recognized Developer
Aug 1, 2010
24,470
50,524
Having a problem using NetGuard and WhatsApp - maybe someone already familiar with that:

I noticed that when the phone idling for a while, I will stop getting Whatapp message. When I'll open Whats up again on the phone - , I'll be getting all those 30 message in a single batch. Another thing, is that I work with the Whats-App web-Client, and it will often loss connection to the phone ("Phone not Connected" popup). I was checking the Whats-App again on Netguard, and noticed messages are being sent with Google Play Service. Google Play Service is indeed blocked (also Google Services Framework. Blocking one will also block the other, I guess they are related).

When un-blocking Google Play Service, I get messages even while the phone is idle and the Whatsapp web client never die.

This is a bit strange, because technically - If message sending is done with Google Play Service, how can I use what's up when the phone is on - and why will it just start playing strangely when the phone is idling and locked? I didn't disabled the Service, so why would It stop working when there's no internet?

Did anyone found a way around it? I own the Pro version - but I haven't been playing with the specific address blocking. Anyone know if there's a way to block anything sent to google besides those Whatsapp Keep-alive requests? I wasn't able to detect those Keep alive queries.

Thank you!
This is quite logically if you know that doze mode prevents apps from doing things in the background when the device is sleeping. In this case Google Play services takes over and does wake up an app if there is a push message.

If you think a bit about this, this also means that this is a kind of Google lock-in because the app won't work properly without Google Play services ...
 

Okiba

Senior Member
Feb 16, 2015
52
3
Ermm, but the Service is still installed, and isn't even disabled. Why would the lack of internet disables Google Services ability to un-doze on push notification? I mean - there's many application that don't use the internet, and still need to get undozed by Google Services? Or for instance scenario where I don't have network (Airplane mode, Hiking etc).

I wonder how MicroG solved that, because I have a friend running it, and Whatsapp works. So I assume there's another service the emulated Google Services.

Well, did anyone was able to identify the IP needed to keep un-dozing active? I guess I can manually start blocking one address at a time, but this might take a while (and there's a chance they keep refreshing those).

Thanks! I will check the Doze page you send when I'm home. Maybe there's a clue there :)
 

M66B

Recognized Developer
Aug 1, 2010
24,470
50,524
I wonder if Signal (which is now considered more secure than WhatsApp) has the same problem.

Ermm, but the Service is still installed, and isn't even disabled. Why would the lack of internet disables Google Services ability to un-doze on push notification? I mean - there's many application that don't use the internet, and still need to get undozed by Google Services? Or for instance scenario where I don't have network (Airplane mode, Hiking etc).

I wonder how MicroG solved that, because I have a friend running it, and Whatsapp works. So I assume there's another service the emulated Google Services.

Well, did anyone was able to identify the IP needed to keep un-dozing active? I guess I can manually start blocking one address at a time, but this might take a while (and there's a chance they keep refreshing those).

Thanks! I will check the Doze page you send when I'm home. Maybe there's a clue there :)

Disabling battery optimizations for the app (including MicroG) is the usual solution for this.

Doze mode is a complicated thing, see the earlier referenced link for details (not even all details).
 

Okiba

Senior Member
Feb 16, 2015
52
3
Thank you M66B :)

I think I found something. It's not connected to NetGuard, but I figured I'll post here in-case someone might hit that wall and reach here in the future.

My wife has the exact phone as I am, and she told me yesterday she don't suffer from the same things. So I tried to manually diff the differences. Took me some back and forth, but I figured whatsapp will not lost connection (even if Google Play/Services Framework is blocked from the Internet) - if "Always On" is OFF. Always On is the thing that let you display things on the screen even if your screen is Off. I have Samsung device, but I think other people mentioned they have the same option on other devices. It's almost like the Always On feature is the one needed internet connection go Google Play, and not whatsapp. Oh well, hard to tell what exactly happens.

Thanks for the help!
 

Truely Simple

Member
Dec 13, 2017
26
4
Is there a way to disable resolving of IP addresses, maybe a workaround?
I use pDNSf, so each time I open netguard, netguard tries to resolve all the addresses which fills up whole pDNSf and also makes unnecessary connections to DNS.
If it is not feasible to give option to disable resolving of IPs, would it be possible that each IP is resolved only once, and the web address is saved for future?
Thanks.
 

M66B

Recognized Developer
Aug 1, 2010
24,470
50,524
Is there a way to disable resolving of IP addresses, maybe a workaround?
I use pDNSf, so each time I open netguard, netguard tries to resolve all the addresses which fills up whole pDNSf and also makes unnecessary connections to DNS.
If it is not feasible to give option to disable resolving of IPs, would it be possible that each IP is resolved only once, and the web address is saved for future?
Thanks.
I guess you mean when viewing the log? You can disable this in the three-dots menu.
 

mel2000

Senior Member
Apr 26, 2011
193
26
I need some clarity with NetGuard custom DNS's. The first 2 DNS server slots are preset with an IPv4 and an IPv6 address. Do I leave those top 2 slots alone and enter my custom DNS's only into the last 2 slots? Thanks.
 

M66B

Recognized Developer
Aug 1, 2010
24,470
50,524
I need some clarity with NetGuard custom DNS's. The first 2 DNS server slots are preset with an IPv4 and an IPv6 address. Do I leave those top 2 slots alone and enter my custom DNS's only into the last 2 slots? Thanks.
There are just two options for a custom DNS server. If you want to use your own DNS server exclusively, you'll need to fill in two addresses. One address will make your DNS server the fallback DNS server only.
 

M66B

Recognized Developer
Aug 1, 2010
24,470
50,524
No, I have logs disabled. I mean on the home screen of netguard, where all the apps show, if you click on app name list of ips appear which the app tried to connect. I don't want them to be resolved.
NetGuard will reverse resolve IP addresses only if there is no mapping for the IP address / domain name and this can't be disabled.

Please make sure private DNS is disabled in the Android settings.
 

Truely Simple

Member
Dec 13, 2017
26
4
NetGuard will reverse resolve IP addresses only if there is no mapping for the IP address / domain name and this can't be disabled.

Please make sure private DNS is disabled in the Android settings.
Ok, I understand that. But I am using personalDNSfilter, thats why netguard is not getting the urls.

So, it would be great if you add option to disable those reverse DNS lookups, or if that interferes with something else in netguard, then each ip should be resolved only once, and netguard can save the url for that ip for future use.

I am asking for this because for several apps there are hundreds of ips listed, so if I expand that app to show full list, hundrends of reverse DNS requests are made, and puts unnecessary load on device, network and dns service. So if reverse DNS lookup is important for something then if it is done for each ip only once, that would be enough.
 

M66B

Recognized Developer
Aug 1, 2010
24,470
50,524
Ok, I understand that. But I am using personalDNSfilter, thats why netguard is not getting the urls.

So, it would be great if you add option to disable those reverse DNS lookups, or if that interferes with something else in netguard, then each ip should be resolved only once, and netguard can save the url for that ip for future use.

I am asking for this because for several apps there are hundreds of ips listed, so if I expand that app to show full list, hundrends of reverse DNS requests are made, and puts unnecessary load on device, network and dns service. So if reverse DNS lookup is important for something then if it is done for each ip only once, that would be enough.
I can't add an option for every little thing because it will result in more and more questions, of which I already get enough. This option is also pretty specific and probably for you only.
 

Truely Simple

Member
Dec 13, 2017
26
4
I can't add an option for every little thing because it will result in more and more questions, of which I already get enough. This option is also pretty specific and probably for you only.
Ok, I understand. Thanks for the help.
If you are aware of any workaround, change in android or netguard's config files, please do share.

For now, I just don't open the app with internet connection, as I feel like this harms privacy as dns resolver can know of all the apps I use, and all the sites I have visited till date, also may lead to blacklisting of my IP by DNS resolver, because of the high volume of requests. I know I am being paranoid, but I prefer it this way.

A way privacy is harmed for all users, not just me, is a particular case of using tor, as connecting to tor don't use system's dns resolver, but using tor with netguard will 'inform' the dns resolver about it, as the ips, tor connects to, will be sent for reverse lookup.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    MOD EDIT: Quote removed since post removed.
    That your exceptional and unsupported use case isn't supported doesn't say that there is a security hole in NetGuard. So, can you please stop saying that each time?
    1
    The troubleshooting tips represent all what I know, so unfortunately, I have nothing to add to it.
    1
    The vpn service is discontinued temporarily while switching phone screen on/off in order to allow changing rules related to apps which have conditional blocking based on phone screen status.

    IF I was primarily concerned about blocking access for the particular apps that were continuously/unconditionally blocked, could I improve security for those particular apps by removing all conditional blocking (the apps that need to access internet with screen on would be able to access internet anytime) in order to prevent that temporary vpn discontinuation?
    It is simpler to enable the Android always-on VPN, please see here:

    https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq1
    1
    Allowing LAN connections would allow LAN access to all apps. I notice the LAN connection option is turned off 'by default'. Is there any security risk in turning LAN access to all apps?

    Just asking. Thanks.
    The answer depend on what equipment is in the lan and if it is secure.
    1
    The wlan's router does not have a VPN. Does allowing lan access on a phone then bypass netguard's VPN on the phone?
    Yes
  • 344
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    25
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    17
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.