• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 439 30.6%
  • Saving battery

    Votes: 307 21.4%
  • Increasing privacy

    Votes: 785 54.7%
  • Blocking ads

    Votes: 927 64.6%

  • Total voters
    1,436
Search This thread

M66B

Recognized Developer
Aug 1, 2010
24,868
51,680
Ok, I've read the FAQ about the Seamless VPN Handover option, thanks.
And yes, VPN always on is activated.
So NG is well still running but let pass all the flow...
It seems unlikely to me that all traffic will be allowed after a connectivity switch with always-on enabled.
 

ouzowtf

Senior Member
Sep 8, 2010
866
678
I'm not sure what exactly I'm seeing in the protocol in this screenshot and what it really means.

Background:
I filter UDP traffic and system apps and when I tap on one of the URLs the IP of my chosen (first) DNS IP is shown.

Does it mean that the URLs are tried to be resolved by the DNS and the hostfile blocked the request?

Shouldn't I block UDP traffic?

What are the consequences/advantages/disadvantages of UDP blocking? I couldn't find information for this in the FAQ.
 

Attachments

  • Screenshot_20211014-185715.png
    Screenshot_20211014-185715.png
    310.2 KB · Views: 33

M66B

Recognized Developer
Aug 1, 2010
24,868
51,680
I'm not sure what exactly I'm seeing in the protocol in this screenshot and what it really means.

Background:
I filter UDP traffic and system apps and when I tap on one of the URLs the IP of my chosen (first) DNS IP is shown.

Does it mean that the URLs are tried to be resolved by the DNS and the hostfile blocked the request?

Shouldn't I block UDP traffic?

What are the consequences/advantages/disadvantages of UDP blocking? I couldn't find information for this in the FAQ.
Ad blocking is applied before all other filtering. UDP filtering should be left enabled unless this causes trouble for apps.
 

iwanttoknow

Senior Member
Jun 21, 2016
475
93
Hi Marcel,

In NetGuard FAQ#1 you wrote :

"Android N and later allows NetGuard to be an Always-On VPN. On Android O do not enable 'Block connections without VPN', see question 51) for more information on this."

and in FAQ#51 :

"Make sure you didn't enable the Always-On VPN setting 'Block connections without VPN' (Android 8 Oreo or later)."

Is it possible you modify FAQ#1 by adding :
"NetGuard must be an Always-On VPN."
And FAQ#51 by modifying :
"Make sure you didn't enable the setting 'Block connections without VPN' (Android 8 Oreo or later)."

I think that some people could understand that they have to disable Always-On VPN for NetGuard by reading FAQ#51.

What do you think about that ?
 
  • Like
Reactions: ouzowtf

M66B

Recognized Developer
Aug 1, 2010
24,868
51,680
Hi Marcel,

In NetGuard FAQ#1 you wrote :

"Android N and later allows NetGuard to be an Always-On VPN. On Android O do not enable 'Block connections without VPN', see question 51) for more information on this."

and in FAQ#51 :

"Make sure you didn't enable the Always-On VPN setting 'Block connections without VPN' (Android 8 Oreo or later)."

Is it possible you modify FAQ#1 by adding :
"NetGuard must be an Always-On VPN."
And FAQ#51 by modifying :
"Make sure you didn't enable the setting 'Block connections without VPN' (Android 8 Oreo or later)."

I think that some people could understand that they have to disable Always-On VPN for NetGuard by reading FAQ#51.

What do you think about that ?
I changed it like this:

 
  • Like
Reactions: iwanttoknow

La_Globule

Senior Member
Nov 6, 2007
416
154
It seems unlikely to me that all traffic will be allowed after a connectivity switch with always-on enabled.
Hello Marcel,
I have consciously checked and applied all the recommendations from the web site DontKillMyApp but I got again the problem right now exactly when getting out of my home, hence switching from Wi-Fi to mobile data...
Now I don't know what to do apart asking you for some help.
Thanks
 

M66B

Recognized Developer
Aug 1, 2010
24,868
51,680
Hello Marcel,
I have consciously checked and applied all the recommendations from the web site DontKillMyApp but I got again the problem right now exactly when getting out of my home, hence switching from Wi-Fi to mobile data...
Now I don't know what to do apart asking you for some help.
Thanks
Can you try to set two custom DNS server address in the advanced settings of the app, for example 8.8.8.8 and 8.8.4.4 (Google) ?
 

M66B

Recognized Developer
Aug 1, 2010
24,868
51,680
I already set OpenDNS servers 208.67.222.222 and 208.67.220.220.

Can you send me a screenshot of the app logging after the traffic is passing through? Please make a screenshot of the app settings too. I guess you know my email address for when you don't want to share this in public.
 

白い熊

Senior Member
Aug 29, 2011
746
275
相撲道
@M66B I have a, I'm sure, a simple question - where I'm missing something completely evident - but for the life of me can't figure it out:

I have a rooted phone, run a Linux chroot with Debian within Termux and a graphical VNC login - for this chroot is entered as root / superuser.

If NetGuard is disabled, I have no net access issues, can ping and all is well.

I have Termux and root enabled for net access in NetGuard. Now, when I turn NetGuard on - as long as I'm a regular user in Termux, I can access the net well, however as root no internet - for simple ping, or then within the chroot etc.

When I turn on the NetGuard log and try to ping as root for instance - it only shows the ICPM access, however no prog ID - so I don't see what else I should be enabling for web access in NetGuard to make it work.

Any ideas - I'm guessing something else should be enabled, however I'd thing "root' itself should do it, but no such luck in my case.

Many thanks.
 

pwakeford222

New member
Apr 22, 2015
3
0
I got a new phone that is on Android 11 (old phone was Android 8) and Gmail doesn't work on mobile data. It shows "No Connection". When I disable Netguard it works and checks and retrieves mail.

I've looked in logs and I don't see anything being blocked at the time I force Gmail to refresh.

Is there maybe a system app I'm missing somewhere that I need to allow internet access?
 

M66B

Recognized Developer
Aug 1, 2010
24,868
51,680
@M66B I have a, I'm sure, a simple question - where I'm missing something completely evident - but for the life of me can't figure it out:

I have a rooted phone, run a Linux chroot with Debian within Termux and a graphical VNC login - for this chroot is entered as root / superuser.

If NetGuard is disabled, I have no net access issues, can ping and all is well.

I have Termux and root enabled for net access in NetGuard. Now, when I turn NetGuard on - as long as I'm a regular user in Termux, I can access the net well, however as root no internet - for simple ping, or then within the chroot etc.

When I turn on the NetGuard log and try to ping as root for instance - it only shows the ICPM access, however no prog ID - so I don't see what else I should be enabling for web access in NetGuard to make it work.

Any ideas - I'm guessing something else should be enabled, however I'd thing "root' itself should do it, but no such luck in my case.

Many thanks.
I am sorry, but this use case isn't supported.

NetGuard is for people with devices workout root permissions.
 
  • Like
Reactions: 白い熊

M66B

Recognized Developer
Aug 1, 2010
24,868
51,680
I got a new phone that is on Android 11 (old phone was Android 8) and Gmail doesn't work on mobile data. It shows "No Connection". When I disable Netguard it works and checks and retrieves mail.

I've looked in logs and I don't see anything being blocked at the time I force Gmail to refresh.

Is there maybe a system app I'm missing somewhere that I need to allow internet access?
You'll want to check if Google Play services isn't blocked.
 

La_Globule

Senior Member
Nov 6, 2007
416
154
Can you send me a screenshot of the app logging after the traffic is passing through? Please make a screenshot of the app settings too. I guess you know my email address for when you don't want to share this in public.
Hi Marcel,
I got the problem right now switching from Wi-Fi at work to mobile data and I immediately activated the log but there is no records tracked into it, it stays empty although Internet works (I posted this message!)
Do you still want the application parameters?
Thanks
 

M66B

Recognized Developer
Aug 1, 2010
24,868
51,680
Hi Marcel,
I got the problem right now switching from Wi-Fi at work to mobile data and I immediately activated the log but there is no records tracked into it, it stays empty although Internet works (I posted this message!)
Do you still want the application parameters?
Thanks
If the log is empty, the connections were not routed through the Android VPN service. This might be the result of a bug in your Android version.

Which device with which Android version are you using?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    Version 2.299 beta is available on GitHub now and in the Play store test program after Google's approval.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases
    2
    App rule :
    Blocking or allowing an app.
    Made by blocking or allowing Wi-Fi or Mobile data for an app ?

    Connection rule :
    Blocking or allowing a connection of an app.
    a) Made by blocking or allowing an IP address for an app ?
    or
    b) Made by blocking or allowing a domain name with the hosts file for an app ?
    If yes, is there a precedence between a and b ?

    Am I right ?
    I hope having understood your reply. Sorry in advance if I try to clarify my understanding but I thing that it can help other people.
    Yes and yes. Ad blocking is system wide and therefore takes precedence over everything else.
    2
    My motivation to work on this project has decreased to almost zero after a recent wave of 1 star Play store reviews. Mostly stupid reviews, like why does this app need internet?

    Literally millions of people use NetGuard but people seem only to review to complain about something, which is pretty tiresome. The project is not there to earn money, so what's left?
    Marcel, you are The Great Developer so you don't need to read these stupid 1 star ratings. Stay cool ;-) Kind regards, Lukas
    2
    @pardub Imagine that lots of people say everyday to you that your work is bad and almost nobody says it is good. How would you react?
    Who cares what these people say! They wouldn't know where to start and are either stupid or intentionally malignant.

    Besides, I think your app protects the privacy of those who use it. That is its beneficial effect on those who use it. What idiots write about it may be hurtful but it is not what's important. I'm sure you developed this superb app because it protects privacy not because you wanted to gather compliments. So what idiots write about it is really secondary.

    Your app is much needed and does its job very well. You know that. Its users know that. That some idiots (and they are idiots or malicious) try to bring it down is in the end just background noise.

    Thank you for all your efforts.
    2
    To be honest,I wouldn’t really take in consideration what people think about me if I was developing an app.

    In the same time, I would always take in consideration the constructive criticisms as they would help me to develop a better app .

    For those who couldn’t appreciate the real value of my work and have no clue about the time and dedication provided to build this app, well though….

    I have to acknowledge I cannot make everyone happy and getting totally unjustified bad reviews by some people is the unavoidable downside when you published something online.

    A developer can provide guidance about how to use his app but he cannot educate people.

    But I totally agree unjustified criticisms are not a pleasant thing and it doesn’t show any consideration for the work provided but we cannot control what people said.

    Time and efforts should only be dedicated to people who appreciate my work, not the others.
    Which could also mean that time is better spent on other things.

    For now I will keep maintaining and supporting the app, which means that bugs will be fixed and that the app will be adapted for new Android versions. There won't be new features anymore though.
  • 346
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    25
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    17
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.