• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 438 30.5%
  • Saving battery

    Votes: 306 21.3%
  • Increasing privacy

    Votes: 783 54.6%
  • Blocking ads

    Votes: 926 64.6%

  • Total voters
    1,434
Search This thread

M66B

Recognized Developer
Aug 1, 2010
24,848
51,641
Hi, what's the reason for that? Netguard is such a nice piece of software and could do better by adding more features...
Lack of motivation, limited support for the project, disappointing Play store reviews, etc.

More features won't improve the situation, possibly even on the contrary.
 
  • Like
Reactions: Phil3759

iwanttoknow

Senior Member
Jun 21, 2016
475
93
If NetGuard is on, WiFi and Data off, are applications filtered by NetGuard, impacted at launch by NetGuard ?
I have tested the navigation app HERE WeGo last version. It permits offline navigation.

Test conditions :

WiFi and Mobile data are off.
NetGuard is on.

Case 1 :
If "Filter traffic" is off, or if "Apply rules and conditions" is off, HERE WeGo displays the guidance until my destination.

Case 2 :
If "Filter traffic" is on and "Apply rules and conditions" is off, HERE WeGo displays the guidance until my destination.

Case 3 :
If "Filter traffic" is on, or if "Apply rules and conditions" is on, HERE WeGo does not display the guidance until my destination.

Is it possible for NetGuard to do nothing when WiFi and Mobile data are off, and let app run as if NetGuard was not here ?

I believe that my test with HERE WeGo proves that NetGuard makes actions with apps, even if WiFi and Mobile data are off.

What do you think about my finding ?
 

M66B

Recognized Developer
Aug 1, 2010
24,848
51,641
I have tested the navigation app HERE WeGo last version. It permits offline navigation.

Test conditions :

WiFi and Mobile data are off.
NetGuard is on.

Case 1 :
If "Filter traffic" is off, or if "Apply rules and conditions" is off, HERE WeGo displays the guidance until my destination.

Case 2 :
If "Filter traffic" is on and "Apply rules and conditions" is off, HERE WeGo displays the guidance until my destination.

Case 3 :
If "Filter traffic" is on, or if "Apply rules and conditions" is on, HERE WeGo does not display the guidance until my destination.

Is it possible for NetGuard to do nothing when WiFi and Mobile data are off, and let app run as if NetGuard was not here ?

This is what disabling apply rules and conditions does for one app.

I believe that my test with HERE WeGo proves that NetGuard makes actions with apps, even if WiFi and Mobile data are off.

What do you think about my finding ?
Unfortunately, it is not possible to forward all traffic types due to limitations of the Android Linux kernel. This isn't a problem in 99.9% of the cases though.
 

francwalter

Senior Member
Nov 13, 2011
608
108
Is there a way to enable and disable NetGuard with a command (without GUI)?
In Tasker I could send such commands, as I do already for update of Host list e.g.

I would use that to disable NetGuard in only my wi-fi and enable if I leave it.
I have Pi-Hole now in my wifi and so I could disable NetGuard at home :)

Thanks!
Frank
 

La_Globule

Senior Member
Nov 6, 2007
415
153
Hello Marcel,
I have the same question: to workaround my problem where NG sometimes doesn't filter any more the traffic when connectivity changes, I'd like to restart the service (sinkhole ?) with a task written with the Automate app.
I've already tried but it fails due to security reasons.
Can you please help me?
Thanks a lot.
 

iwanttoknow

Senior Member
Jun 21, 2016
475
93
This is what disabling apply rules and conditions does for one app.


Unfortunately, it is not possible to forward all traffic types due to limitations of the Android Linux kernel. This isn't a problem in 99.9% of the cases though.
Hi Marcel,

Is it possible that NetGuard detects WiFi and Mobile data are off, and so disables "Apply rules and conditions" automatically ?
If yes we could keep "Apply rules and conditions" enabled with WiFi and Mobile data disabled by NetGuard when the mobile is connected to Internet. So app could not connect to Internet in that case.
 

M66B

Recognized Developer
Aug 1, 2010
24,848
51,641
Is there a way to enable and disable NetGuard with a command (without GUI)?
In Tasker I could send such commands, as I do already for update of Host list e.g.

I would use that to disable NetGuard in only my wi-fi and enable if I leave it.
I have Pi-Hole now in my wifi and so I could disable NetGuard at home :)

Thanks!
Frank

Hello Marcel,
I have the same question: to workaround my problem where NG sometimes doesn't filter any more the traffic when connectivity changes, I'd like to restart the service (sinkhole ?) with a task written with the Automate app.
I've already tried but it fails due to security reasons.
Can you please help me?
Thanks a lot.

Allowing other apps to turn off the firewall would be pretty unsafe.
 
  • Like
Reactions: francwalter

M66B

Recognized Developer
Aug 1, 2010
24,848
51,641
Hi Marcel,

Is it possible that NetGuard detects WiFi and Mobile data are off, and so disables "Apply rules and conditions" automatically ?
If yes we could keep "Apply rules and conditions" enabled with WiFi and Mobile data disabled by NetGuard when the mobile is connected to Internet. So app could not connect to Internet in that case.
For security reasons all traffic is blocked when there is no internet connection. I don't want to change this, sorry.
 

iwanttoknow

Senior Member
Jun 21, 2016
475
93
For security reasons all traffic is blocked when there is no internet connection. I don't want to change this, sorry.
So I think that some applications (as HERE WeGo) should have to disable "Apply rules and conditions" when the smartphone is not connected to Internet, allowing them to not be blocked by NetGuard. "Apply rules and conditions" enabled is applied by NetGuard even if there is no connection to Internet.
And before the smartphone will be connected again to Internet, for applications which we don't want they connect to Internet (as HERE WeGo) we should have to enable "Apply rules and conditions".
 

Phil3759

Inactive Recognized Developer
May 30, 2012
9,577
33,054
Did you try all of the trouble shooting tips of the ad blocking instructions already?

https://github.com/M66B/NetGuard/blob/master/ADBLOCKING.md
Here's a positive feedback for you, but not for me :)
First sorry for comparing Blokada with your app. In fact, they just have nothing in common. Blokada doesn't fill most of my needs: cut internet traffic to some apps, preserve local lan routing, always keep my default DNS settings (mainly to access my local LAN resolver)

Second, I tend to be more and more convinced that the issue is in fact related to the OS VPN implementation like you suggested and that bothered me at first.

I tested on a Nokia 5.3 with Android One program and current Android 11 version. Every feature I need work including ad block on the data connection

Poco X3 with Android 10: everything fine
Poco X3 with Android 11: filtering of ads on the data connection doesn't work, blocking internet apps no longer works on data. Wifi still works fine

Samsung Galaxy S20 with Android 11: everything works on wifi and data, but from time to time internet connection is blocked for everything and we need to restart Netguard service

Samsung Galaxy S7 on Android 7: fine
Some Android One devices I tested on Android 8, 9 and 10: all is fine

Now, I tested the faulting devices with OpenVPN for Android AND OpenVPN Connect:
- Poco X3: first connection/login to the VPN server must be done on wifi. After that I can connect to the server using data and no traffic seems to be leaking
- Galaxy S20: not tested enough the OpenVPN server to confirm the random disconnections

So, at first impression, like you said, it seems to be a major flaw in the VPN implementation of MIUI version I have. It seems like all traffic flaws outside the DNS when on GSM Data, but not on Wifi. The issue of leaking is not apparent on third party VPN apps, but the also cannot login to a server if not first done via Wifi, then immediately after it switching to GSM Data

It was my first MIUI device, and last one. I was already disgusted by their add policy and many stock Android security features removed and that most people are not even aware of.

Keep up the good work supporting the app. I do not care about more features, and as you say, they would just add more maintenance to do and bugs to solve.
And just never get disturbed by Play comments. Play is just the "virtual life".
99% of users are just unaware of even what's a VPN to start with. Most satisfied people never think to rate the app, while most unsatisfied rate it. You've got above 4.5 score and 5M downloads. It is great.
Also, there is quiet a huge buzz on payed VPN subscriptions and people are throwing their money on them without even understanding that in most cases it is just a scam and even worst than not having a VPN. The same people don't understand why you cannot have two VPN apps enabled locally in Android and will complain that Netguard doesn't work
Add to this that I would never imagined that such a basic feature is so broken and leaked by manufactures in an Android 11 device...

Any way, best regards, and another reason for me to ditch my Xiaomi phone sooner
 
  • Like
Reactions: 30jp

iwanttoknow

Senior Member
Jun 21, 2016
475
93
So I think that some applications (as HERE WeGo) should have to disable "Apply rules and conditions" when the smartphone is not connected to Internet, allowing them to not be blocked by NetGuard. "Apply rules and conditions" enabled is applied by NetGuard even if there is no connection to Internet.
And before the smartphone will be connected again to Internet, for applications which we don't want they connect to Internet (as HERE WeGo) we should have to enable "Apply rules and conditions".
Hi Marcel,

Could you please indicate what are NetGuard actions when :
- NetGuard is activated,
- an application is defined in NetGuard with no WiFi, no Mobile data access, and applying rules and conditions enabled,
- the smartphone is not connected to Internet,
- traffic filtered enabled and domain names blocked in NetGuard,
- the application is launched.

Thanks in advance for your reply.
 

M66B

Recognized Developer
Aug 1, 2010
24,848
51,641
Hi Marcel,

Could you please indicate what are NetGuard actions when :
- NetGuard is activated,
- an application is defined in NetGuard with no WiFi, no Mobile data access, and applying rules and conditions enabled,
- the smartphone is not connected to Internet,
- traffic filtered enabled and domain names blocked in NetGuard,
- the application is launched.

Thanks in advance for your reply.
The answer is simple: if there is no internet connection, all traffic managed by NetGuard will be blocked. This excludes for example lan traffic is this was allowed in the network settings.
 

iwanttoknow

Senior Member
Jun 21, 2016
475
93
The answer is simple: if there is no internet connection, all traffic managed by NetGuard will be blocked. This excludes for example lan traffic is this was allowed in the network settings.

Is NetGuard in this case gives an "answer" to the application ? If yes, which answer ?

I ask you those questions because I made a test with app HERE WeGo, in offline mode.
This app is ok when NetGuard is not activated and ko when NetGuard is activated.
 

M66B

Recognized Developer
Aug 1, 2010
24,848
51,641
The answer is simple: if there is no internet connection, all traffic managed by NetGuard will be blocked.

Is NetGuard in this case gives an "answer" to the application ? If yes, which answer ?

I ask you those questions because I made a test with app HERE WeGo, in offline mode.
This app is ok when NetGuard is not activated and ko when NetGuard is activated.
Blocked means that traffic will be dropped, so no answer.
 
  • Like
Reactions: iwanttoknow

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    Version 2.299 beta is available on GitHub now and in the Play store test program after Google's approval.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases
    2
    App rule :
    Blocking or allowing an app.
    Made by blocking or allowing Wi-Fi or Mobile data for an app ?

    Connection rule :
    Blocking or allowing a connection of an app.
    a) Made by blocking or allowing an IP address for an app ?
    or
    b) Made by blocking or allowing a domain name with the hosts file for an app ?
    If yes, is there a precedence between a and b ?

    Am I right ?
    I hope having understood your reply. Sorry in advance if I try to clarify my understanding but I thing that it can help other people.
    Yes and yes. Ad blocking is system wide and therefore takes precedence over everything else.
    2
    My motivation to work on this project has decreased to almost zero after a recent wave of 1 star Play store reviews. Mostly stupid reviews, like why does this app need internet?

    Literally millions of people use NetGuard but people seem only to review to complain about something, which is pretty tiresome. The project is not there to earn money, so what's left?
    Marcel, you are The Great Developer so you don't need to read these stupid 1 star ratings. Stay cool ;-) Kind regards, Lukas
    2
    @pardub Imagine that lots of people say everyday to you that your work is bad and almost nobody says it is good. How would you react?
    Who cares what these people say! They wouldn't know where to start and are either stupid or intentionally malignant.

    Besides, I think your app protects the privacy of those who use it. That is its beneficial effect on those who use it. What idiots write about it may be hurtful but it is not what's important. I'm sure you developed this superb app because it protects privacy not because you wanted to gather compliments. So what idiots write about it is really secondary.

    Your app is much needed and does its job very well. You know that. Its users know that. That some idiots (and they are idiots or malicious) try to bring it down is in the end just background noise.

    Thank you for all your efforts.
    2
    To be honest,I wouldn’t really take in consideration what people think about me if I was developing an app.

    In the same time, I would always take in consideration the constructive criticisms as they would help me to develop a better app .

    For those who couldn’t appreciate the real value of my work and have no clue about the time and dedication provided to build this app, well though….

    I have to acknowledge I cannot make everyone happy and getting totally unjustified bad reviews by some people is the unavoidable downside when you published something online.

    A developer can provide guidance about how to use his app but he cannot educate people.

    But I totally agree unjustified criticisms are not a pleasant thing and it doesn’t show any consideration for the work provided but we cannot control what people said.

    Time and efforts should only be dedicated to people who appreciate my work, not the others.
    Which could also mean that time is better spent on other things.

    For now I will keep maintaining and supporting the app, which means that bugs will be fixed and that the app will be adapted for new Android versions. There won't be new features anymore though.
  • 346
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    25
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    17
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.