• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 447 30.8%
  • Saving battery

    Votes: 311 21.4%
  • Increasing privacy

    Votes: 796 54.8%
  • Blocking ads

    Votes: 937 64.5%

  • Total voters
    1,453
Search This thread

manthanf1

New member
Apr 30, 2019
4
0
The traffic is not the cause, but the result of losing the internet connection. Please see the FAQ about what this traffic means.
Thanks for the reply.

I have tested this with multiple network and multiple devices. Same results.

Only apps like so:
icon-red-jpeg.5467425

icon-green-jpeg.5467423

icon-green-jpeg.5467469

icon-red-jpeg.5467471

lose Internet connection when ICMP/HOPO.

These apps
icon-grey-jpeg.5467421

icon-grey-jpeg.5467467

don't lose Internet connection, meaning I'm still connected to the Internet.
 
Last edited:

valorank

Member
Nov 25, 2021
8
0
Hi, I'm evaluating multiple non-root VPNs with a packet analyzer and yours appears to be the most efficient.
However, it still doesn't manage to block some connections my phone makes to Google servers when I start my internet connection.
I've read many options, I've read the FAQ, I tried to do my best to configure it properly. I enabled "block connections without a VPN", etc. Basically I did everything I could but everytime I reconnect to wifi, Google knows it.
Is that normal / Do you have an idea on how I could 100% block / filter all traffics?
Thanks!
 

M66B

Recognized Developer
Aug 1, 2010
25,152
52,665
Hi, I'm evaluating multiple non-root VPNs with a packet analyzer and yours appears to be the most efficient.
However, it still doesn't manage to block some connections my phone makes to Google servers when I start my internet connection.
I've read many options, I've read the FAQ, I tried to do my best to configure it properly. I enabled "block connections without a VPN", etc. Basically I did everything I could but everytime I reconnect to wifi, Google knows it.
Is that normal / Do you have an idea on how I could 100% block / filter all traffics?
Thanks!
If you block a connection, it will be blocked. So, I don't understand what you are asking?
 

valorank

Member
Nov 25, 2021
8
0
If you block a connection, it will be blocked. So, I don't understand what you are asking?
I'm blocking every connections. I'm trying to block every connections.
So I enable the firewall. Everything seems to be blocked. All apps are red everywhere, every connections seem to be disabled. When I open a web browser etc. everything seems to be blocked, which is the intended behaviour in my use case.
Except some packets when I enable wifi on my phone.

I can't manage to block these packets. It seems that all apps are blocked except maybe a hidden system app that doesn't care about the rules I put in the firewall. Do you think there's a way to block these packets?
 

M66B

Recognized Developer
Aug 1, 2010
25,152
52,665
I'm blocking every connections. I'm trying to block every connections.
So I enable the firewall. Everything seems to be blocked. All apps are red everywhere, every connections seem to be disabled. When I open a web browser etc. everything seems to be blocked, which is the intended behaviour in my use case.
Except some packets when I enable wifi on my phone.

I can't manage to block these packets. It seems that all apps are blocked except maybe a hidden system app that doesn't care about the rules I put in the firewall. Do you think there's a way to block these packets?
You'll need to be more specific about the traffic you see seeing. Which app, which address, etc.

The simplest way to block Google traffic is to block domain names. Please see the ad blocking instructions on GitHub.
 

valorank

Member
Nov 25, 2021
8
0
It seems that the App is "System", but I can't be sure because I don't think that these packets are on the interface of the app (otherwise they would probably have been blocked)
The IP resolution gives xxxxx.1e100.net, so it's Google.
But the System app, as every other apps, is blocked in the application so it shouldn't be able to communicate.
It seems that some packets were blocked from System: connectivitycheck.gstatic.com etc. are blocked. But not other Google's servers in EU like ham02s14-in-f196.1e100.net. Those don't appear from System on my phone in your app, but they appear when I intercept the packets going from my phone to the internet with a computer in the middle.

Have you tried to intercept the packets coming out of your phone, enable the firewall, then enable the wifi? I'm on Android 10. Maybe this application (System) tries to bypass the firewall?
 
Last edited:

ouzowtf

Senior Member
Sep 8, 2010
867
678
Does an app that has the rules to be used disabled still use the set DNS servers of Netguard?

I have a phenomenon that the URL https://app.23degrees.io/ is blocked in the browser, but the DNS server https://dnsforge.de/ does not block it (can be checked on that page).

When I disable the rules in Netguard for the browser the page works fine.

I don't understand why the protocol says that it's blocked for root, even if root should not in may understanding.
 

Attachments

  • Screenshot_20211126-050522.png
    Screenshot_20211126-050522.png
    174.3 KB · Views: 16
  • Screenshot_20211126-050354.png
    Screenshot_20211126-050354.png
    313.1 KB · Views: 16

M66B

Recognized Developer
Aug 1, 2010
25,152
52,665
It seems that the App is "System", but I can't be sure because I don't think that these packets are on the interface of the app (otherwise they would probably have been blocked)
The IP resolution gives xxxxx.1e100.net, so it's Google.
But the System app, as every other apps, is blocked in the application so it shouldn't be able to communicate.
It seems that some packets were blocked from System: connectivitycheck.gstatic.com etc. are blocked. But not other Google's servers in EU like ham02s14-in-f196.1e100.net. Those don't appear from System on my phone in your app, but they appear when I intercept the packets going from my phone to the internet with a computer in the middle.

Have you tried to intercept the packets coming out of your phone, enable the firewall, then enable the wifi? I'm on Android 10. Maybe this application (System) tries to bypass the firewall?
Did you enable the always-on VPN feature of Android? Obviously 'system' = Android starts earlier than the app ...

Related FAQ:

https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq1
 

M66B

Recognized Developer
Aug 1, 2010
25,152
52,665
Does an app that has the rules to be used disabled still use the set DNS servers of Netguard?

I have a phenomenon that the URL https://app.23degrees.io/ is blocked in the browser, but the DNS server https://dnsforge.de/ does not block it (can be checked on that page).

When I disable the rules in Netguard for the browser the page works fine.

I don't understand why the protocol says that it's blocked for root, even if root should not in may understanding.
Unless you disable 'Apply rules and conditions': yes.

DNS is resolved by a root process of Android on behalf of all apps.
 

ouzowtf

Senior Member
Sep 8, 2010
867
678
1)
Root uses the DNS set in Netguard, when 'Apply rules and conditions' is set -> the page does not work

2)
Root does not use the DNS set in Netguard, when 'Apply rules and conditions' is not set -> the page does work

In 2) the DNS of my wifi router should be used then, where the same DNS server is set as in Netguard in 1), but the page works.
 

M66B

Recognized Developer
Aug 1, 2010
25,152
52,665
1)
Root uses the DNS set in Netguard, when 'Apply rules and conditions' is set -> the page does not work

2)
Root does not use the DNS set in Netguard, when 'Apply rules and conditions' is not set -> the page does work

In 2) the DNS of my wifi router should be used then, where the same DNS server is set as in Netguard in 1), but the page works.
The DNS server addresses for the VPN should be used only for traffic flowing through the VPN (rules and conditions enabled). If this isn't the case, the app can't do much to fix this.
 

Dreamflake

New member
Aug 3, 2011
2
0
Topic: DI.FM/Jazz/Rock music app Streaming issue since 2-3 month

Hi Marcel, I've been trying to troubleshoot my issue since a few weeks now and noticed, that this issue does not appear anymore as soon as I turn off NetGuard.

Context
  • Smartphone: Samsung Galaxy S8, Android 9, stock installation, non-rooted, latest available patch level
  • Connectivity: Home WLAN, 6MBps
  • NetGuard usage: since 2017 with that smartphone
  • DI.FM app usage: since 2017 with that smartphone

Symptom
Since about 2-3 month, when I listen to music streaming with this group of apps, the playback interrupts after about 30 minutes and I cannot get it to continue playing.

Troubleshooting
After contacting the music app support:
  1. Empty the music app cache: resolves the issue temporarily and issue returns about 30min after
  2. Empty the music app cache, delete all music app data, uninstall the music app, reinstall the music app: resolves the issue temporarily and issue returns about 30min after
  3. Music app is authorized in NetGuard after re-installation
  4. Music app is set as exception for the battery saver (NetGuard also)
  5. Music app is authorized to run in background (NetGuard also)
  6. No fancy optimizer app or other network/vpn related app installed
  7. Deactivate NetGuard: Issue is permanently solved
Next steps
In the first place, is Android 9 still supported by NetGuard?
If yes, what do you need me to provide (and how to provide it) in order for you to be able to reproduce the error?

Thanks in advance for your support.

Cheers
Patrick
 

M66B

Recognized Developer
Aug 1, 2010
25,152
52,665
Topic: DI.FM/Jazz/Rock music app Streaming issue since 2-3 month

Hi Marcel, I've been trying to troubleshoot my issue since a few weeks now and noticed, that this issue does not appear anymore as soon as I turn off NetGuard.

Context
  • Smartphone: Samsung Galaxy S8, Android 9, stock installation, non-rooted, latest available patch level
  • Connectivity: Home WLAN, 6MBps
  • NetGuard usage: since 2017 with that smartphone
  • DI.FM app usage: since 2017 with that smartphone

Symptom
Since about 2-3 month, when I listen to music streaming with this group of apps, the playback interrupts after about 30 minutes and I cannot get it to continue playing.

Troubleshooting
After contacting the music app support:
  1. Empty the music app cache: resolves the issue temporarily and issue returns about 30min after
  2. Empty the music app cache, delete all music app data, uninstall the music app, reinstall the music app: resolves the issue temporarily and issue returns about 30min after
  3. Music app is authorized in NetGuard after re-installation
  4. Music app is set as exception for the battery saver (NetGuard also)
  5. Music app is authorized to run in background (NetGuard also)
  6. No fancy optimizer app or other network/vpn related app installed
  7. Deactivate NetGuard: Issue is permanently solved
Next steps
In the first place, is Android 9 still supported by NetGuard?
If yes, what do you need me to provide (and how to provide it) in order for you to be able to reproduce the error?

Thanks in advance for your support.

Cheers
Patrick
NetGuard is supported from Android 6 up to and including Android 12.

Assuming this problem is really caused by NetGuard, which is not very likely if it works for the first 30 minutes, try to disable 'Apply rules and conditions' for the app.
 

valorank

Member
Nov 25, 2021
8
0
Did you enable the always-on VPN feature of Android? Obviously 'system' = Android starts earlier than the app ...
Related FAQ: https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq1
Yes, as I said in the first post I enabled "block connections without a VPN" which is a sub-option of "always on VPN", which is also activated. Both are enabled. The problem is not at boot-up but when I start the wifi.
Here I can show you what I see:

At the beginning the app is opened and activated, everything should be blocked. But some packets leak as soon as I launch wifi.
 

M66B

Recognized Developer
Aug 1, 2010
25,152
52,665
Yes, as I said in the first post I enabled "block connections without a VPN" which is a sub-option of "always on VPN", which is also activated. Both are enabled. The problem is not at boot-up but when I start the wifi.
Here I can show you what I see:

At the beginning the app is opened and activated, everything should be blocked. But some packets leak as soon as I launch wifi.
Try to change the validation address in the advanced settings of the app, for example to opendns.com.
 
  • Like
Reactions: mrrocketdog

valorank

Member
Nov 25, 2021
8
0
Try to change the validation address in the advanced settings of the app, for example to opendns.com.
Sadly it doesn't really change anything. Some packets go to opendns but others still go to 1e100. Tbh based on what I see my phone doesn't even make DNS requests to know where to contact 1e100. The DNS requests are for other domains. So I guess the IPs are already saved in the phone and Google implemented a way to partially bypass a VPN based firewall. The firewall does block a lot of stuff but not these packets.
I tried other firewalls and it's always the same thing, when I start the wifi, the packets go, I never managed to stop them no matter what parameters I try.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    Version 2.300 is available on Bitbucket now.

    Download:
    https://bitbucket.org/M66B/netguard-test/downloads/NetGuard-v2.300-release.apk

    There will be no update notification for this preview release.

    Changelog:
    • Improved Android 12 compatibility
    • Removed subscriptions (due to new Play store policies)
    • Updated builds tools and translations
    All changes:

    https://github.com/M66B/NetGuard/compare/2.299...2.300?w=1
    2
    Hi Marcel,

    I understand that NetGuard is no more available on GitHub but on Bitbucket.

    Is this new version 2.300 a stable or beta version ? It's not indicated when trying downloading it.
    The Bitbucket version is a preview version. It will be made available on GitHub later.
    2
    Hi there,

    first of all a big thanks @M66B for Netguard. I almost immediately bought the premium version after I got my new phone and decided to try going root-less and replace AfWall+ with it for a while. And from what I can tell it runs perfectly fine since some months :)

    I really love the integrated ad-blocking feature and let Tasker update my blocklist via service intent. In that way, Netguard both replaces AfWall+ and my VPN to my Pi-Hole at home with only minimal restrictions (not being able to access my Shaarli instance at home for example if I am away), since the Wireguard app sadly does not support Socks5 :rolleyes:.

    I have one question though which I could not find in the app FAQ or in this thread: Is it also possible to append a local hosts file via a second service intent or shell command after the main hosts file has been updated?
    1
    Hi,
    NetGuard does not request access rights for storing data thus I can't grant permission. This is the same for all of my devices and it is working on the others.
    Is there some sort of if-then condition to enable or disable those buttons?
    Please read the res of the referenced FAQ too and skip the part of the storage permissions.

    The FAQ is for FairEmail, but the problem is similar.
    1
    Any chance for a root-version of NetGuard to get it working without VPN?
    Perhaps as Magisk module or donation-feature?


    Short notice: As I was looking for a firewall app I also found this one.
    It is using your app description. Perhaps just the description or also your codebase with different interface ui.
    I have no plans for a root version, sorry.

    The referenced app is most likely based on the code of NetGuard, without permissions ...
  • 349
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    25
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    17
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.