• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 447 30.8%
  • Saving battery

    Votes: 311 21.4%
  • Increasing privacy

    Votes: 794 54.8%
  • Blocking ads

    Votes: 935 64.5%

  • Total voters
    1,450
Search This thread

valorank

Member
Nov 25, 2021
8
0
Where is the android setting for "block connections without a VPN"? I'm on android 10 and can't find it in the settings.
Thanks.
Parameters > Network connection > More parameters (bottom) > VPN > NetGuard > "always on" (enabled) + "block connections without a VPN" (I'm not using android in english so maybe it's not exactly these names)

But I think that netguard doesn't need this option because sometimes it asks me to disable it.
 

SkyDancerr

Member
Apr 2, 2016
5
0
Hi, I'm trying to use this Firewall on my MEMU Android emulator, but when I turn it on I lose internet on all of my apps, no matter how I configure the NetGuard. Is there any way to use this app on MEMU Emulator?
P.S. Tried many different versions, still having this problem.
 

M66B

Recognized Developer
Aug 1, 2010
25,089
52,473
Sadly it doesn't really change anything. Some packets go to opendns but others still go to 1e100. Tbh based on what I see my phone doesn't even make DNS requests to know where to contact 1e100. The DNS requests are for other domains. So I guess the IPs are already saved in the phone and Google implemented a way to partially bypass a VPN based firewall. The firewall does block a lot of stuff but not these packets.
I tried other firewalls and it's always the same thing, when I start the wifi, the packets go, I never managed to stop them no matter what parameters I try.
All traffic is supposed to flow through the Android VPN service, so this should be considered as a bug. Reporting it to Google will likely not result in any changes.
 
  • Like
Reactions: mrrocketdog

M66B

Recognized Developer
Aug 1, 2010
25,089
52,473
Hi, I'm trying to use this Firewall on my MEMU Android emulator, but when I turn it on I lose internet on all of my apps, no matter how I configure the NetGuard. Is there any way to use this app on MEMU Emulator?
P.S. Tried many different versions, still having this problem.
NetGuard is supported on smartphones and tables only.
 

M66B

Recognized Developer
Aug 1, 2010
25,089
52,473
Sadly it doesn't really change anything. Some packets go to opendns but others still go to 1e100. Tbh based on what I see my phone doesn't even make DNS requests to know where to contact 1e100. The DNS requests are for other domains. So I guess the IPs are already saved in the phone and Google implemented a way to partially bypass a VPN based firewall. The firewall does block a lot of stuff but not these packets.
I tried other firewalls and it's always the same thing, when I start the wifi, the packets go, I never managed to stop them no matter what parameters I try.
There is a way to change the connectivity check of Android too, but I can't remember how. I believe by setting system properties.
 

iwanttoknow

Senior Member
Jun 21, 2016
479
93
All traffic is supposed to flow through the Android VPN service, so this should be considered as a bug. Reporting it to Google will likely not result in any changes.
It's a sad situation.
So I undestand why you wrote in NetGuard FAQ that NetGuard is not 100% sure. It's not due to NetGuard : it tries to do its best with rules controlled by Google in Android kernel.
Thanks Marcel to continue supporting NetGuard.
 

valorank

Member
Nov 25, 2021
8
0
There is a way to change the connectivity check of Android too, but I can't remember how. I believe by setting system properties.
Yeah I also tried that. I did change the parameters and it seems that some of these parameters do work. My phone does connect less to Google servers but it still does each time I connect to wifi.
I think that some parameters require to be root and I'm not.
Changing Network Time Protocol with adb works that's for sure.

Other commands are related to "captive portal" but even if I changed everything I found, it still sends packets to 1e100.

It's a sad situation.
So I undestand why you wrote in NetGuard FAQ that NetGuard is not 100% sure. It's not due to NetGuard : it tries to do its best with rules controlled by Google in Android kernel.
Thanks Marcel to continue supporting NetGuard.
Yeah. Maybe this was not a problem on previous versions of Android, it seems that some stuffs were changed on the connectivity checks in latest updates.
I'm sure Netguard is not the problem because all other firewalls I tried can't do better.
People should just know that it is indeed not 100% perfect, some packets can leak and avoid the VPN.
 

valorank

Member
Nov 25, 2021
8
0
nothing is 100% sure
Well if I blocked all packets going to Google's ip ranges directly on the router, it would be quite perfect. I would also recommend to use /e/OS for people who would, like me, want to use an Android without Google. They explain pretty well where some problems are: https://e.foundation/wp-content/uploads/2020/09/e-state-of-degooglisation.pdf
Maybe I'll try to ask Google if this behaviour is an issue or a "feature".
I want to avoid Google's tracking but some people could want a perfect VPN/firewall for valid security reasons. Maybe I did something wrong, probably they want this behaviour, but maybe it's really a bug.
 

wiseniggy

Member
Jun 5, 2016
14
1
Here's a positive feedback for you, but not for me :)
First sorry for comparing Blokada with your app. In fact, they just have nothing in common. Blokada doesn't fill most of my needs: cut internet traffic to some apps, preserve local lan routing, always keep my default DNS settings (mainly to access my local LAN resolver)

Second, I tend to be more and more convinced that the issue is in fact related to the OS VPN implementation like you suggested and that bothered me at first.

I tested on a Nokia 5.3 with Android One program and current Android 11 version. Every feature I need work including ad block on the data connection

Poco X3 with Android 10: everything fine
Poco X3 with Android 11: filtering of ads on the data connection doesn't work, blocking internet apps no longer works on data. Wifi still works fine

Samsung Galaxy S20 with Android 11: everything works on wifi and data, but from time to time internet connection is blocked for everything and we need to restart Netguard service

Samsung Galaxy S7 on Android 7: fine
Some Android One devices I tested on Android 8, 9 and 10: all is fine

Now, I tested the faulting devices with OpenVPN for Android AND OpenVPN Connect:
- Poco X3: first connection/login to the VPN server must be done on wifi. After that I can connect to the server using data and no traffic seems to be leaking
- Galaxy S20: not tested enough the OpenVPN server to confirm the random disconnections

So, at first impression, like you said, it seems to be a major flaw in the VPN implementation of MIUI version I have. It seems like all traffic flaws outside the DNS when on GSM Data, but not on Wifi. The issue of leaking is not apparent on third party VPN apps, but the also cannot login to a server if not first done via Wifi, then immediately after it switching to GSM Data

It was my first MIUI device, and last one. I was already disgusted by their add policy and many stock Android security features removed and that most people are not even aware of.

Keep up the good work supporting the app. I do not care about more features, and as you say, they would just add more maintenance to do and bugs to solve.
And just never get disturbed by Play comments. Play is just the "virtual life".
99% of users are just unaware of even what's a VPN to start with. Most satisfied people never think to rate the app, while most unsatisfied rate it. You've got above 4.5 score and 5M downloads. It is great.
Also, there is quiet a huge buzz on payed VPN subscriptions and people are throwing their money on them without even understanding that in most cases it is just a scam and even worst than not having a VPN. The same people don't understand why you cannot have two VPN apps enabled locally in Android and will complain that Netguard doesn't work
Add to this that I would never imagined that such a basic feature is so broken and leaked by manufactures in an Android 11 device...

Any way, best regards, and another reason for me to ditch my Xiaomi phone sooner
Please I have been trying to reach out to you, am stuck with a boot loop on ZTE N9132 when editing build.prop using es file esplorer and I guess the file explorer didn't mount back the permissions. Please can you help with any custom recovery for ZTE n9132. Adb was able to show device offline ,then authorized and now doesn't show at all, I guess this could be as result of factory reset on stock recovery, which may have disabled USB debbugging , and how do I get debugging enabled again since I can't even get past boot loop. Thanks man
 

M66B

Recognized Developer
Aug 1, 2010
25,089
52,473
Please I have been trying to reach out to you, am stuck with a boot loop on ZTE N9132 when editing build.prop using es file esplorer and I guess the file explorer didn't mount back the permissions. Please can you help with any custom recovery for ZTE n9132. Adb was able to show device offline ,then authorized and now doesn't show at all, I guess this could be as result of factory reset on stock recovery, which may have disabled USB debbugging , and how do I get debugging enabled again since I can't even get past boot loop. Thanks man
Although this thread is about NetGuard, I know a few things about custom ROMs and recoveries.

If you made changes to the system partition without unlocking the bootloader, you might have bricked your device. Maybe someone in a thread specifically about your device can help you. I have no experience with this device in any case.
 

wiseniggy

Member
Jun 5, 2016
14
1
Although this thread is about NetGuard, I know a few things about custom ROMs and recoveries.

If you made changes to the system partition without unlocking the bootloader, you might have bricked your device. Maybe someone in a thread specifically about your device can help you. I have no experience with this device in any case.
Ok thanks, actually it was a harmless tweak in the build.prop, it's quite unfortunate the es file explorer messed up the permissions
 

0-0-0

Senior Member
May 12, 2013
335
33
UK of Englandshire
I've started to use my phone to cast to my TV. Samsung Dex as an example app.
But the only way to achieve this, is to disable NetGuard completely (i.e. toggle switch top left of app).
I've tried allowing all listed apps, by whitelisting WiFi, but it doesn't work. I need to disable NG.

Am I missing some other setting that needs tweeking?

(NG is Pro version from Google Play. Samsung phone isn't rooted).

Thanks for any help.
 

M66B

Recognized Developer
Aug 1, 2010
25,089
52,473
I've started to use my phone to cast to my TV. Samsung Dex as an example app.
But the only way to achieve this, is to disable NetGuard completely (i.e. toggle switch top left of app).
I've tried allowing all listed apps, by whitelisting WiFi, but it doesn't work. I need to disable NG.

Am I missing some other setting that needs tweeking?

(NG is Pro version from Google Play. Samsung phone isn't rooted).

Thanks for any help.
Instead of allowing apps, try to disable 'Apply rules and conditions'. Note that you'll need to enable filtering for this in the advanced settings of the app.
 

0-0-0

Senior Member
May 12, 2013
335
33
UK of Englandshire
Instead of allowing apps, try to disable 'Apply rules and conditions'. Note that you'll need to enable filtering for this in the advanced settings of the app.
Thank you for your reply and help.

I've disabled "Apply rules & conditions" for Dex. But no matter what I enable/disable (everything & nothing) in the Advanced Settings, I can't cast to the TV.
I still need to disable NetGuard to cast to TV.
 

M66B

Recognized Developer
Aug 1, 2010
25,089
52,473
Thank you for your reply and help.

I've disabled "Apply rules & conditions" for Dex. But no matter what I enable/disable (everything & nothing) in the Advanced Settings, I can't cast to the TV.
I still need to disable NetGuard to cast to TV.
You'll need to figure out which app and/or system component is used for the casting and disable 'Apply rules and conditions' for it.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Hi there,

    first of all a big thanks @M66B for Netguard. I almost immediately bought the premium version after I got my new phone and decided to try going root-less and replace AfWall+ with it for a while. And from what I can tell it runs perfectly fine since some months :)

    I really love the integrated ad-blocking feature and let Tasker update my blocklist via service intent. In that way, Netguard both replaces AfWall+ and my VPN to my Pi-Hole at home with only minimal restrictions (not being able to access my Shaarli instance at home for example if I am away), since the Wireguard app sadly does not support Socks5 :rolleyes:.

    I have one question though which I could not find in the app FAQ or in this thread: Is it also possible to append a local hosts file via a second service intent or shell command after the main hosts file has been updated?
    1
    NetGuard is itself a VPN and you can't have two VPNs active in Android at the same time.
    See here https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq2
    1
    Hi,
    NetGuard does not request access rights for storing data thus I can't grant permission. This is the same for all of my devices and it is working on the others.
    Is there some sort of if-then condition to enable or disable those buttons?
    Please read the res of the referenced FAQ too and skip the part of the storage permissions.

    The FAQ is for FairEmail, but the problem is similar.
    1
    Any chance for a root-version of NetGuard to get it working without VPN?
    Perhaps as Magisk module or donation-feature?


    Short notice: As I was looking for a firewall app I also found this one.
    It is using your app description. Perhaps just the description or also your codebase with different interface ui.
    I have no plans for a root version, sorry.

    The referenced app is most likely based on the code of NetGuard, without permissions ...
    1
    Hi all,

    Is Android control for app "Restrict data usage for Wi-Fi and Mobile data" equivalent to NetGuard control for app about Wi-Fi and Mobile data ?
    I can strongly recommend it.
    I use whitelist mode and only apps I select can get internet access.
    Very helpful to reduce spreading of your data as well.
    Loads of apps work offline and even system/google apps do.
    Using it on Lineage 14.1 to 18.1 and stock Android 12.
    I've bought protocolling which helps ablot when fiddling around with the white list.
  • 348
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.






    XDA:DevDB Information
    NetGuard, App for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/NetGuard/


    Version Information
    Status: Stable

    Created 2015-10-25
    Last Updated 2020-03-11
    25
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    17
    I have just released beta version 2.268

    Changelog/download:
    https://github.com/M66B/NetGuard/releases

    This version adds a setting for a domain name to use to validate the internet connection. The default is www.google.com. You could for example change this into www.opendns.com.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.