[CLOSED][APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 470 30.6%
  • Saving battery

    Votes: 330 21.5%
  • Increasing privacy

    Votes: 850 55.4%
  • Blocking ads

    Votes: 989 64.4%

  • Total voters
    1,535
Status
Not open for further replies.
Search This thread

iwanttoknow

Senior Member
Jun 21, 2016
523
105
Hi Marcel,

Is it possible you indicate the date of FAQ NetGuard last version ?
So it could be possible to know if there are new questions.
 
Last edited:

LoveWins

Member
Feb 25, 2021
6
0
I'm a paid pro feature user of NetGuard 2.299, using the non-play store version with Filter Traffic. When I do enable Filter Traffic, my app notifications (eg Google Voice) are delayed. I can open Google Voice and see new messages but do not get the notification until I turn off Filter Traffic.

The new message is in the app but the app notification does not appear until I disable Filter Traffic in NetGuard.

One thing I've noticed is that VPN DNS: is blank for both values. Do I need entry here for Filter Traffic to work correctly or I am experiencing some other issue?
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
I'm a paid pro feature user of NetGuard 2.299, using the non-play store version with Filter Traffic. When I do enable Filter Traffic, my app notifications (eg Google Voice) are delayed. I can open Google Voice and see new messages but do not get the notification until I turn off Filter Traffic.

The new message is in the app but the app notification does not appear until I disable Filter Traffic in NetGuard.

One thing I've noticed is that VPN DNS: is blank for both values. Do I need entry here for Filter Traffic to work correctly or I am experiencing some other issue?
Please make sure Google Play services is allowed to access the internet.
 

tgeppert

Member
Jan 28, 2022
5
0
On a plain vanilla installation of NetGuard with Pro features enabled I have enabled the protocol before I activated NetGuard. Now I cannot get into the protocol screen anymore.
When I tap on "Protokoll anzeigen" in the three dot menu I get thrown to the home screen. Netguard is still running so I can get back to its main screen by swiping left to right on the bottom of the home screen. Even if I deactivate NetGuard I cannot get into the protocol screen anymore. Also rebooting the device doesn't change this.
Only clearing the storage of Netguard and enabling the Pro features again allows me to enter the protocol screen. Again as soon as I enable the protocol feature I cannot get into the protocol screen anymore.

NetGuard versions: 2.300 beta and 2.299
Phone: Pixel 6
OS: GrapheneOS
Environment: I've installed NetGuard for a secondary user but this user does not have a work profile.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
On a plain vanilla installation of NetGuard with Pro features enabled I have enabled the protocol before I activated NetGuard. Now I cannot get into the protocol screen anymore.
When I tap on "Protokoll anzeigen" in the three dot menu I get thrown to the home screen. Netguard is still running so I can get back to its main screen by swiping left to right on the bottom of the home screen. Even if I deactivate NetGuard I cannot get into the protocol screen anymore. Also rebooting the device doesn't change this.
Only clearing the storage of Netguard and enabling the Pro features again allows me to enter the protocol screen. Again as soon as I enable the protocol feature I cannot get into the protocol screen anymore.

NetGuard versions: 2.300 beta and 2.299
Phone: Pixel 6
OS: GrapheneOS
Environment: I've installed NetGuard for a secondary user but this user does not have a work profile.
NetGuard isn't supported in profiles because most of the time this doesn't work properly.

https://github.com/M66B/NetGuard#user-content-compatibility
 

tgeppert

Member
Jan 28, 2022
5
0
NetGuard isn't supported in profiles because most of the time this doesn't work properly.

https://github.com/M66B/NetGuard#user-content-compatibility
Looks like there is a misunderstanding on my side. I did read the above but because of the concepts explained in Users for system developers I was under the impression that it is just not supported to install NetGuard in a work profile.

Could you please help me to understand the limitations in detail and clarify a little bit ?

What I have on my device is the system user, i.e. the primary user you get after installing the OS.
For this user I have also created a work profile with the shelter application. So my understanding is that this did create a profile group with the profile of the parent user as the personal profile and a managed profile as the work profile.
NetGuard is installed in none of these.
Instead I created another user with Settings--->System--->Multiple Users--->Add User.
I did install NetGuard when logged in as this secondary user.
I have not created a work profile for this secondary user.

What exactly can I do and what should I not do to get a properly working NetGuard installation ?

a. Can I have just one user with a personal and a work profile and install NetGuard into the personal profile ?
b. Or is it completely discouraged to create a profile group no matter into which profile NetGuard gets installed ?
c. Is it possible to have multiple users, all of them without a work profile and install NetGuard for the primary user ?
d. Is it possible to install NetGuard for a secondary user as long as none of the users has a work profile ?
e. Or is it completely discouraged to setup multiple users as well as any work profile ?

This whole terminology with users, profiles, profile groups, parent profile and managed profiles is a little confusing.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Looks like there is a misunderstanding on my side. I did read the above but because of the concepts explained in Users for system developers I was under the impression that it is just not supported to install NetGuard in a work profile.

Could you please help me to understand the limitations in detail and clarify a little bit ?

What I have on my device is the system user, i.e. the primary user you get after installing the OS.
For this user I have also created a work profile with the shelter application. So my understanding is that this did create a profile group with the profile of the parent user as the personal profile and a managed profile as the work profile.
NetGuard is installed in none of these.
Instead I created another user with Settings--->System--->Multiple Users--->Add User.
I did install NetGuard when logged in as this secondary user.
I have not created a work profile for this secondary user.

What exactly can I do and what should I not do to get a properly working NetGuard installation ?

a. Can I have just one user with a personal and a work profile and install NetGuard into the personal profile ?
b. Or is it completely discouraged to create a profile group no matter into which profile NetGuard gets installed ?
c. Is it possible to have multiple users, all of them without a work profile and install NetGuard for the primary user ?
d. Is it possible to install NetGuard for a secondary user as long as none of the users has a work profile ?
e. Or is it completely discouraged to setup multiple users as well as any work profile ?

This whole terminology with users, profiles, profile groups, parent profile and managed profiles is a little confusing.
NetGuard is supported in the primary profile only. It might or might not work in other profiles, but this scenario is not supported because is basically isn't supportable. I have wasted enough time on trying to support this in the past.

Something like "Shelter" is not standard Android and a manufacturer modification, which is the core problem because these modifications often do not take the Android VPN service into account too.
 

tgeppert

Member
Jan 28, 2022
5
0
Hmmm, so if I remove "Shelter" and with it the work profile, is it then OK to have more than one user configured on the device ?
As far as I understand the "Multiple Users" feature it is standard Android and available via Settings--->System--->Multiple Users--->Add User.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Hmmm, so if I remove "Shelter" and with it the work profile, is it then OK to have more than one user configured on the device ?
As far as I understand the "Multiple Users" feature it is standard Android and available via Settings--->System--->Multiple Users--->Add User.
Multiple users = multiple profiles.
This isn't supported because it too often doesn't work.
You can try though.
 

tgeppert

Member
Jan 28, 2022
5
0
Multiple users = multiple profiles.
OK understood. This was my misunderstanding. The explanation of the concepts in the document Users for system developers left the impression on me that there is a difference between multiple users and multiple profiles for one user.

Now with your comment and some more investigation it looks to me more like the first user on an Android device is something special and different from other users that you add later via the system settings. There are some sources mentioning a "system user" but so far I couldn't figure out if this system user is tied to the first user on an Android device or if it's possible to assign it to a user or even have multiple users with this capability.

However, thanks for the clarification. Maybe it would help to put this in even clearer terms in the FAQ, i.e. discourage to have more than one user on the Android device. As it stands currently it did at least for me sound like it just doesn't work properly in work profiles. That's why I thought setting up a second user without a work profile would be OK.
 

tgeppert

Member
Jan 28, 2022
5
0
And BTW everything works with Netguard installed in the personal, i.e. main profile of the primary user. (y)

The strange thing is that in the installation for the second user, i.e. the one where I cannot get into the protocol screen after enabling the protocol feature, everything else seems to work. In the details for an App it shows me the connections the App has initiated and I can even block them selectively. :oops: OK, I'll count myself lucky that this works. :)
 

Dakkaron

Senior Member
Jan 13, 2013
62
19
Thanks for the awesome app! Been using it for years!

I recently upgraded to Android 11 (was 7 before)and that broke one of my workflows.

I use a script that fetches a few adblock lists, combins them and offers them on a local http server on my device. Then the script calls the intent to reload the adblock list from my local server.

With Android 8+, apps need to declare in the manifest, that it's ok for them to access a localhost http server. If it's not declared, it's blocked with a toast saying that it's blocked.

So I tried a local https server instead, but that also doesn't work,because it doesn't accept self-signed certificates.

Would it be possible to unblock localhost http connections?

More informations on that topic can be found here: https://stackoverflow.com/questions/45940861/android-8-cleartext-http-traffic-not-permitted
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Thanks for the awesome app! Been using it for years!

I recently upgraded to Android 11 (was 7 before)and that broke one of my workflows.

I use a script that fetches a few adblock lists, combins them and offers them on a local http server on my device. Then the script calls the intent to reload the adblock list from my local server.

With Android 8+, apps need to declare in the manifest, that it's ok for them to access a localhost http server. If it's not declared, it's blocked with a toast saying that it's blocked.

So I tried a local https server instead, but that also doesn't work,because it doesn't accept self-signed certificates.

Would it be possible to unblock localhost http connections?

More informations on that topic can be found here: https://stackoverflow.com/questions/45940861/android-8-cleartext-http-traffic-not-permitted
This can't be done by NetGuard because it works a level lower than apps.
 

Dakkaron

Senior Member
Jan 13, 2013
62
19
Ok, how about adding some config option to fetch the hosts file from a local path? So that it can then be reloaded using the intent?

Also, maybe my intent wasn't quite clear. I don't want Netguard to enable http access for other apps. I want Netguard to be able to download the hosts file from a http server running on localhost.

The link I posted in the last comment details, this should be possible by adding a network_security_config.xml (check out the answers in the linked stackoverflow post). According to the Stackoverflow and the linked documentation, in Android 9 just changed the defaults for all apps from allowing http connections to disallowing them. But apps can still override them back to allowing http.
 
Last edited:

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Ok, how about adding some config option to fetch the hosts file from a local path? So that it can then be reloaded using the intent?

Also, maybe my intent wasn't quite clear. I don't want Netguard to enable http access for other apps. I want Netguard to be able to download the hosts file from a http server running on localhost.

The link I posted in the last comment details, this should be possible by adding a network_security_config.xml (check out the answers in the linked stackoverflow post). According to the Stackoverflow and the linked documentation, in Android 9 just changed the defaults for all apps from allowing http connections to disallowing them. But apps can still override them back to allowing http.
http in 2022, seriously?

 

Dakkaron

Senior Member
Jan 13, 2013
62
19
Please check again my use case.

Netguard currently only allows for a single hosts file, which it downloads from a server. Combining lists or custom entries are not supported.

I need multiple lists combined plus some custom entries.

My solution so far was to have a script running locally, which downloads and merges the lists and my custom entries.
Then it starts a local http server (which is running locally on my phone, reachable from Netguard as http://localhost:8001) and uses the eu.faircode.netguard.DOWNLOAD_HOSTS_FILE intent to force Netguard to redownload the hosts file from localhost.

This can either work with a http server (was possible on Android 7, not possible on Android 11, except with the workaround posted above).
Since it is running on localhost, I cannot use a real certificate for a local https server (because they don't exist). And Netguard doesn't allow https with a self-signed certificate.

Another solution would be that Netguard could be configured to "download" a hosts file from local storage. Which it, afaik, can't do right now.

So, yes, http from localhost in 2022, seriously. Or self-signed https. Or sync from local file system.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Please check again my use case.

Netguard currently only allows for a single hosts file, which it downloads from a server. Combining lists or custom entries are not supported.

I need multiple lists combined plus some custom entries.

My solution so far was to have a script running locally, which downloads and merges the lists and my custom entries.
Then it starts a local http server (which is running locally on my phone, reachable from Netguard as http://localhost:8001) and uses the eu.faircode.netguard.DOWNLOAD_HOSTS_FILE intent to force Netguard to redownload the hosts file from localhost.

This can either work with a http server (was possible on Android 7, not possible on Android 11, except with the workaround posted above).
Since it is running on localhost, I cannot use a real certificate for a local https server (because they don't exist). And Netguard doesn't allow https with a self-signed certificate.

Another solution would be that Netguard could be configured to "download" a hosts file from local storage. Which it, afaik, can't do right now.

So, yes, http from localhost in 2022, seriously. Or self-signed https. Or sync from local file system.
Next version:

 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 363
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and community supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.
    27
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    19
    NetGuard is currently in alpha testing phase.
    Please report any problems you encounter.

    It would be nice if someone could design an appropriate icon.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.