[CLOSED][APP][6.0+] NetGuard - No-root firewall

What are you mainly using NetGuard for?

  • Reducing data usage

    Votes: 470 30.6%
  • Saving battery

    Votes: 330 21.5%
  • Increasing privacy

    Votes: 850 55.4%
  • Blocking ads

    Votes: 989 64.4%

  • Total voters
    1,535
Status
Not open for further replies.
Search This thread

SkyDancerr

Member
Apr 2, 2016
5
0
Hi, I'm trying to use this Firewall on my MEMU Android emulator, but when I turn it on I lose internet on all of my apps, no matter how I configure the NetGuard. Is there any way to use this app on MEMU Emulator?
P.S. Tried many different versions, still having this problem.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Sadly it doesn't really change anything. Some packets go to opendns but others still go to 1e100. Tbh based on what I see my phone doesn't even make DNS requests to know where to contact 1e100. The DNS requests are for other domains. So I guess the IPs are already saved in the phone and Google implemented a way to partially bypass a VPN based firewall. The firewall does block a lot of stuff but not these packets.
I tried other firewalls and it's always the same thing, when I start the wifi, the packets go, I never managed to stop them no matter what parameters I try.
All traffic is supposed to flow through the Android VPN service, so this should be considered as a bug. Reporting it to Google will likely not result in any changes.
 
  • Like
Reactions: mrrocketdog

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Hi, I'm trying to use this Firewall on my MEMU Android emulator, but when I turn it on I lose internet on all of my apps, no matter how I configure the NetGuard. Is there any way to use this app on MEMU Emulator?
P.S. Tried many different versions, still having this problem.
NetGuard is supported on smartphones and tables only.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Sadly it doesn't really change anything. Some packets go to opendns but others still go to 1e100. Tbh based on what I see my phone doesn't even make DNS requests to know where to contact 1e100. The DNS requests are for other domains. So I guess the IPs are already saved in the phone and Google implemented a way to partially bypass a VPN based firewall. The firewall does block a lot of stuff but not these packets.
I tried other firewalls and it's always the same thing, when I start the wifi, the packets go, I never managed to stop them no matter what parameters I try.
There is a way to change the connectivity check of Android too, but I can't remember how. I believe by setting system properties.
 

iwanttoknow

Senior Member
Jun 21, 2016
523
105
All traffic is supposed to flow through the Android VPN service, so this should be considered as a bug. Reporting it to Google will likely not result in any changes.
It's a sad situation.
So I undestand why you wrote in NetGuard FAQ that NetGuard is not 100% sure. It's not due to NetGuard : it tries to do its best with rules controlled by Google in Android kernel.
Thanks Marcel to continue supporting NetGuard.
 

valorank

Member
Nov 25, 2021
8
0
There is a way to change the connectivity check of Android too, but I can't remember how. I believe by setting system properties.
Yeah I also tried that. I did change the parameters and it seems that some of these parameters do work. My phone does connect less to Google servers but it still does each time I connect to wifi.
I think that some parameters require to be root and I'm not.
Changing Network Time Protocol with adb works that's for sure.

Other commands are related to "captive portal" but even if I changed everything I found, it still sends packets to 1e100.

It's a sad situation.
So I undestand why you wrote in NetGuard FAQ that NetGuard is not 100% sure. It's not due to NetGuard : it tries to do its best with rules controlled by Google in Android kernel.
Thanks Marcel to continue supporting NetGuard.
Yeah. Maybe this was not a problem on previous versions of Android, it seems that some stuffs were changed on the connectivity checks in latest updates.
I'm sure Netguard is not the problem because all other firewalls I tried can't do better.
People should just know that it is indeed not 100% perfect, some packets can leak and avoid the VPN.
 

valorank

Member
Nov 25, 2021
8
0
nothing is 100% sure
Well if I blocked all packets going to Google's ip ranges directly on the router, it would be quite perfect. I would also recommend to use /e/OS for people who would, like me, want to use an Android without Google. They explain pretty well where some problems are: https://e.foundation/wp-content/uploads/2020/09/e-state-of-degooglisation.pdf
Maybe I'll try to ask Google if this behaviour is an issue or a "feature".
I want to avoid Google's tracking but some people could want a perfect VPN/firewall for valid security reasons. Maybe I did something wrong, probably they want this behaviour, but maybe it's really a bug.
 

wiseniggy

Member
Jun 5, 2016
14
1
Here's a positive feedback for you, but not for me :)
First sorry for comparing Blokada with your app. In fact, they just have nothing in common. Blokada doesn't fill most of my needs: cut internet traffic to some apps, preserve local lan routing, always keep my default DNS settings (mainly to access my local LAN resolver)

Second, I tend to be more and more convinced that the issue is in fact related to the OS VPN implementation like you suggested and that bothered me at first.

I tested on a Nokia 5.3 with Android One program and current Android 11 version. Every feature I need work including ad block on the data connection

Poco X3 with Android 10: everything fine
Poco X3 with Android 11: filtering of ads on the data connection doesn't work, blocking internet apps no longer works on data. Wifi still works fine

Samsung Galaxy S20 with Android 11: everything works on wifi and data, but from time to time internet connection is blocked for everything and we need to restart Netguard service

Samsung Galaxy S7 on Android 7: fine
Some Android One devices I tested on Android 8, 9 and 10: all is fine

Now, I tested the faulting devices with OpenVPN for Android AND OpenVPN Connect:
- Poco X3: first connection/login to the VPN server must be done on wifi. After that I can connect to the server using data and no traffic seems to be leaking
- Galaxy S20: not tested enough the OpenVPN server to confirm the random disconnections

So, at first impression, like you said, it seems to be a major flaw in the VPN implementation of MIUI version I have. It seems like all traffic flaws outside the DNS when on GSM Data, but not on Wifi. The issue of leaking is not apparent on third party VPN apps, but the also cannot login to a server if not first done via Wifi, then immediately after it switching to GSM Data

It was my first MIUI device, and last one. I was already disgusted by their add policy and many stock Android security features removed and that most people are not even aware of.

Keep up the good work supporting the app. I do not care about more features, and as you say, they would just add more maintenance to do and bugs to solve.
And just never get disturbed by Play comments. Play is just the "virtual life".
99% of users are just unaware of even what's a VPN to start with. Most satisfied people never think to rate the app, while most unsatisfied rate it. You've got above 4.5 score and 5M downloads. It is great.
Also, there is quiet a huge buzz on payed VPN subscriptions and people are throwing their money on them without even understanding that in most cases it is just a scam and even worst than not having a VPN. The same people don't understand why you cannot have two VPN apps enabled locally in Android and will complain that Netguard doesn't work
Add to this that I would never imagined that such a basic feature is so broken and leaked by manufactures in an Android 11 device...

Any way, best regards, and another reason for me to ditch my Xiaomi phone sooner
Please I have been trying to reach out to you, am stuck with a boot loop on ZTE N9132 when editing build.prop using es file esplorer and I guess the file explorer didn't mount back the permissions. Please can you help with any custom recovery for ZTE n9132. Adb was able to show device offline ,then authorized and now doesn't show at all, I guess this could be as result of factory reset on stock recovery, which may have disabled USB debbugging , and how do I get debugging enabled again since I can't even get past boot loop. Thanks man
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Please I have been trying to reach out to you, am stuck with a boot loop on ZTE N9132 when editing build.prop using es file esplorer and I guess the file explorer didn't mount back the permissions. Please can you help with any custom recovery for ZTE n9132. Adb was able to show device offline ,then authorized and now doesn't show at all, I guess this could be as result of factory reset on stock recovery, which may have disabled USB debbugging , and how do I get debugging enabled again since I can't even get past boot loop. Thanks man
Although this thread is about NetGuard, I know a few things about custom ROMs and recoveries.

If you made changes to the system partition without unlocking the bootloader, you might have bricked your device. Maybe someone in a thread specifically about your device can help you. I have no experience with this device in any case.
 

wiseniggy

Member
Jun 5, 2016
14
1
Although this thread is about NetGuard, I know a few things about custom ROMs and recoveries.

If you made changes to the system partition without unlocking the bootloader, you might have bricked your device. Maybe someone in a thread specifically about your device can help you. I have no experience with this device in any case.
Ok thanks, actually it was a harmless tweak in the build.prop, it's quite unfortunate the es file explorer messed up the permissions
 

0-0-0

Senior Member
May 12, 2013
348
35
UK of Englandshire
I've started to use my phone to cast to my TV. Samsung Dex as an example app.
But the only way to achieve this, is to disable NetGuard completely (i.e. toggle switch top left of app).
I've tried allowing all listed apps, by whitelisting WiFi, but it doesn't work. I need to disable NG.

Am I missing some other setting that needs tweeking?

(NG is Pro version from Google Play. Samsung phone isn't rooted).

Thanks for any help.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
I've started to use my phone to cast to my TV. Samsung Dex as an example app.
But the only way to achieve this, is to disable NetGuard completely (i.e. toggle switch top left of app).
I've tried allowing all listed apps, by whitelisting WiFi, but it doesn't work. I need to disable NG.

Am I missing some other setting that needs tweeking?

(NG is Pro version from Google Play. Samsung phone isn't rooted).

Thanks for any help.
Instead of allowing apps, try to disable 'Apply rules and conditions'. Note that you'll need to enable filtering for this in the advanced settings of the app.
 

0-0-0

Senior Member
May 12, 2013
348
35
UK of Englandshire
Instead of allowing apps, try to disable 'Apply rules and conditions'. Note that you'll need to enable filtering for this in the advanced settings of the app.
Thank you for your reply and help.

I've disabled "Apply rules & conditions" for Dex. But no matter what I enable/disable (everything & nothing) in the Advanced Settings, I can't cast to the TV.
I still need to disable NetGuard to cast to TV.
 

M66B

Recognized Developer
Aug 1, 2010
26,751
57,996
Thank you for your reply and help.

I've disabled "Apply rules & conditions" for Dex. But no matter what I enable/disable (everything & nothing) in the Advanced Settings, I can't cast to the TV.
I still need to disable NetGuard to cast to TV.
You'll need to figure out which app and/or system component is used for the casting and disable 'Apply rules and conditions' for it.
 

Dreamflake

New member
Aug 3, 2011
2
0
NetGuard is supported from Android 6 up to and including Android 12.

Assuming this problem is really caused by NetGuard, which is not very likely if it works for the first 30 minutes, try to disable 'Apply rules and conditions' for the app.
Thank you for your workaround: yes, disabling 'Apply rules and conditions' has the same positive effect, no playback interruptions anymore. I'll report it to the app's developers.
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 363
    ic_launcher.png


    NetGuard provides simple and advanced ways to block access to the internet - no root required.
    Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

    Blocking access to the internet can help:
    • reduce your data usage
    • save your battery
    • increase your privacy

    Features:
    • Simple to use
    • No root required
    • 100% open source
    • No calling home
    • No tracking or analytics
    • No advertisements
    • Actively developed and supported
    • Android 5.1 and later supported
    • IPv4/IPv6 TCP/UDP supported
    • Tethering supported
    • Optionally allow when screen on
    • Optionally block when roaming
    • Optionally block system applications
    • Optionally forward ports, also to external addresses (not available if installed from the Play store)
    • Optionally notify when an application accesses the internet
    • Optionally record network usage per application per address
    • Optionally block ads using a hosts file (not available if installed from the Play store)
    • Material design theme with light and dark theme

    PRO features
    • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
    • Allow/block individual addresses per application
    • New application notifications; configure NetGuard directly from the notification
    • Display network speed graph in a status bar notification
    • Select from five additional themes in both light and dark version

    There is no other no-root firewall, except for clones, offering all these features.

    This XDA thread is about using the latest version of NetGuard.
    Off topic comments are allowed as long they are related to NetGuard and are in the general interest of the followers of this thread.

    Discussion of purchases is not allowed here, please contact me via here instead.

    NetGuard is being maintained and community supported, but new features won't be added anymore.

    For ad blocking, see here. Ad blocking is provide "as-is".

    More information on Github:

    Downloads:

    Screenshots:
    101-main.png
    102-main-details.png

    103-main-access.png
    108-notifications.png


    For more screenshots, see here.
    27
    25
    I have just released stable version 2.39.

    Changelog/download
    https://github.com/M66B/NetGuard/releases/tag/2.39

    This version will be available in the Play store after Google's approval.

    Usage data sharing has been removed from this version.

    The future of this project depends on the general support for this project. You can for example write something positive here or in the Play store, press the thanks button, donate something, purchase a pro feature or contribute translations or source code.
    19
    NetGuard is currently in alpha testing phase.
    Please report any problems you encounter.

    It would be nice if someone could design an appropriate icon.
    17
    I have just released beta version 2.21.

    Changelog/download:
    https://github.com/M66B/NetGuard/releases/tag/2.21

    This version will be available as beta version in the Play store after Google's approval.