What is Reddit's opinion of
AFWall+?
From 3.5 billion Reddit comments
➔ AFWall+ website
By popularity on Reddit, this Service is:
22 reviews of this app found across Reddit:
captive_portal_detection_enabled was deprecated. The new setting is captive_portal_mode. You can find some info about other related settings in this afwall issue
If it communicates only with & through your phone, you can disable internet access for that particular app with AFWall+ (an open-source firewall), assuming you're on Android.
I'm running crdroid (android 10 based) on my Oneplus 7 Pro. I'm not sure if it was designed strictly for privacy in mind but its based off of lineageos and doesn't come with gapps or any of that stuff out of the box. It also adds lots of nice customization features that aren't there in lineageos.
Their official site is https://crdroid.net/ and there is also a thread or more about it on the Oneplus 7 Pro XDA I think.
I rooted mine with magisk and installed Afwall+ (https://github.com/ukanth/afwall) to prevent internet access from many apps.
Droidwall is old and not maintained, as far as I know it has at least one bug that will grant root to any app.
You should check out Afwall+, forked from droidwall.
>This software has no need to collect data.
It really doesn't, no.
I've argued this point before especially on Linux forums, and I'm still very much in the minority advocating for per-application firewalls. But I think this is a great example of why all applications need some level of sandboxing, even open-source ones, and arguably the most important privilege you need to manage is network access.
It turns out most malware just gives up if it can't phone home. Few apps short of actual trojans will ever stoop to privilege escalation exploits and they'll just sit there and wait for an internet connection forever if necessary, making them essentially harmless.
There's a fantastic app for Android called AFWall+ (use it, support it) which, if you have a rooted phone at least, lets you grant or deny network privileges to any app on your phone. It's remarkable how few apps actually need network access and how many that have no reason to still keep phoning home anyway.
Windows Firewall has the capability as well but it's cumbersome to use. I really like simplewall as an alternative. When enabled it blacklists everything and then presents a popup whenever a new application (like, say, Audacity :/ ) tries to open a connection, letting you choose whether you think this app has any business using your internet connection.
Sadly on Linux the prevailing philosophy seems to be based on trust. Cause if you only run open-source code, surely someone competent and trustworthy will have read every line of code for every package you've ever installed, and signing keys offer perfect protection against modifying any compiled binaries, and so on. I think at some point this was a good philosophy but these days it's just naiive.
>Anyone downloading the apps were expecting a truck or car driving game. Instead, they got what appeared to be a buggy app that crashed every time it opened.
>In reality, the app was downloading a payload from another domain — registered to an app developer in Istanbul — and installed malware behind the scenes, deleting the app’s icon in the process.
Your statement is not quite correct. It is by no means simple. It is true that any app with root privileges can write its own entries in the iptables and thus gain access to the Internet. However, so far no app is known that would implement this. Theoretically, you are right, but it is the user's responsibility not to grant root rights to such apps.
From what I've seen in searching and other comments, iptables seems capable of this but I don't immediately see what rules I'd need, I still need more research. It also seems like AFWall+ can be made to apply custom iptables rules, as far as a GUI goes. (Nothing I see in the GUI itself allows the control I need, aside from the custom script support.)
If you're aware of any other tools that would make this easier I'm all ears.
I dont know what features you are talking about but i have the free version and is doing whats is supposed to be doing.
>Donate version is exactly same as Free version except name and icon. You
can find the source of all donate features in this repo. SOURCE
Also you can get the paid version if you make a donation Source. but the software for the paid app is closed source.
>(34) Why does the Kernel need an internet connection all the time? AFWall+ shows AppID (-11) blocked.
>The kernel does not communicate directly, it only pass packet information (for the interfaces e.g. uid0) from some applications. One problem with using policy routing based on fwmark with locally generated traffic (as is the case with Android) is that the mark must be set in the user process. It is because the routing decision is made before the fwmark can be set in any iptables rule, at least in vanilla kernels.
>Since Android 4.3 and higher all DNS requests are manged by the netd daemon, it works similar like an proxy/tunnel. That means AFWall+ can't detect the special UID's / DNS requests. To disable such behavior you can use the DNS-Proxy option under Preferences. Choose Disable DNS via netd to restore the default behavior before 4.3. Now you should make sure that your apps are whitelisted, if not it will be blocked, same with your (Root) application, if not Android is maybe not able to establish a connection. Dnsproxy2, is an alternative app to redirect DNS requests. But if there are troubles with your connection, check your logs, use Netzwerk Log app (identify all traffic), whitelist the specific app(s) that is maybe blocked or enable the netd daemon again.
No, I'm not, also performance. Netguard can certainly cause leak of data since the app must be running and Iptables-based rules may have vulnerabilities as well.
SD Maid isn't FOSS and requires root for this feature, but I guess that I have to use the app if an alternative doesn't appear.
a ROM with zero gapps. Therefore no apps are the google-sanctioned adware. All apps with third party interweb ads are malware. Apply diligence before installing apps. Only use ROM where you can control apps access to the internet with a default of disallow. [iptables: AFwall+]
​
https://github.com/ukanth/afwall/#description
​
Removing play store neither prevents you from keeping apps current nor prevents you from licensing paid software.
Optimally, AfWall+, but this only works if your phone is rooted. Maybe the logging function of the program will work regardless, but I wouldn't bet on it. This leaves Glasswire, but you'll have to judge whether you're OK with what they collect.
whatsapp.com seems to be just the website.
Found this
https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp
for blocking but works equally well for unblocking
whatsapp.net seems to help. Messages send and recieve as normal so far.
Let's get a bit techincal here. Android uses the linux kernel, so the firewall is already part of the system. In basic terms, a firewall is a program that filters network packets (the smallest possibly unit of data transmission for TCP/IP), in linux such program is called iptables, but is not something one can easily use in android, mainly because Google and cellphone manufacturers think giving users root access is a security concern (or whatever stupid excuse they invent), and also becuase iptables' default control interface is stupidly complex (blame Linus Torvalds here); so you and the rest of android users are at the mercy of programmers wrapping such interface into another abstract high-level interface in the form of a gui userland program (correct term for "app"), of course that introduces more problems because programmers make mistake, writing a graphical program for android (or any os for that matter) involves many shared libraries and components each of which is written by people that introduce more risks for the users' hardware (it is ours, we paid for it), in the end all software sucks, there is however some software that sucks less.
I don't know about the following, but a quick Google search threw this: https://github.com/ukanth/afwall . It is free software (that's a discussion for another time and place), and it's available in F-Droid (a repository for free [as in freedom] software).
Do you run AFWall+? If so, do you block [0] (root) - Apps running as root? I had an issue where I had substantial odd outgoing connection attempts (only via mobile data) in the logs to random servers all over the globe after installing the LineageOS MicroG fork. I couldn't figure out if I was just noticing something that had actually been happening the whole time, or if it was associated with that ROM...would love to see if anyone else experienced that behavior. I only ever found one external link describing anything similar, but it's nearly exactly the same as my experience: https://github.com/ukanth/afwall/issues/279 aka "[128]6.28.154.204:80(2)"
No, ATM you don't have bb on the system. You can definitely try the built-in option, it just never worked for me. Additionally, some other apps (e.g. titanium backup) require system BusyBox.
In truth, I never had issues with intermittent working of the app. For me, it always didn't work at all, or wouldn't connect to the internet, so I've simply suggested these as things for you to try.
Ooc, are you rooted with supersu or magisk?
Another thing to try would be to disable doze for afwall, as suggested here though do note this link is somewhat old and I haven't had to do this myself for the app to work.
Thirst of all thanks for Your answer.
>Sounds like an interesting feature to work on. I don't know exactly what it would look like, so the first step would be someone clearly laying out a design, receiving feedback and then beginning an implementation.
I found this: https://android.googlesource.com/platform/external/iptables/+/jb-mr1.1-dev-plus-aosp/iptables/
If it is interesting I can try to make gui for it
and AFWall+ is one of the realization for https://github.com/ukanth/afwall/wiki/IPtables