Comments (13)
Original comment by [email protected]
on 7 Jul 2010 at 12:51
- Added labels: Type-Enhancement
- Removed labels: Type-Defect
from droidwall.
Should be pretty straightforward to implement as iptables has options for that.
The only problem I see is how to interpret such rules when overlapping with
rules referring to applications.
BTW, it's a bit unfortunate that there are several cases where several
applications share the same ID.
Original comment by [email protected]
on 14 Aug 2010 at 11:59
from droidwall.
allow users to set port rules first or application rules first.
Then there is no conflict
Original comment by [email protected]
on 15 Aug 2010 at 4:19
from droidwall.
That would be great. Some providers offer free traffic on some ports only. For
example, Bouygues Telecom (France) provides all their users with free traffic
on port 993, but charges for traffic on port 80 or 25.
Original comment by [email protected]
on 22 Aug 2010 at 3:18
from droidwall.
This would be nice to have. Currently droidwall seems to block inbound ssh.
Original comment by [email protected]
on 17 Nov 2010 at 11:43
from droidwall.
Hello all, I have just added a functionality called "Custom Script" on r210.
This will be officially released on the next version (DroidWall 1.5.3).
I know that this is more like a work-around rather than a real fix, but you can
block by ports using custom scripts. This way we can keep a very simple user
interface for non-technical users, but full power to advanced users.
I will add more information about CustomScripts in the wiki.
Original comment by [email protected]
on 23 Sep 2011 at 7:05
- Changed state: Fixed
from droidwall.
Rodrigo, your app is really great. CustomScripts make it even much more
powerful.
Chris, DroidWall does not affect inbound connections at all.
Yet for blocking, e.g., ssh one could use the following rule:
$IPTABLES -A INPUT -p TCP --destination-port 22 -j DROP
Original comment by [email protected]
on 31 Jan 2012 at 7:28
from droidwall.
I'm loving DroidWall. However, I've found the only way I can use DroidWall and
sshDroid (sshd server on phone) simultaneously is to have DroidWall allow all
root apps (presumably because it does all it's blocking by UID). I believe if I
were more familiar with writing iptable rules, I could insert a rule before the
default block to allow sshd in and out based on port # or some other criteria,
and then still have all other root processes blocked.
Can anyone with more knowledge advise me on a custom script I could run to
achieve this? The linux man page for iptables just about gave me an aneurysm.
Original comment by [email protected]
on 8 Feb 2012 at 8:17
from droidwall.
[deleted comment]
from droidwall.
For specifically allowing sshd, assuming that it listens on port 22, use this:
$IPTABLES -I OUTPUT -j ACCEPT -m owner --uid-owner 0 -p tcp --source-port 22
Original comment by [email protected]
on 8 Feb 2012 at 10:26
from droidwall.
Thanks DvO! It looks obvious once someone's spelled it out for me. I'm not on a
wifi network where I feel comfortable enabling sshd (paranoia being the better
part of security), so I'll have to try it later.
BTW, I've been using the iptables command on the phone to list the current
rules. Before I came across this thread, I hadn't noticed the CustomScripts
option. I somehow found the executable iptables_armv5 in the
/data/data/com.googlecode.droidwall.free/app_bin/ directory, and was running it
from within Terminal Emulator.
Original comment by [email protected]
on 9 Feb 2012 at 1:14
from droidwall.
You can further restrict the use of ssh by allowing only certain machines to
connect.
Assuming that your PC at home has local IP address 192.168.2.101,
you may add "--destination 192.168.2.101" to the options.
One might add also some security by obscurity, using a different port than 22.
To block every process that is not an app (except for the kernel),
you may add /after/ your rule a second one:
iptables -I OUTPUT 2 -j DROP -m owner --uid-owner 0:9999
BTW, using "-I OUTPUT" gives the rules top priority, and they will not be
cleared by DroidWall. If you use instead as a custom script:
$IPTABLES -I droidwall -j ACCEPT -m owner --uid-owner 0 -p tcp --source-port 22
--destination 192.168.2.101
$IPTABLES -I droidwall 2 -j droidwall-reject -m owner --uid-owner 0:9999
these rules will be automatically removed when disabling DroidWall. To be on
the safe side, you may want to add the following as custom /shutdown/ script
such that every process that is not an app (except for the kernel) will still
be blocked:
$IPTABLES -I droidwall -j DROP -m owner --uid-owner 0:9999
Original comment by [email protected]
on 9 Feb 2012 at 7:42
from droidwall.
Worked like a charm! I also put in the non-app block as well as the shutdown
script. (I'm guessing Android reserves UIDs 0-9999 for non apps, yes?) Thanks!
Original comment by [email protected]
on 11 Feb 2012 at 5:21
from droidwall.
Related Issues (20)
- Net speed limitation option request
- Cannot Sent SMS ("Message not sent, Review message and try again")
- ask for permission
- Block Connection to Specific Wireless Access Point
- Prevent Uninstallation
- Droidwall blocks everything, even allowed apps
- Please describe menu button location better
- when can custom script return a port for a blocked app?
- Enable/disable button inverted
- Cannot access menu on Samsung Galaxy Tab S 8.4 HOT 6
- Apps in blacklist reboot my Galaxy S4 when they are run HOT 2
- It doesn't work on htc shooter 3d in 3g
- On the fly permissions prompt
- Dont know what to unlock so Store Google Play apps can download
- Can't access internet over browser.
- id 1000+root must be whitelisted on Android 5.0/lollipop HOT 1
- white application list by packege name
- Doesn't work on oppo r6007 android 4.3
- v 1.5.7 - lower button panel completely missing - cant turn it on/off etc HOT 4
- Droidwall not working properly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from droidwall.