See here for details: http://code.google.com/p/droidwall/issues/detail?id=222

Droidwall with the problem:

~ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 990 packets, 94201 bytes) pkts bytes target prot opt in out source destination 2 1264 all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 1155 83106 ACCEPT all -- any lo anywhere anywhere 9361 1042K all -- any any anywhere anywhere owner socket exists 9570 1044K droidwall all -- any any anywhere anywhere

afwall with the problem:

~ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 68 4808 ACCEPT all -- any lo anywhere anywhere 426 97915 all -- any any anywhere anywhere owner socket exists 0 0 afwall all -- any any anywhere anywhere

Desired:

~ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 0 0 afwall all -- any any anywhere anywhere 77 5624 ACCEPT all -- any lo anywhere anywhere 435 98479 all -- any any anywhere anywhere owner socket exists

The widget icon on the Galaxy Nexus is the wrong size.

Screenshot: http://picasaweb.google.com/m/zoom?uname=117826577716285067392&aid=5822615108691380705&id=5822615145786634738&viewportWidth=320&viewportHeight=416

OS: 4.2.1

[quote from droidwall]

What steps will reproduce the problem?

1. just tick browser for data on whitelist
2. check money
3. open a free webpage
4. go to data usage in settings -> (AndroidOS!!!!!! <- not disableable!)
5. disable data and check money

What is the expected output? What do you see instead?
no money lost because the page is free. AndroidOS downloading stuff -> losing money.

What version of the product are you using? On what operating system?
latest to date 06.11.2012, Android 4.1.2, GT-i9000

Please provide any additional information below.

Please make the option to block AndroidOS from using mobile data! Android System has nothing checked on the white list for me but I still lose money through AndroidOS!....

(let me know if you need a logcat -didn't see anything special in in, could make a new one though!)

I would like to see an option to change the default behavior on chains.

Personally I've added to the custom scipts the following:

$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Maybe a GUI for such essential iptables options would be useful for paranoid users.

I'm getting an app force close everytime I restart the phone and about half a minute after phone screen unlock. Apparently, the FC occurs without any self-initiated actions (i.e. at this point I did not yet have started an app).

I run an ADB logcat with the following output (excerpt):

I/ActivityManager( 3113): Start proc dev.ukanth.ufirewall for broadcast dev.ukanth.ufirewall/.BootBroadcast: pid=10624 uid=10095 gids={1015, 1028}

E/Trace   (10624): error opening trace file: No such file or directory (2)

I/System.out(10624): tainted command part 0: su

I/System.out(10624): Now test tainted command: su

I/Missing SU(10624): Missed

W/dalvikvm(10624): threadid=11: thread exiting with uncaught exception (group=0x41cd3300)

E/AndroidRuntime(10624): FATAL EXCEPTION: Thread-115

E/AndroidRuntime(10624): java.lang.NoSuchMethodError: Thread.destroy()

E/AndroidRuntime(10624):    at java.lang.Thread.destroy(Thread.java)

E/AndroidRuntime(10624):    at dev.ukanth.ufirewall.Api.runScript(Api.java:1034)

E/AndroidRuntime(10624):    at dev.ukanth.ufirewall.Api.runScriptAsRoot(Api.java:1049)

E/AndroidRuntime(10624):    at dev.ukanth.ufirewall.Api.runScriptAsRoot(Api.java:1061)

E/AndroidRuntime(10624):    at dev.ukanth.ufirewall.Api.applyIptablesRulesImpl(Api.java:428)

E/AndroidRuntime(10624):    at dev.ukanth.ufirewall.Api.applySavedIptablesRules(Api.java:521)

E/AndroidRuntime(10624):    at dev.ukanth.ufirewall.BootBroadcast$2.run(BootBroadcast.java:53)

I/SystemProperties(10432): Allowed Package: -com.android.vending- accessing networkinfo.

I/SystemProperties(10432): Allowed Package: -com.android.vending- accessing networkinfo.

I/Process (10624): Sending signal. PID: 10624 SIG: 9

I/ActivityManager( 3113): Process dev.ukanth.ufirewall (pid 10624) has died.

AFWall+ version: 1.1.0

Phone name/model: Samsung GALAXY S II (GT-I9100)
Android version: 4.1.2 (Jelly Bean)
Kernel version: 3.1.0-R54-Siyah-Dorimanx-V7.29-ICS-JB-SG2-PWR-CORE
ROM: CyanogenMod CM10-20121208-NIGHTLY-i9100

I am using AFWall+ 1.1.0 on my GT-N7000 with the ParanoidAndroid 2.55 build (a fork of CM10 nightly builds, Android 4.1.2 with other custom features). Tried this awesome new app after reading on XDA. I having it functioning identically, if not better than, Droidwall. Problem is I cannot read the firewall log.

1. Restart phone
2. Open AFWall+
3. Open Preferences.
4. Confirm Enable Firewall Logs is checked and enabled.
5. Use different white-listed and black-listed applications.
6. Open AFWall+ again.
7. Open More > Firewall Logs.
8. I get the typical Working ... Please wait pop-up (see screenshot).
9. Log file never opens.

This is a brand new install, but I (like others) had use DroidWall before and disabled it (no uninstall yet; cleared all rules and disabled it; advise if that is the issue). The only options enabled in Preferences:

• Enable Firewall Logs
• Notify on new installs

I will work on posting a logcat when I have some time today.

When hiding the app icons, the space should be collapsed.

I'm using afwall 1.2.0 on Jellybean 4.2.2, in whitelist mode. It works fine for the majority of apps, but doesn't work at all for certain Google apps. They still can't access the Internet.

More specifically:
-Youtube when whitelisted will allow you to browse the videos, but will not play them when you click play. It will show a "Connection to server lost" message.
-Upon launch, Gmail remains stuck in "Waiting for sync".
-Google Play didn't work, however I solved this by also whitelisting the Google Play Services process.

For the first two, it's not clear at all what else I should whitelist to make them work. I tried enabling logs to see what accesses the Internet when Gmail is launched, but logging doesn't work, it's always empty even when enabled.

Let me know if I should provide additional info.

I rooted my S3 with Framaroot_v1.2. Then i installed afwall+ (donate) from play store.
All ok.
After cange any rule and activate or deactivate my mobile is blocked.
I must reboot it.

Steps:

• strong rules
• enable Log
• forget it
• remember a few days later
• want to view log ... smartphone hangs
• want to delete log ... no way, because delete at log viewer

log file to large?

Wish:

• Check size of log before view
• limit size
• make log delete function outside viewer

Please tell me location of log file for deletion with root explorer.
Clear app data don´t help.

The on start custom script is loaded after the afwall chain. This can introduce some issues on some rules that is independent on user id. For example, if I put outgoing ICMP echo request to be allowed by default, it will then be blocked because the afwall chain is loaded before my ICMP rule. On previous AFWall versions, on start custom script is loaded before any afwall chain on OUTPUT chain.

Running AFWall+ 1.0.5a on a Motorola Droid 2, Android version 2.3.4 (rooted)

I have a limited data plan, so I'm attempting to set it up to allow any application over Wifi, but a select few applications over 3G. When I configure AFWall+ to allow "Any Application" over Wifi in white list mode, the applications are still blocked. However, if I individually select an application for Wifi use, that one application will work.

Not sure if this helps, but below is the output of the rules log. Please let me know if I can supply anything else that will be helpful. Thanks for this great application. I've had so much trouble with Droidwall allowing apps to bypass it.

Chain INPUT (policy ACCEPT 1006 packets, 327K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 814 packets, 158K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1197  191K afwall     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain afwall (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 afwall-3g  all  --  *      rmnet+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      ppp+    0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      pdp+    0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      pnp+    0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      rmnet_sdio+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      uwbr+   0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      wimax+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      vsnet+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      ccmni+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      rmnet1+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      rmnet_sdio1+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      qmi+    0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      wwan0+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      svnet0+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      rmnet_sdio0+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-3g  all  --  *      usb+    0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-wifi  all  --  *      eth+    0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-wifi  all  --  *      wlan+   0.0.0.0/0            0.0.0.0/0           
  822  150K afwall-wifi  all  --  *      tiwlan+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-wifi  all  --  *      athwlan+  0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-wifi  all  --  *      ra+     0.0.0.0/0            0.0.0.0/0           
    0     0 afwall-wifi  all  --  *      wlan0+  0.0.0.0/0            0.0.0.0/0           

Chain afwall-3g (16 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           owner UID match 10152 
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           owner UID match 10018 
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           owner UID match 10087 
    0     0 afwall-reject  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain afwall-reject (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  326 19599 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 8 level 4 prefix `[AFWALL] ' 
  326 19599 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain afwall-wifi (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           owner UID match 1014 
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           owner UID match 1010 
  491  130K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           owner UID match 10110 
  326 19599 afwall-reject  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

I just installed the donate version and it did not completey import rules from DroidWall. It imported rules for regular apps. But background service type rules were not imported.

It did not import rules for:

(root) - Applications running as root
10010: Download Manager, Downloads, DRM...
10046: Google Play services, Google Services Framework...
1013: Media server

Superbeam will fail if the sending device has AFWall+ installed and is in White list mode.

How to replicate:

1. Set whitelist mode in firewall
2. Select all checkboxes; in theory it should allow all apps
3. Share a file with Superbeam to trigger wifi direct.
4. Superbeam will fail to send any selected file.

My workaround:

1. Set to blacklist mode in firewall
2. Either leave all unchecked or just check your blacklist apps; in my case, I reversed the checkboxes from my whitelist mode.
3. Share a file with Superbeam to trigger wifi direct.
4. Superbeam will successfully send the selected file.

OR

1. Disable firewall.
2. Follow steps 3-4 from above.

For example:

<string name="ipv6_title">Enable IPv6 Support</string>
<string name="ipv6_summary">This will enable support for ipv6</string>

This "enable" part is obvious because of using CheckBox s

<string name="ipv6_title">IPv6 Support</string>
<string name="ipv6_summary">Enable support for IPv6</string>

^-- looks more clear and simple :)

Hi, I'm having problems getting custom scripts to work.
I've placed 2 scripts in /data/data/dev.ukanth.ufirewall/scripts
enable.sh:
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT

and shutdown script disable.sh:
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

fwiw, I've also have an init.d script:
/etc/init.d/00iptables

!/system/bin/sh

IPTABLES=/system/bin/iptables
$IPTABLES -F
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

this setup worked great in droidwall but with AFWall rules just doesn't seem to get applied, nothing fancy in logcat neither. tried it w/ cm7 and stock rooted ics 4.0.4 for I9100. On ICS rom it even freezes/crashes AFWall.

This issue happening with AsyncTask being exceeding limit for icon cache.

To reproduce:
(effects users with preferences/Enable Multiple Profiles and more than one profile)

1. Load any profile except the first (default profile).
2. menu / Apply
3. menu / Exit
4. Restart App

Now, whilst the pulldown next to the AfWall+ icon in the top left remembers the last profile set, as does the next line down (Mode:WhiteList (allow selected) | profile, the actual checkboxes next to the list of apps are from the default profile, NOT the currently set one.

support android 4.2 multi user for afwall ! simple workaround would be export the rules and import back for other user.

I would like to be see an enhancement in the log functionality and get a good idea of what apps that are whitelisted are pushing traffic and how much. Currently I believe you only see blacklisted app traffic in the log (at least in my case).

Hey! I habe a Problem with my razr i. I can install the app, Set rules and make it aktive (it also asks for root access) but it doesn't block anything. Wifi, 3g,whitelist,Blacklist everytime the Same result, everytime app can use the Internet....

I habe root Access, iptables install, busybox... And i'm using jelly bean

The UID before the application name in DroidWall was quite useful especially when writing custom scripts.

There should be an option to turn it back on in the preferences.

I am able to block wifi, but not 3g data. I have been using DroidWall and couldn't get it to work so I uninstalled that and installed AFWall. What is weird is that somewhere the system seems to be setting the iptables rules every boot. I was able to export them below. AFWall is able to write rules, but something that the system is doing seems to be making it so mobile data isn't blocked by the normal means. I tried the checkbox in settings to use the workaround and that didn't work, etiher.

Chain INPUT (policy ACCEPT 237 packets, 180K bytes)
pkts bytes target prot opt in out source destination
237 180K bw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 bw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 natctrl_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 220 packets, 25051 bytes)
pkts bytes target prot opt in out source destination
220 25051 samsung_market_policy-output all -- * * 0.0.0.0/0 0.0.0.0/0
220 25051 bw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain bw_FORWARD (1 references)
pkts bytes target prot opt in out source destination

Chain bw_INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- !lo+ * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
18 1340 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0
200 178K all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists

Chain bw_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * !lo+ 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
18 1340 RETURN all -- * lo 0.0.0.0/0 0.0.0.0/0
197 23451 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists

Chain costly_shared (0 references)
pkts bytes target prot opt in out source destination
0 0 penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0

Chain natctrl_FORWARD (1 references)
pkts bytes target prot opt in out source destination

Chain penalty_box (1 references)
pkts bytes target prot opt in out source destination

Chain samsung_market_policy-output (1 references)
pkts bytes target prot opt in out source destination

Hello,

I've found AFWall+ log always empty. I've tested by blocking app and lets it use network and it's failed but no log could be found in AFWall+.

My previous device (LG P698f) work perfectly but my new device (HUAWEI G300) always got an empty log.

This could be nice if you can fix this issues. I'm using AFWall+ (Donate).

Please feel free to contact me any time if you need more information to solve this issue i.e. app log, device info.

Regards,
Nirun Mankong

When I use ServeStream or AndroRadio with afwall enabled, the stream can't be loaded/started. If I turn off the firewall, everything is working fine.

The iptables are in default state after startup of my device, but I can see the toast message that afwall+ gained root access, but no firewall rules are applied. I have the problem with 1.1.3 as well as with 1.1.4. I uninstalled and reinstalled the app but nothing changes. If I apply the rules manually everything works fine. My device is a Nexus 4 with the latest CyanogenMod 10.1 nightly running.

I'd like to request an additional selection criteria of 'Mifi' as although my home and office wifis are unmetered, my mifi is not, hence I'd like to prevent data heavy apps (podcatchers, google play etc) from utilizing the wifi whilst on mifi. Some of these apps have a control that restricts them from heavy downloads whilst not on wifi, but they cannot tell the difference between broadband wifi and mifi.

I'd suggest performing a scan of the wifi SSID to see if it contains the string 'mifi', or allow the user to type in specific SSIDs. I'm not sure this can be done at the firewall, but I thought I'd try suggesting it.

I'm currently using profiles and tasker to achieve the same result.

Enhancement:
It would be great to have the ability to create a 'virtual entry' that allows (by dialog) to fill-in some iptables parameters to a template $IPTABLES command-line to create global rules (add/block, ports/IPs/subnets).

Templates:

1. Ports (allow): $IPTABLES -I "afwall" -p ??? --dport ??? -j RETURN || exit
2. Ports (block): $IPTABLES -I "afwall" -p ??? --dport ??? -j "afwall-reject" || exit
3. IP/Subnet (allow): $IPTABLES -I "afwall" --destination ??? -j RETURN || exit
4. IP/Subnet (block): $IPTABLES -I "afwall" --destination ??? -j "afwall-reject" || exit

IPv6 is being used today and ip6tables command is there for us to use it.

Perhaps a checkbox inside the application called "apply the rules to v6 too" will provide IPv6 support as the command syntax is the same.

The logging should be separate tho.

phone: galaxy nexus
OS version: 4.21 JB
setup: USB tethering with Windows 8 pro
setup: nexus connectivity by wifi or by 3G = same results
setup: AFwall+ version 1.1.3
setup: AFwall+ in whitelist mode

whitelisting "applications as root" or "kernel" or any other DOES NOT work
enabling "alternate rules for ICS/JB" DOES NOT work
enabling/disabling "disable 3G rules on wired USB" DOES NOT change misbehavior (forgot to mention this on earlier post)

LOG reports this for : "ping www.google.com"

AppID : -1
Application Name:
Total Packets Blocked: 1
216.218.29.11(1)

LOG reports this for : click on a link from a 'pre-loaded' google results page

AppID : -1
Application Name:
Total Packets Blocked: 2
216.218.29.11(2)

misbehavior goes away if ( laptop gains internet connectivity: ping + web browsing)

AFwall+ disabled
OR
whitelist "all applications" in Afwall+

notice that in the log extracts that "Application Name:" is empty...
having the FULL LOG would be very helpful

it's impossible to download any apps from google play when the firewall is enabled although google play is selected as allowed to wifi, only disabling the firewall the apps begin to download.

thanks

It would be useful to see destination port and protocol for dropped packets. In the attached screenshot, I assume the kernel packets are DNS and the G+ is https...

Some apps just shouldn't communicate, regardless over which interface. If a device has additional interfaces, like bluetooth PAN or ethernet, they are not controlled by AFWall + nor any other Firewall-App I know. So this would be a nice, outstanding feature ;)

I suggest a fourth checkbox for every app to block communication by the afwall-chain on all interfaces.

It would be great if AFWall automatically opened the keyboard, when it's set to require a password. Given that one is necessarily going to need the keyboard to enter a password, this would eliminate the unnecessary extra step of clicking on the text field in the password popup to get the keyboard to open. Thanks.

Requested in xda.

There is a similar project. Maybe you both can work together and create one wonderful firewall...
https://github.com/skullone/android_firewall

I submitted this app to the F-droid.org repository, but for some reason I didn't notice that there were binaries in the source code: maybe I had looked at the source before they were included. Everything in F-droid.org should be built by the stock SDK , NDK , make etc, so I hope the same can happen here. If not then maybe you can provide a branch that doesn't include these. I'm not sure how to handle busybox - we don't have any apps that use source built busybox but I hope it's not impossible. For the moment , I will add a note to the AFWall description that it is not entirely built from source.

No need. Noticed there is a device admin option.

Using ant from oct 11, platform tools 14, ABS 4.1.0

-compile: [javac] Compiling 21 source files to /home/gerry/dev.ukanth.ufirewall/bin/classes [javac] /home/gerry/dev.ukanth.ufirewall/src/dev/ukanth/ufirewall/MainActivity.java:559: cannot find symbol [javac] symbol : variable abs__ic_search [javac] location: class dev.ukanth.ufirewall.R.drawable [javac] .setIcon(R.drawable.abs__ic_search) [javac] ^ [javac] Note: Some input files use or override a deprecated API. [javac] Note: Recompile with -Xlint:deprecation for details. [javac] 1 error

Hey,

at first - thank you to provide this great app!
Currently i own an Motorola Razr I and have now a strange issue.
Some SMS didnt arrive my phone - or in fact the sms app.
At first it thought it could be a provider prolem or some other issue with the rom.
Sometimes the sms arrives and sometimes i never receive sms or even receipt notification for an sent SMS.
So i decided to Wipe the device and tested again plus, changed the Provider from O2 to an Telekom Plan.
First day everything goes fine, but after installing AFWALL+ i again missed some SMS and the receipt notification...
Is it possible that AFWALL(iptables) blocks such a low level traffic??
To be clean - i dont mean MMS just plain textmessages (SMS).

Best regards and keep up the good work.

When I enable AFWall in whitelist mode with nothing ticked, no app should be able to connect to the internet. But every app I test is able to do so.
I am rooted, allowed it for AFWall, and I get the notification that it has been granted root, also that the rules have been applied.
Blocking with blacklist mode also doesn't work.

Additionally, when I disable AFWall, sometimes it says rules applied (+ Superuser notification), sometimes it says
Fehler beim Säubern der iptables. Fehlercode:-1
(Error while cleaning iptables. Error code:-1)
and there seems to be no SU-Notification.

Version 1.1.5

Make it possible to filter traffic by address/subnet on a per-application basis without using scripts. Will probably require creating a dialog to enter addresses permitted for the application and marking such application with an icon in the application list.

The application works when WCDMA (3G) network mode is selected but doesn't block the connections when GSM (2G) mode is selected

I am using SE Xperia mini and ICS 4.0.4.

In the disable custom script I put this custom rules:

$IPTABLES -F
$IPTABLES -X afwall
$IPTABLES -X afwall-3g
$IPTABLES -X afwall-wifi
$IPTABLES -X afwall-reject
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT

sh: [6]: -F: not found
sh: [7]: -X: not found
sh: [8]: -X: not found
sh: [9]: -X: not found
sh: [10]: -X: not found
sh: [11]: -P: not found
sh: [12]: -P: not found
sh: [13]: -P: not found

The variable IPTABLES is okay during enable.

As a workaround (and to avoid further long type on the screen), I just use the built in iptables.

E.g.

/system/bin/iptables -F

In windows, when a program requests internet connection, windows will prompt you for permission to enable it in firewall. I want the same thing for Afwall. When I look at the list of app in Afwall, I sometimes just don't know which one need connection which one does not.

I know that this require Afwall to run all the time, so you can add a setting to turn it off.

Thanks.

I'm trying to include the in my rom at compile time but it's failing...

I'm not much of a java dev, so hopefully you can make sense of this:

target R.java/Manifest.java: afwall (out/target/common/obj/APPS/afwall_intermediates/src/R.stamp)
W/ResourceType(11574): Bad XML block: header size 21892 or total size 164856416 is larger than data size 0
aapt: warning: string 'notify_pref_summary' has no default translation in packages/apps/AFWall/res; found: es nl ru
aapt: warning: string 'toast_pref_title' has no default translation in packages/apps/AFWall/res; found: es nl ru
packages/apps/AFWall/res/layout/dialog_color_picker.xml:34: error: Error: This attribute must be localized. (at 'text' with value 'Press on Color to apply').
packages/apps/AFWall/res/layout/dialog_color_picker.xml:59: error: Error: This attribute must be localized. (at 'text' with value '→').
packages/apps/AFWall/res/layout/rules.xml:9: error: Error: No resource found that matches the given name (at 'paddingTop' with value '?actionBarSize').
packages/apps/AFWall/res/xml/unified_preferences_headers.xml:4: error: No resource identifier found for attribute 'title' in package 'dev.ukanth.ufirewall' 
packages/apps/AFWall/res/xml/unified_preferences_headers.xml:8: error: No resource identifier found for attribute 'title' in package 'dev.ukanth.ufirewall'
packages/apps/AFWall/res/xml/unified_preferences_headers.xml:12: error: No resource identifier found for attribute 'title' in package 'dev.ukanth.ufirewall'
packages/apps/AFWall/res/xml/unified_preferences_headers.xml:17: error: No resource identifier found for attribute 'title' in package 'dev.ukanth.ufirewall'
packages/apps/AFWall/res/menu/menu_bar.xml:4: error: Error: No resource found that matches the given name (at 'icon' with value '@drawable/abs__ic_search').
packages/apps/AFWall/res/menu/menu_bar.xml:8: error: Error: No resource found that matches the given name (at 'icon' with value '@drawable/abs__ic_menu_moreoverflow_normal_holo_dark').
make: *** [out/target/common/obj/APPS/afwall_intermediates/src/R.stamp] Error 1
make: Leaving directory `/home/n4/build

What steps will reproduce the problem?

1. apply rules (i.e. block some apps for wifi)
2. open browser/dolphin/playstore

What is the expected output? What do you see instead?
Normal load speeds.
Superslow loading.

What version of the product are you using? On what operating system?
latest to date 06.11.2012, Android 4.1.2, GT-i9000

(let me know if you need a logcat -didn't see anything special in in, could make a new one though!)

Hi Ukanth,

I really love your App and it's amazing. I'm using the whitelist mode. For wifi I've selected (All Apps). But since the latest update (v1.1.9) I can't surf with wifi after reboots. So I have to open AFWall+ and press the Apply button. Then I have to turn wifi off and then on again. I also cleared the data but it didn't fix it. :(
Could you please fix this issue.
It's very annoying cz I'm a developer so I've to reboot my phone very often..

Phone: Samsung Galaxy Nexus
Android Version: 4.2.1 (Jelly Bean)

I hope you'll fix this soon. You're App is great!!! Keep it up!

Is it possible to implement an additional verification/conformation step after pressing the "firewall disable" button?

Sometimes, when I am going to apply new rules, sometimes I press accidentally the "firewall disable" button due to the close local arrangement of the two buttons. And then, the firewall stops immediately. With an additional verification/conformation step (Do you really want to disable the firewall --> yes or no) one could cancel these incorrect input.

please consider for future versions:

• rename function for profiles
• switch profiles on desktop by a widget
• donation version should read and use rules from free version