Android open source firewall

Android open source firewall

AFWall+

Firewall (iptables frontend), based on DroidWall which is no longer being
developed. A paid «donate»-version with more features it advertised within the
app.

* Import/Export Rules to external storage
* Search Applications
* Multiple profiles with custom names
* Highlights system applications with custom color
* Notify on new installations
* VPN Support
* Device Admin support to protect against being uninstalled

Requires root: Yes. iptables must run as root.

Anti-Features

This app has features you may not like. Learn more!

Packages

Although APK downloads are available below to give you the choice, you should be aware that by installing that way you will not receive update notifications and it’s a less secure way to download. We recommend that you install the F-Droid client and use that.

This version requires Android 5.0 or newer.

It is built and signed by F-Droid, and guaranteed to correspond to this source tarball.

This version requires Android 5.0 or newer.

It is built and signed by F-Droid, and guaranteed to correspond to this source tarball.

This version requires Android 5.0 or newer.

It is built and signed by F-Droid, and guaranteed to correspond to this source tarball.

Источник

Android open source firewall

NetGuard provides simple and advanced ways to block access to the internet — no root required. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

Blocking access to the internet can help:

  • reduce your data usage
  • save your battery
  • increase your privacy

NetGuard is the first free and open source no-root firewall for Android.

  • Simple to use
  • No root required
  • 100% open source
  • No calling home
  • No tracking or analytics
  • Actively developed and supported
  • Android 5.1 and later supported
  • IPv4/IPv6 TCP/UDP supported
  • Tethering supported
  • Optionally allow when screen on
  • Optionally block when roaming
  • Optionally block system applications
  • Optionally forward ports, also to external addresses (not available if installed from the Play store)
  • Optionally notify when an application accesses the internet
  • Optionally record network usage per application per address
  • Optionally block ads using a hosts file (not available if installed from the Play store)
  • Material design theme with light and dark theme
  • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic
  • Allow/block individual addresses per application
  • New application notifications; configure NetGuard directly from the notification
  • Display network speed graph in a status bar notification
  • Select from five additional themes in both light and dark version

There is no other no-root firewall offering all these features.

  • MD5: B6:4A:E8:08:1C:3C:9C:19:D6:9E:29:00:46:89:DA:73
  • SHA1: EF:46:F8:13:D2:C8:A0:64:D7:2C:93:6B:9B:96:D1:CC:CC:98:93:78
  • SHA256: E4:A2:60:A2:DC:E7:B7:AF:23:EE:91:9C:48:9E:15:FD:01:02:B9:3F:9E:7C:9D:82:B0:9C:0B:39:50:00:E4:D4
  • Enable the firewall using the switch in the action bar
  • Allow/deny Wi-Fi/mobile internet access using the icons along the right side of the application list

You can use the settings menu to change from blacklist mode (allow all in Settings but block unwanted applications in list) to whitelist mode (block all in Settings but allow favorite applications in list).

  • Red/orange/yellow/amber = internet access denied
  • Teal/blue/purple/grey = internet access allowed
Читайте также:  Как удалить cmm андроид

For more screenshots, see here.

The only way to build a no-root firewall on Android is to use the Android VPN service. Android doesn’t allow chaining of VPN services, so you cannot use NetGuard together with other VPN based applications. See also this FAQ.

NetGuard can be used on rooted devices too and even offers more features than most root firewalls.

Some older Android versions, especially Samsung’s Android versions, have a buggy VPN implementation, which results in Android refusing to start the VPN service in certain circumstances, like when there is no internet connectivity yet (when starting up your device) or when incorrectly requiring manual approval of the VPN service again (when starting up your device). NetGuard will try to workaround this and remove the error message when it succeeds, else you are out of luck.

Some LineageOS versions have a broken Android VPN implementation, causing all traffic to be blocked, please see this FAQ for more information.

NetGuard is not supported for apps installed in a work profile, or in a Secure Folder (Samsung), or as second instance (MIUI), or as Parallel app (OnePlus), or as Xiaomi dual app because the Android VPN service too often does not work correctly in this situation, which can’t be fixed by NetGuard.

Filtering mode cannot be used on CopperheadOS.

NetGuard will not work or crash when the package com.android.vpndialogs has been removed or otherwise is unavailable. Removing this package is possible with root permissions only. If you disable this package, you can enable it with this command again:

NetGuard is supported for phones and tablets only, so not for other device types like on a television or in a car.

Android does not allow incoming connections (not the same as incoming traffic) and the Android VPN service has no support for this either. Therefore managing incoming connections for servers running on your device is not supported.

Wi-Fi or IP calling will not work if your provider uses IPsec to encrypt your phone calls, SMS messages and/or MMS messages, unless there was made an exception in NetGuard for your provider (currently for T-Mobile and Verizon). I am happy to add exceptions for other providers, but I need the MCC codes, MNC codes and IP address ranges your provider is using. As an alternative you can enable the option ‘Disable on call‘, which is available since version 2.113.

Источник

Android open source firewall

AFWall+ (Android Firewall+)

Android Firewall+ (AFWall+) is an advanced iptables editor (GUI) for Android. It provides fine-grained control over which Android apps are allowed to access the network.

For more information and a community discussion ground, please visit the official XDA thread or the official Wiki page.

AFWall can be downloaded via Google Play Store, GitHub or via F-Droid.

Читайте также:  Android studio edittext цвет подчеркивания

The changelog documents changes between each new release.

  • Android versions 5.x to 11.x for 4.x — 2.9.9 for 2.x — 1.3.4.1
  • Compatible with Magisk and LineageOS su.
  • ARM/MIPS/x86 processors
  • IPv4 & IPv6 protocols
  • WiFi, mobile data, LAN, VPN, tether, roaming and Tor
  • Multi-user (multiple profiles)
  • Many languages (see Translating)
  • Tasker and Locale plugin
  • Xposed plugin
  • Easy to install
  • Simple to use
  • Free & open source
  • No advertisements
  • Built-in IPtables/BusyBox
  • List and search for all installed applications
  • Sort installed applications by installation date, UUID or in alphabatical order
  • Receive notification for any newly installed application, AFwall only list app with INTERNET_PERMISSION
  • AFWall comes with it’s logs service to see what’s going on
  • Display notifcations for blocked packets
  • Filter blocked packet notifications per app
  • Export & import rules («Import All Rules» requires the donate version)
  • Option to prevent data leaks during boot (requires init.d support or S-OFF)
  • Password protection
  • Option to manage iptable rules with a custom script
  • Device Admin to protect AFWall+ from uninstall (see here why it was removed)

Please check GitHub’s issues section for existing bugs and in case you like to submit a new one. Feature requests are also welcome.

Before you report any problem/bug, take a look into the how-to-report a bug section.

  • A firewall cannot protect against attacks that are performed outside the operating point. For example, if there is a Point-to-Point connection to the Internet.
  • A firewall cannot prevent corporate data from being copied to a memory stick or HDD, and having these removed from the building.
  • AFWall+ does not scan for virus/malware that may exist in the files that pass through it, because it is a firewall and not an antivirus solution.
  • AFWall+ is not an ad-blocker.
  • Some apps/script which are running under admin rights might bypassing AFWall because they overwrite the system own IPtables with their own rules. Make sure you only give trusted application superuser rights, most «su»-solutions have companion apps which showing which apps are running under which rights like MagisK, Chainfire’s su etc.

AFWall+ has been successfully tested under Android versions 4.x — 9.x. and is reported to work with most Android variants, including stock or exotic ROMs.

We do not recommend using AFWall+ in combination with any of the similar solutions (Avast, Kaspersky, NetGuard etc) because this could result in conflicts or even data leaks (e.g. IPtables could get overwritten).

The upgrading mechanism is really simple, basically you can just «over-install» the new version over the old one, however this is the best pratice (which we recommended):

  • Make a backup of the current version (e.g. via Titanium Backup).
  • Do not remove the current version (otherwise your settings might getting reset).
  • Download the latest AFWall+ version.
  • Install the new version over the previous version.
  • Done!

AFWall+ asks for the following Android permissions:

  • RECEIVE_BOOT_COMPLETED: Autostart (Bootup) AFWall+ after the system finishes booting.
  • ACCESS_NETWORK_STATE: Allows AFWall+ to access information about networks (iptables).
  • WRITE_EXTERNAL_STORAGE: Allows AFWall+ to write to external storage for debug log and export iptables rules.
  • INTERNET: NetworkInterface.getNetworkInterfaces() needs android.permission.INTERNET. This is just being used to get the IPv4 and IPv6 addresses/subnets for each interface, so the LAN address ranges can be determined. Nothing is actually trying to access the network. Also take a look at Stackoverflow.
  • ACCESS_WIFI_STATE: Used to detect the tether state.
  • DEPRECATED ACCESS_SUPERUSER: Standard to support Superuser/SuperSU (by Koushik/Chainfire)
Читайте также:  Андроид resident evil 4 с кэшем

Frequently Asked Questions

Having some problems with AFWall+? Check out our FAQ before reporting a bug or problem that may already be known or answered.

The original codebase was derived from DroidWall by Rodrigo Rosauro. DroidWall was sold to AVAST in December 2011, and is no longer actively maintained.

This project also uses some other open-source libraries such as:

Project License Website
Android Color Picker Apache License 2.0 https://github.com/attenzione/android-ColorPickerPreference
Busybox GNU GPLv2 http://www.busybox.net
DBFlow MIT https://github.com/Raizlabs/DBFlow
Prettytime Apache License 2.0 https://github.com/ocpsoft/prettytime
material-dialogs MIT License https://github.com/afollestad/material-dialogs
iptables GNU GPLv2 http://netfilter.org/projects/iptables/index.html
Libsuperuser Apache License 2.0 https://github.com/Chainfire/libsuperuser
Locale Plugin Apache License 2.0 http://www.twofortyfouram.com
Networklog Mozilla Public License Version 2.0 https://github.com/pragma-/networklog
Root Tools Apache License 2.0 https://github.com/Stericson/RootTools

Compiling the APK

  • Android SDK in your $PATH (both platform-tools/ and tools/ directories)
  • Javac 1.7 (or higher) and a recent version of Apache ant in your $PATH
  • Git should be added in your $PATH
  • Use the Android SDK Manager to install API 19 (or higher)

For complete instructions, please take a look at the Wiki’s How To Compile AFWAll section.

Compiling Native Binaries

You can compile the external binaries like BusyBox or the IPtables yourself, on the host side, you’ll need to install the following:

  • NDK r10, nominally under /opt/android-ndk-r10
  • Host-side gcc 4.7, make, etc. (Red Hat ‘Development Tools’ group or Debian build-essential)
  • autoconf, automake, and libtool

This command will build the Android binaries and copy them into res/raw/ :

You can fork the repository and contribute using pull requests.

All contributions no matter if large or small, major features, bug fixes, additional language translations, unit/integration tests are welcomed and appreciated. The pull requests and findings are usually getting reviewed and discussed with the developer and the community .

The res/values-* dirs are kept up-to-date automatically via the Crowdin Translate Extension. See our official translation page in case you like to contribute.

AFWall+ is available in many languages but if yours is not included — or if it needs updating or improving — please create an account and use the translation system and commit your changes.

Donations are optional and helps the project in order to keep up the development. The official donation link is the one below which points to the official AFWall+ PayPal account. You optionally can buy the unlocker key via Google Play Store which unlocks additional features in AFWall+, the unlocker is not avbl. via F-Droid.

About

AFWall+ (Android Firewall +) — iptables based firewall for Android

Источник

Оцените статью