Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shutdown scripts do not work #1061

Open
OmlineEditor opened this issue Jan 6, 2020 · 4 comments
Open

Shutdown scripts do not work #1061

OmlineEditor opened this issue Jan 6, 2020 · 4 comments
Labels
Review

Comments

@OmlineEditor
Copy link

I'm using two different versions of AFWall+ with equal user scripts for Firewall Disable:

  • old version (2.9.9) on the tablet - it's works ok.
  • and new version (3.3.1) at phone - it's return me "Error purging iptables"

My shutdown script (I need to full block the Internet when I turn off):
iptables -F
iptables -X

iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j DROP

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

ip6tables -F
ip6tables -X

ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -j DROP
ip6tables -A OUTPUT -j DROP

ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT DROP
@norbertc
Copy link

the same issue encountered. i have a stop script that cleans up custom inserted rules and results in the same error.

aside from that, inserting rules on the start (before afwall chain), has random effect now. sometimes afwall chain is in the middle of OUTPUT chain. Also inserted rules are sometimes doubled. No issues on previous AFWall+ version though.

@markd89
Copy link

markd89 commented Dec 21, 2020
edited
Loading

3.5 Beta, same here.

I have a script which blocks all Google and Facebook IP addresses.

I've been trying to use the following but get the error. Is there another approach that might work?

#!/bin/bash
## iptables_off.sh
## AFWall+ shutdown actions
## Mike Kuketz
## www.kuketz-blog.de
## https://github.com/ukanth/afwall/wiki/CustomScripts#drop-vs-reject
####################
# iptables         #
####################
IPTABLES=/system/bin/iptables
IP6TABLES=/system/bin/ip6tables 

# Flush/Purge all rules except OUTPUT
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IP6TABLES -F INPUT
$IP6TABLES -F FORWARD
$IP6TABLES -t nat -F
$IP6TABLES -t mangle -F

# Flush/Purge/resetting all rules
$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X
$IPTABLES -t raw -F
$IPTABLES -t raw -X
$IPTABLES -t security -F
$IPTABLES -t security -X
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT

# Allow loopback communication (necessary on IPv6)
$IP6TABLES -A INPUT -i lo -j ACCEPT
$IP6TABLES -A OUTPUT -o lo -j ACCEPT

@markd89
Copy link

markd89 commented Dec 21, 2020
edited
Loading

I checked logcat and see:

command iptables -F afwall exited with status 1
Output: No chain/target/match by that name

So I must be missing something. In the script above, there is no line with "-F afwall" . Maybe this is being added by AFWall itself?

@markd89
Copy link

markd89 commented Dec 29, 2020
edited
Loading

I got this working.. I think the problem is that not all chains are present in Android. I commented out the following:

# Flush/Purge all rules except OUTPUT
#$IPTABLES -F INPUT
#$IPTABLES -F FORWARD
#$IPTABLES -t nat -F
#$IPTABLES -t mangle -F
#$IP6TABLES -F INPUT
#$IP6TABLES -F FORWARD
#$IPTABLES -t nat -F
#$IP6TABLES -t mangle -F

I added one more line:
$IPTABLES -F "afwall"

That one line should be sufficient to flush the rules that I added in my startup script.

YMMV. I hope this helps.

@ukanth ukanth added the Review label Mar 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ukanth @markd89 @norbertc @OmlineEditor