-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Error applying iptables rules" on AFWall+ 1.2.6 (and higher) with IPv6 enabled #227
Comments
Looks like LOG chain is not supported, have you restored using TiB or something ? I guess it should be NFLOG. just disable the log and try again ? |
No, I didn't use TiB. I installed 1.2.5, 1.2.6, and 1.2.6.1 using F-Droid, and 1.2.7 from the post on XDA (not sure why this version isn't on F-Droid yet). Disabling logging does allow the rules to apply successfully. If I go into the preferences and enable logging afterwards, I get "Error toggling log status", along with the same error above in logcat. It was working in 1.2.5. Any idea what caused this? Any workaround? Note: I don't use GAPPS, and don't have it installed. |
can you paste the results from this command from your mobile ? cat /proc/net/ip_tables_targets |
System iptables and ip6tables version: v1.4.11.1 |
So, for IPv4 the kernel supports LOG + NFLOG, but for IPv6 the kernel only supports NFLOG. This looks like a possible oversight. It would be relatively straightforward to check ip6_tables_targets and try to pick the log mode based on what is supported by both protocols. And deny logging entirely if e.g. IPv4 only supports LOG, and IPv6 only supports NFLOG. But since this is a custom ROM, the best solution might be to send a patch via CM gerrit to harmonize the IPv4 and IPv6 netfilter options. What do you think? |
Agree. |
It might take a while to get a stable CM release for my device which includes the suggested CM patch. CM is no longer doing 10.1 nightlies for my device, and the 10.2 nightlies/snapshot has issues with 3g data, along with a host of other issues which haven't been fixed yet. I agree that fixing the issue in CM would be the best, but in the meanhile, making some adjustments to AFWall may prove to be more expedient. This would increase AFWall's compatibility with other devices and ROMs which may have the same issue, especially other ROMs which are based on CM, but may not be as well maintained. |
I'm also getting this error with 1.2.7. Log only shows this: 12-23 15:02:56.284 D/AFWall (15738): Starting root shell... I'm running PA 3.99—RC2. |
Still get this on CM 13.1 with maserati: |
Since AFWall v1.2.6, I get "Error applying iptables rules" when I enable IPv6 support. The following failure is shown in the logs:
NOTE: When the error occurs, the AFWall+ icon indicates that the firewall is disabled, although the IPv4 rules did apply successfully.
I have tried 1.2.6, 1.2.6.1, 1.2.7, and all exhibit the same error above; version 1.2.5 does not present any errors.
Phone: Droid Razr Maxx XT912
ROM: CM10.1.3
The text was updated successfully, but these errors were encountered: