[Feature Request] Allow only specific IPs/Ports by App #262
Comments
|
I'd love to see this feature, but I'm not sure how to implement this on Android, typically used on desktop is the owner match extension: |
One challenge is that "ftp.mydomain.com" might not always resolve to the same IP address, so it's hard to write a netfilter rule that works reliably. Also, depending on the Android OS version, allowing DNS resolution could be tricky (or a hole). Another concern is that many users want their FTP client to be able to connect to arbitrary sites. Maybe for this case, it would be better to search F-Droid for an open source client instead of using proprietary software that you do not trust? This is what showed up in a quick search (I haven't tried either one): https://f-droid.org/repository/browse/?fdfilter=ftp&fdid=com.ghostsq.commander
AFWall uses the owner match extension to apply different rules to different apps. |
|
If I get this correctly a AFWall Blacklist for one app is a "owner UID match u0_a??" iptables rule. |
|
Easiest method (through the GUI) is to enable "Show UID for apps" in the AFWall preferences. Or from adb/terminal: It is static as long as the package remains installed. |
|
Duplicate of #15 |
First of All, thanks for that nice App for Android.
One thing I currently miss at most is the possiblity to allow a specific app only to connect to a specific IP/Port. For example if I got a FTP client, which should only connect to ftp.mydomain.com, but not to a other domains/IPs.
This would also be usefull to get rid of the fact, that much apps talking home. So to stick with the explaination above, we can be somewhat safer, that their isn´t any other connection from the app, which might smuggling any data to any other servers. This could really fight the fact that there are currently to much apps in the android ecosystem which are doing this.
For me it is really one of the most important feature for a firewall.
Thanks forward.
The text was updated successfully, but these errors were encountered: