blocks all traffic until applied

[kilroythe5th]

I don't know if it's a bug, but afwall often blocks all traffic unless I manually reapply the iptables.

[9Morello]

I'm getting the same bug. Happens every time I start my device. I'm on Nougat and I know its not supported yet, but Idk if this is happening with other versions.

[bfritz]

This sounds like it might be a dup of #603 . @kilroythe5th or @9Morello have you tried release 2.7.0 yet?

[9Morello]

@bfritz Yes, I'm using 2.7.0.

[ukanth]

@9Morello , Enable/Disable startup delay from experimental to resolve this during startup.
Also please let me know if you have active rules enabled or not.

[kilroythe5th]

I have active rules enabled, but even though it says the iptables were applied, it blocks everything until I either toggle data on and off a few times, or apply them manually.

[ukanth]

@kilroythe5th , Please copy/paste firewall rules (export) along with following command

iptables -S

[kilroythe5th]

hope this helps
iptables.txt

[ukanth]

please attach the firewall rules ( menu-firewall rules-export) as well. Thanks

[9Morello]

Active rules was/is enabled. I'll test with the startup delay and report back.

Edit: turning startup delay on didn't solve it. I still get no connection on startup and need to apply the firewall rules again to connect to the Internet.

[ukanth]

Can you post the same as above right after you restart before applying the rules. I need to understand the issue.

iptables -S
+
menu->firewall rules->export

[9Morello]

iptables -S output:

bash-4.4# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT DROP
-N bw_FORWARD
-N bw_INPUT
-N bw_OUTPUT
-N bw_costly_shared
-N bw_data_saver
-N bw_happy_box
-N bw_penalty_box
-N fw_FORWARD
-N fw_INPUT
-N fw_OUTPUT
-N fw_dozable
-N fw_powersave
-N fw_standby
-N natctrl_FORWARD
-N natctrl_tether_counters
-N oem_fwd
-N oem_out
-N st_OUTPUT
-N st_clear_caught
-N st_clear_detect
-N st_penalty_log
-N st_penalty_reject
-A INPUT -j bw_INPUT
-A INPUT -j fw_INPUT
-A FORWARD -j oem_fwd
-A FORWARD -j fw_FORWARD
-A FORWARD -j bw_FORWARD
-A FORWARD -j natctrl_FORWARD
-A OUTPUT -j oem_out
-A OUTPUT -j fw_OUTPUT
-A OUTPUT -j st_OUTPUT
-A OUTPUT -j bw_OUTPUT
-A bw_INPUT -m quota2 ! --name globalAlert  --quota 2097152
a 2097152
-A bw_INPUT -m owner --socket-exists
-A bw_OUTPUT -m quota2 ! --name globalAlert  --quota 2097152
-A bw_OUTPUT -m owner --socket-exists
-A bw_costly_shared -j bw_penalty_box
-A bw_data_saver -j RETURN
-A bw_happy_box -m owner --uid-owner 10010 -j RETURN
-A bw_happy_box -m owner --uid-owner 0-9999 -j RETURN
-A bw_happy_box -j bw_data_saver
-A bw_penalty_box -j bw_happy_box
-A fw_dozable -i lo -o lo -j RETURN
-A fw_dozable -p tcp -m tcp --tcp-flags RST RST -j RETURN
-A fw_dozable -m owner --uid-owner 0-9999 -j RETURN
-A fw_dozable -j DROP
-A fw_powersave -i lo -o lo -j RETURN
-A fw_powersave -p tcp -m tcp --tcp-flags RST RST -j RETURN
-A fw_powersave -m owner --uid-owner 0-9999 -j RETURN
-A fw_powersave -j DROP
-A fw_standby -i lo -o lo -j RETURN
-A fw_standby -p tcp -m tcp --tcp-flags RST RST -j RETURN
-A fw_standby -m owner --uid-owner 10015 -j DROP
-A fw_standby -m owner --uid-owner 10017 -j DROP
-A fw_standby -m owner --uid-owner 10021 -j DROP
-A fw_standby -m owner --uid-owner 10025 -j DROP
-A fw_standby -m owner --uid-owner 10039 -j DROP
-A fw_standby -m owner --uid-owner 10043 -j DROP
-A fw_standby -m owner --uid-owner 10046 -j DROP
-A fw_standby -m owner --uid-owner 10053 -j DROP
-A fw_standby -m owner --uid-owner 10054 -j DROP
-A fw_standby -m owner --uid-owner 10057 -j DROP
-A fw_standby -m owner --uid-owner 10059 -j DROP
-A fw_standby -m owner --uid-owner 10063 -j DROP
-A fw_standby -m owner --uid-owner 10069 -j DROP
-A fw_standby -m owner --uid-owner 10083 -j DROP
-A fw_standby -m owner --uid-owner 10084 -j DROP
-A fw_standby -m owner --uid-owner 10088 -j DROP
-A fw_standby -m owner --uid-owner 10086 -j DROP
-A fw_standby -m owner --uid-owner 10018 -j DROP
-A fw_standby -m owner --uid-owner 10005 -j DROP
-A fw_standby -m owner --uid-owner 10074 -j DROP
-A natctrl_FORWARD -j DROP
-A st_clear_detect -m connmark --mark 0x2000000/0x2000000 -j REJECT --reject-with icmp-port-unreachable
-A st_clear_detect -m connmark --mark 0x1000000/0x1000000 -j RETURN
-A st_clear_detect -p tcp -m u32 --u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x4&0xff0000=0x10000" -j CONNMARK --set-xmark 0x1000000/0x1000000
-A st_clear_detect -p udp -m u32 --u32 "0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000" -j CONNMARK --set-xmark 0x1000000/0x1000000
-A st_clear_detect -m connmark --mark 0x1000000/0x1000000 -j RETURN
-A st_clear_detect -p tcp -m state --state ESTABLISHED -m u32 --u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0" -j st_clear_caught
-A st_clear_detect -p udp -j st_clear_caught
-A st_penalty_log -j CONNMARK --set-xmark 0x1000000/0x1000000
-A st_penalty_log -j NFLOG
-A st_penalty_reject -j CONNMARK --set-xmark 0x2000000/0x2000000
-A st_penalty_reject -j NFLOG
-A st_penalty_reject -j REJECT --reject-with icmp-port-unreachable

menu->firewall rules->export output:
[{"com.termux":{"0":true},"org.telegram.messenger":{"0":true},"org.proninyaroslav.libretorrent":{"0":true},"org.fdroid.fdroid":{"0":true},"org.mozilla.firefox":{"0":true},"com.jparkie.aizoban":{"0":true},"de.blinkt.openvpn":{"0":true,"4":true},"org.floens.chan":{"0":true},"com.fsck.k9":{"0":true},"com.mxtech.ffmpeg.v7_neon":{"0":true},"org.schabi.newpipe":{"0":true},"science.itaintrocket.pomfshare":{"0":true},"org.adaway":{"0":true},"com.whatsapp":{"0":true},"ch.citux.td":{"0":true}}]

Not sure if related, but block notifications are also not working at all (regardless if AFWall is working or not). Both "Turn on log service" and "Enable notification toasts" are enabled.

[ukanth]

Please attach actual IPv4Rules/IPv6Rules.log from (menu->firewall rules->export to SDcard)

[ukanth]

OK, found the issue, can you guys try this build ?

[9Morello]

I'll try it this night and report back.

[ukanth]

@9Morello , Thanks, Kindly take this build instead.

@kilroythe5th , You can install and let me know as well.

https://www.dropbox.com/s/tl4ogqwem6z4i0t/AFWall%2B%202.8.0-PS.apk?dl=0
I will be publish the same build to playstore after the confirmation.

You can find the change log here
https://github.com/ukanth/afwall/blob/stable/Changelog.md

[kilroythe5th]

I don't know about the others, but as far as I can tell, it works perfectly now

[9Morello]

Confirmed, the build above is working as intended. Internet keeps working after reboot.

[ukanth]

This issue is fixed it in 2.8.0. Thanks All for the reports