AFWall+ not working after reboot

[ghost]

Hello,

I recently opened #699 but it seems that actually the problem is another: I uninstalled and reinstalled AFWall+ and bought the license and had an empty setup. In this everything was okay, i.e., all apps were blocked - also VPN based.

Yet, after an immediate reboot of the phone (AICP based on LineageOS, Android 7.1, device HTC10) I noticed that beside the fact that no app was selected for traffic (i.e., all should still be blocked) internet traffic was flowing normally. The browser could access any page, Google Play was working, etc.

So it seems that after a device reboot AFWall+ does not get activated again though it says that it is active.

[github-tomster]

i can confirm this. AOKP 7.1.2 rom build on 2017-04-18.
AFWall is the first apk installed on the phone.
it shows enabled, and applying rules is working.
though no traffic is blocked. all apps do have network access...
i rebootet: still all app can access
i disabled AFWall, enabled AFWall (no reboot) and the AFWall works.
the next reboot AFWall was still working...

[java-py-c-cpp-js]

Hi,

I seem to have the same or at least a very similar Problem, but in my case blocking mobile Internet works, blocking WiFi doesn't. I'm using LineageOS with Android 7.1.2 also. Dis- and enabling AFWall doesn't fix the problem.

[watchmoretv]

Hi,
i can confirm github-tomster's afwall behaviour on LineageOS 14 (7.1.2).
Showing enabled, but not working after boot up, even with "Startup delay" enabled. Another problem, not an issue but more related to my own incapability, regarding SELinux and "Fix startup data leak" init.d:
dmesg gives me tons of

[ xxx.xxxxx] type=1400 audit(123.456): avc: denied { getattr } for pid=229 comm="afwallstart" path="/data/data/com.android.providers.downloads" dev="mmcblk0p14" ino=32233 scontext=u:r:sysinit:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir permissive=0

and i know nothing about SELinux. I would be glad if someone could tell me how to "chcon u:object_r:" this.

After boot and restarting Afwall, it even stopped working randomly, but i could solve this by disabling the battery save mode. On Lineage you can make exceptions for background apps, but afwall won't stay on that list, so i think this issue is LineageOS related.

Ukanth, thank your for afwall. At least a contraceptive in this filthy, dirty virtual world ;-)

[gytisrepecka]

I can also confirm same issue on Motorola Nexus 6 device running Lineage OS 14.1 with addon-superuser - after reboot AFWall doesn't block any traffic, it works only when manually applying rules. Startup delay enabled, but still no luck...

[github-tomster]

me again.
sorry to bother.
fresh flash all wiped/formated
afwall first app installed after supersu flashed via recovery zip
not working unfortunately. all apps have network-access.
it seems a bit weird that afwall doesnt detects the active interface.

===========
System info

Android version: 7.1.2
Manufacturer: Samsung
Model: GT-I9195
Build: lineage_serranoltexx-userdebug 7.1.2 N2G47E fa709cffc5 test-keys
Active interface: unknown
Tether status: unknown
Roam status: no
IPv4 subnet:
IPv6 subnet:
/system/bin/su: not present
/system/xbin/su: not present
/system/app/Superuser.apk: not present
Superuser: eu.chainfire.supersu v2.79

===========
Preferences

activeNotification: false
activeRules: true
addStartupDelay: false
appVersion: 15940
blockIPv6: true
disableIcons: false
enableAdmin: true
enableConfirm: true
enableDeviceCheck: false
enableIPv6: false
enableLAN: true
enableLogService: true
enableRoam: false
enableVPN: false
fixLeak: false
hasRoot: true
ipurchaseddonatekey: false
logDmesg: OS
logPingTimeout: 10
logTarget: NFLOG
notifyAppInstall: true
oldLogView: true
passSetting: p0
patternMax: 3
ruleTextSize: 10
showFilter: true
showLogToasts: false
showUid: true
storedPid: []
sysColor: -10432
toast_pos: bottom
Profile Mode : whitelist
Status : Enabled

======
Logcat

22:05:10 Selected Profile: AFWallPrefs
22:05:10 Now assuming NO connection (all interfaces down)
22:05:10 Selected Profile: AFWallPrefs
22:05:10 applySavedIptablesRules invoked
22:05:10 Setting OUTPUT to Drop
22:05:10 Setting OUTPUT to Accept
22:05:10 Starting root shell...
22:05:10 [libsuperuser] [SU%] START
22:05:10 Starting Log Service: echo $$ & /data/user/0/dev.ukanth.ufirewall/app_bin/nflog 40 for LogTarget: NFLOG
22:05:10 rootSession is not Null
22:05:10 [libsuperuser] [SU%] START
22:05:10 Cleanup session
22:05:11 Root shell is open
22:05:17 BOOT_COMPLETED: applied rules at 1493669117336
22:05:39 Selected Profile: AFWallPrefs

[java-py-c-cpp-js]

In my case I could solve the problem by disabling Lan control. As soon as I enable it again and apply the rules afwall blocks nothing, even after restarting android. It makes no difference whether I enabling or disabling battery optimisation for AfWall.

[gytisrepecka]

Thanks, disabling LAN control in Preferences > Rules/Connectivity did fix the issue - now all rules are working after reboot.

[github-tomster]

i can not confirm that here.
after the reboot, still ALL apps have access and the active_interface
is still unknown, though a wifi connection is established.
hence all apps have network access.
right after the check of afwall rules and closing afwall interface
a toast appears stating su rights for afwall granted
right after that network connections are restricted as wanted!
when i check the rules now, the active_interface is wifi and the rules are working
correct.
is there anything i can do? or is there an explanation of the cause?
maybe it is a linage error? i can test if one tells me how and what steps to do.
the device is a test device, not productive.

[gytisrepecka]

Which superuser app do you use?

[github-tomster]

===========
System info

Android version: 7.1.2
Manufacturer: Samsung
Model: GT-I9195
Build: aokp_serranoltexx-userdebug 7.1.2 N2G47E e0fd8da3e5 test-keys
Active interface: wifi
Tether status: no
Roam status: no
IPv4 subnet: 192.168.xxx.xxx/24
IPv6 subnet: xxx
/system/bin/su: 79468 bytes
/system/xbin/su: 79468 bytes
/system/app/Superuser.apk: not present
Superuser: eu.chainfire.supersu v2.79

this is my systeminfo

[ThatLarsGuy]

I have the same issue. LineageOS 14.1 (Android 7.1) on a Galaxy S5 - AFWall+ only blocks traffic if I disable LAN control in Preferences > Rules/Connectivity.

[github-tomster]

i have to add that the LAN control is essential to me as some apps indeed
only are allowed to use LAN ressources.
@ukanth
what can i do to help solving the issue?

[rancidfrog]

On 2.9.5, still the case.
After boot from switch off state or reboot apps have access even though blocked.
Opening app sometimes applies rules, if not manual reapply needed.

[razorshiv]

Issue confirmed. Using LineageOS 14.1 Android 7.1.2 on a Nexus 5. Had me baffled for 30 minutes before looking here. Disabling LAN control got it working for me also. LogCat for me also showed all interfaces down.

Cant say I understand how much security LAN control provides. If someone can offer an explanation, that would be great.

Regards

[ukanth]

I will look into the LAN issue on LineageOS. please send me iptables rules before and apply the rules when it's not working.

Thanks.

[razorshiv]

@ukanth If I understood you correctly, you wanted iptables before and after applying. If not, let me know. Files are attached.

Regards
IPv4rules-Before.txt
IPv4rules-After.txt

[razorshiv]

@ukanth Because I am not sure I gave you what you needed, I included rules after disabling LAN control.

Regards

IPv4rules-LAN Disabled-Rules Applied.txt

[beerisgood]

I wonder why Afwall+ works for me, even after a reboot
And i have LAN control enabled and use it

[razorshiv]

@beerisgood Are you using a stock or custom rom? What is your handset make and model? Version of Android? Version of afwall?

Regards

[beerisgood]

@razorshiv: I use unofficial LineageOS (custom ROM) from Seraph08 @ XDA-forum.
My phone is a OnePlus 2 modell A2003 with LineageOS 14.1 (Android 7.1.2) build from 13. july
Afwall version is 2.9.5-BETA from F-Droid

[github-tomster]

@beerisgood
i am glad to read that it is working for you.
very good, indeed. it seems that it has to be related to your
great device since it is a oneplus. referencing to the afwall-xda-forum-topic
there is also a oneplus user with absolutely no problem at all.
maybe you can check there also to find the cause of that.
i should also add this further info: on my device serranoltexx, running
CM11 KTU84Q, there are all functions working.
besides: i do not wonder about that...

[rebesehl]

Pretty glad i found this thread, had the same issue with my new G4 Plus. Got Lineage 14.1 installed and rooted with the addonsu-14.1-arm-signed.zip provided on lineage.com. Installed AFWall as the first app and enabled internet connections afterwards. My heart was bleeding when after a while i noticed tha K9 was connecting although was not allowed by then.
Tried various things (e.g. disabling and enabling got no effect at all) and in the end the disabling of LAN control solved the issue. As a side note the "Startup fix"-Option is not greyed out, but refuses to be enabled (checked).

[devmarxx]

Same issue here. Lineageos 14.1 on Samsung S4 mini GT-I9195 with 3.4.113 kernel. Disabling LAN control is a workaround for the problem.

[pezskwerl]

I'm having similar problems, but I'm not using Lineageos and unchecking LAN control doesn't fix it for me. I'm on a Asus Zenfone 3 Zoom ZE553KL stock ROM (7.1.1, kernel 3.18.31) with Magisk installed.

Update: It dawned on me that this was because this ROM has a integrated startup manager that disables apps by default. Once I enabled it, it starts properly after restarts.

[rancidfrog]

Also not on lineageos.
Why does lan control have an affect, though?

on 2.9.5, still recurs from time to time afwall not applying rules, and many apps having access to internet that should not, since not whitelisted.

[devmarxx]

Updated to 2.9.6. Everything works for me now. Thank you!

[xylo]

I still have this problem with afwall 2.9.6.1 and Resurrection Remix (based on LineageOS 14.1).

[ukanth]

@xylo ,

Can you send firewall rules right after reboot and after applying rules. Without that, it's hard to debug it.

[watchmoretv]

Solved it for me on my phone with LineageOS 14.1.
I have an older phone and expanded the inernal memory with an sdcard in mixed mode.
Every app installed on the external memory was delayed after boot and even excluded from the opt-out of batterysaving settings.
After moving the app to the internal storage everything works as it should so far and afwall comes up after reboot before a connection is established (besides the lowmemorykiller, which kills afwall when i run out of ram).
Thank you ,ukanth. Now that xprivacy is abandoned, your afwall becomes even more important.

[ukanth]

Please reopen if you still have this bug in 3.x