Skip to content
/ afwall Public
forked from ukanth/afwall

AFWall+ (Android Firewall +) - iptables based firewall for Android

License

Notifications You must be signed in to change notification settings

Lerist/afwall

 
 

Repository files navigation

AFWall+ (Android Firewall+) Build Status Crowdin

Donate

AFwall+

Google Play

Index

Description

Android Firewall+ (AFWall+) is an advanced iptables editor (GUI) for Android. It provides fine-grained control over which Android apps are allowed to access the network.

For more information and community discussions, please visit the XDA thread or our Wiki.

Availability

Download the latest release from the Google Play Store, GitHub, or F-Droid

The changelog documents changes between each release.

Supports

  • Android versions 4.x/5.x/6.x/7.x
  • ARM/MIPS/x86 processors
  • IPv4/IPv6 protocols
  • WiFi, mobile data, LAN, VPN, tether, and roaming
  • Multi-user (multiple profiles)
  • Many languages (see Translating)
  • Tasker and Locale apps

Highlights

  • Easy to install
  • Simple to use
  • Free and open source
  • No advertisements
  • Built-in iptables/BusyBox

Features

  • Search for installed applications
  • Sort installed applications by installed date/UID/alphabatical order
  • Receive notification for any newly installed application with internet permission
  • Firewall logs service
  • Optionally display notifcations for blocked packets
  • Filter blocked packet notifications per app
  • Export and import rules (Import All Rules requires donate version)
  • Option to prevent data leaks during boot (requires init.d support or S-OFF)
  • Optional Password protection
  • Option to manage rules with a custom script
  • Option to enable Device Admin to protect AFWall+ from uninstall

Bug Reports

Please see the issues section to report any bugs, make feature requests, and to see the list of known issues. Before you report a bug, take a look here.

Limitations

  • A firewall cannot protect against attacks that are performed outside the operating point. For example, if there is a Point-to-Point connection to the Internet.
  • A firewall cannot prevent corporate data from being copied to a memory stick or HDD, and having these removed from the building.
  • AFWall+ does not scan for virus/malware that may exist in the files that pass through it, because it is a firewall and not an antivirus solution.

Compatibility

AFWall+ has been successfully tested with Android versions 4.x - 7.x. (ICS, JellyBean, KitKat, Lollipop, Marshmallow, Nougat) and is reported to work with most Android variants, including stock ROMs.

We do not recommend using AFWall+ in combination with any of the similar solutions because this could result in conflicts and potential data leaks (iptables could get overwritten).

Upgrading

  • Make a backup of the current version (e.g. using Titanium Backup).
  • Do not remove the current version (otherwise your settings might get reset).
  • Download the new version.
  • Install the new version over the previous version.
  • Done!

Permissions

AFWall+ asks for the following Android permissions:

  • RECEIVE_BOOT_COMPLETED: Autostart (Bootup) AFWall+ after the system finishes booting.
  • ACCESS_NETWORK_STATE: Allows AFWall+ to access information about networks (iptables).
  • WRITE_EXTERNAL_STORAGE: Allows AFWall+ to write to external storage for debug log and export iptables rules.
  • ACCESS_SUPERUSER: Standard to support Superuser/SuperSU (by Koushik/Chainfire).
  • INTERNET: NetworkInterface.getNetworkInterfaces() needs android.permission.INTERNET. This is just being used to get the IPv4 and IPv6 addresses/subnets for each interface, so the LAN address ranges can be determined. Nothing is actually trying to access the network. Also take a look at Stackoverflow.
  • ACCESS_WIFI_STATE: Used to detect the tether state.

Frequently Asked Questions (FAQ)

Having problems with AFWall+? Check out our FAQ before reporting a bug or problem that may already be known.

License

AFWall+ is released under the GNU General Public License v3.0 License.

Acknowledgements

The original codebase was derived from DroidWall by Rodrigo Rosauro. DroidWall was sold to AVAST in December 2011, and is no longer actively maintained.

This project also uses many other open-source libraries such as:

Project License Website
Android Color Picker Apache License 2.0 https://github.com/attenzione/android-ColorPickerPreference
Busybox GNU GPLv2 http://www.busybox.net
DBFlow MIT https://github.com/Raizlabs/DBFlow
Prettytime Apache License 2.0 https://github.com/ocpsoft/prettytime
material-dialogs MIT License https://github.com/afollestad/material-dialogs
iptables GNU GPLv2 http://netfilter.org/projects/iptables/index.html
Libsuperuser Apache License 2.0 https://github.com/Chainfire/libsuperuser
Locale Plugin Apache License 2.0 http://www.twofortyfouram.com
Networklog Mozilla Public License Version 2.0 https://github.com/pragma-/networklog
Root Tools Apache License 2.0 https://github.com/Stericson/RootTools

Compile AFWall+

Prerequisites:

  • Android SDK in your $PATH (both platform-tools/ and tools/ directories)
  • Javac 1.7 (or higher) and a recent version of Apache ant in your $PATH
  • Git in your $PATH
  • Use the Android SDK Manager to install API 19 (or higher)

Quick start:

git clone git://github.com/ukanth/afwall
cd afwall
./gradlew clean assembleDebug

For complete instructions, please take a look at the Wiki's How To Compile AFWAll section.

Compiling Native Binaries

On the host side, you will need to install:

  • NDK r10, nominally under /opt/android-ndk-r10
  • Host-side gcc 4.7, make, etc. (Red Hat 'Development Tools' group or Debian build-essential)
  • autoconf, automake, and libtool

This command will build the Android binaries and copy them into res/raw/:

make -C external NDK=/opt/android-ndk-r10

Contributing

Please fork this repository and contribute back using pull requests.

All contributions, large or small, major features, bug fixes, additional language translations, unit/integration tests are welcomed and appreciated but will be thoroughly reviewed and discussed.

Translating

The res/values-* dirs are kept up to date automatically via the Crowdin Translate Extension. See our translation page if you would like to contribute.

This application is available in many languages, but if yours is not included, or if it needs updating or improving, please create an account and use the translation system (powered by the Crowdin Translate Extension) and make your changes.

About

AFWall+ (Android Firewall +) - iptables based firewall for Android

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 98.6%
  • Other 1.4%