celzero
No DNS with firewall
I can't allow an app to connect through the firewall and use DNS.
I test it, and there are fewer adds blocked with firewall+DNS, than if I am using only the DNS. Here to test: https://d3ward.github.io/toolz/adblock
Presuming I understood your request correctly... Can you share screenshots of what you mean when you say DNS + Firewall works better than DNS-only mode at blocking ads (as tested at https://d3ward.github.io/toolz/adblock)?
This shouldn't be the case.
screenshots:
Just DNS running image:Results with just DNS running (good):
d3_adb_25_3_2024 22_38_37.json
Rethink DNS + Firewall settings:
Results with DNS+Firewall (not good):
d3_adb_25_3_2024 22_41_25.json
- Some of the domains that show up as allowed may have been added to per-app rules?
- Or, if any app is set to Bypass DNS & Firewall, then most domain blocks are done at connection time (that is, by the Firewall) and not resolution time (that is, not by the DNS).
Hi @ignoramous
- Some of the domains that show up as allowed may have been added to per-app rules?
No domains manually allowed.
2. Or, if _any_ app is set to _Bypass DNS & Firewall_, then most domain blocks are done at _connection_ time (that is, by the Firewall) and not _resolution_ time (that is, _not_ by the DNS).
I am not sure if I understand it. I have set to bypass some apps, but not the Opera app, which is the brower with which I am testing the website. Is it not possible to add bypass rules to some apps, while others are using the DNS?
Is it not possible to add bypass rules to some apps, while others are using the DNS?
It is. But the behaviour is that ALL domains are resolved as the firewall rules for domains will be applied at connection time. That is, DNS logs would show that a particular domain was allowed but may or may not have been blocked at connection time, which should show up in Network logs.
We released v055d today (GitHub and Website only; Play Store F-Droid are under review), can you see if it fixes this issue?
I can't install it.
It says: the app hasn't been installed because of a conflict with a packet.
It says: the app hasn't been installed because of a conflict with a packet
You likely installed the current app on your Android from F-Droid? If so, you'll have to update to the new version from F-Droid. Only Play Store, GitHub, and Website versions are interchangeably updatable with each other.
Is it not possible to add bypass rules to some apps, while others are using the DNS?
It is. But the behaviour is that ALL domains are resolved as the firewall rules for domains will be applied at connection time. That is, DNS logs would show that a particular domain was allowed but may or may not have been blocked at connection time, which should show up in Network logs.
We released
v055dtoday (GitHub and Website only; Play Store F-Droid are under review), can you see if it fixes this issue?
It works apparently, thanks!
It's still happening. If Wireguard hides my IP, ads are not blocked. I stop Wireguard and ads are blocked again.
Are you using WireGuard in Simple mode? If so, WireGuard DNS is then responsible for blocking domains.
Yes, I am using simple mode. So, is it possible to have better DNS protection of using simple mode?