ukanth
Separated screen on/off rules support
Could AFWall+ supports separated rules based on screen state (on/off)? That would be great since there're many apps I only want to have Internet connection when screen is on.
You know, that's a real interesting idea. I have to agree: For most apps, I only want them to communicate when the screen is on. I would take it even one step further: I only want them to communicate when the screen is on and they are the foreground app.
@CHEF-KOCH I think you misunderstood here. I want to have more strict rules when the screen is off, which means more apps cannot connect to Internet in that condition. Not the other way around.
Facebook for example. I don't care about notification when screen is off anyway. I know that it can be Greenified but it will kill the process and launch it again is slow.
You're right, @CHEF-KOCH . I actually want to block all traffics, not just notifications. Maybe we can disable push service of target app but that'll make the solution depends on other app. Looks like it stucks here. Anyway, Facebook messenger also uses polling as fallback. I'm not sure about Facebook either.
Well, as I can see that we have no acceptable solution for this, it's 'wontfix' then. Thank you for your elaboration! Btw, this feature I saw NetGuard has, and I read somewhere that they implement it by change set of rules when screen turn on/off. But it cannot block push notification as you said.
:+1: Perhaps this or many other limitations now (if has any) could be implemented as extra features that only can be activated if Xposed is available like Greenify does with some of their experimental features. I tried Xposed once and its power is addictive. Cannot use any phone without it now. :-)
An option to block all (including GCM) internet traffic once the screen is off would definitely be useful. Per app is a plus, but blocking all internet traffic would still be very useful. It would save battery significantly. Ideally, it would wait 10-30 seconds after the screen is off, to make sure you aren't going to turn it right back on.
This is a different compromise from automatically turning off WiFi / data when the screen is off. When an app turns off WiFi / data, and then turns it back on, more battery is conserved, but credentials must be authenticated each time, which takes time (and a little power). Blocking all internet traffic maintains the established connection, but just blocks the transmission/reception of data. Thus, WiFi / data will be available immediately when the screen it turned back on.
I've just logged in to create a feature request to block/enable network while screen off/on on per-app basis as it's realised in NetGuard. With NetGuard this feature is extremely useful. With AFWall+ I've created two separated profiles for different screen states. It's not very comfortable to switch them manually.
Most likely not a wise idea to add. Resyncing when screen comes back on will most definitely eat more traffic than keeping an idle connection. If you want to get rid of an app that possibly does problematic stuff, just uninstall it.
That is a big generalization without any evidence to support it.
Also, it's a gross oversimplification to "just uninstall it".
Every app can be considered "problematic", as an app with internet access can transmit or receive any data. Also, apps can work in conjunction with each other to transmit or receive data that a single app may not have access to.
You need to be able to trust apps you have installed. If you cant, uninstall them. If you cannot trust any app... well throw away your device. This goes for all apps, not only apps with internet access. There are many more weaknesses on a rooted android, than internet access.
"Also, apps can work in conjunction with each other to transmit or receive data" cannot be solved by iptables. You will need an intent filter, which has nothing to do with iptables and should therefore be out of scope for this app.
This app is a great iptables manager, and imho should stay that way and not try to grow into a failing wannabe-all-security-solution. Why not add an anti-virus part too? It has to do something with security too. Also some crypto-helper stuff, because well ... security has to do with crypto no? Also bundle tor for privacy! ... NOT
@somenet
It's not problem to trust an app or not to trust. Actually some apps should not have access to internet while it's standby mode. If some app is trusted but I use it only while screen is on, this option could be very helpful. You forgot very simple thing: not all mobile plans are unlimited. As for me I need only three apps have access to internet on background: mail app and two messengers
The app "NoRoot Data Firewall" allows easily to block depending on screen state (on/off) per app and much more comfortable than NetGuard. It is highly comfortable to configure the app. I suggest to adapt this kind of feature. It's up to you.
@ukanth , so, as far as I understood you won't implement the feature, please clarify.
@SkyWheel , No, not yet. I'm working on few core level design changes. If that goes well, I might support this.
Isn't it better you get an app catching on/off events (and other events you like) and sending profile switch command (aka intent) to Af wall?
Easer (Auto operation performer) - https://f-droid.org/app/ryey.easer could be a good candidate but needs your desired screen on/off event. Ask the developer, he'll help
@ildar IIRC, switching profiles requires rewriting iptables, which is slow.
@ildar, easer constantly crashes on my latest nightly LineageOS build :cry:
@SkyWheel , No, not yet. I'm working on few core level design changes. If that goes well, I might support this.
@ukanth Any progress on this feature? Would be very useful. Thank you for your work!
