建议增加禁止联网功能

[mwacgi]

Android VPN 只能建立一个，目前绝大多数 Android 防火墙都是基于 VPN 连接的，一开 Shadowsocks 防火墙就退出了，防火墙用来阻止某些 APP 联网，所以希望增加这个功能。

[madeye]

Most of popular firewalls added shadowsocks support already. Try AFWall+ or NetPatch.

[Mygod]

~I guess this might be possible with SO_PEERCRED.~ Contributions are welcome.

[mwacgi]

@madeye 根据您的提示，我测试过了 AFWall+ 和 NetPatch, 前者需要 root 权限，后者只支持 shadowsocks 的一部分加密方法，新的加密方法不支持，而且很多功能需要专业版。

对于 Shadowsocks Android 分应用代理，我的理解是把 APP 的流量重定向到 direct 和 proxy 两个通道，再增加一个 block 通道即可达到部分 APP 走 proxy, 部分 APP 使用原有网络，部分 APP 阻止联网的目的。后续您是否会考虑增加这个功能？

谢谢。

[Mygod]

You should check out ndc firewall. Using VpnService for firewall is kind of hacky. Complain to Android if you do not have root.

[leafleave]

这个还是不错的，像ios的shadowrocket就支持direct proxy reject三种，还支持自定义host。对于你这种问题，目前只能在服务端host改成127.0.0.1处理了。

[Mygod]

Might be able to do this with this new API, which uses NETLINK_SOCK_DIAG under the hood. Related:

• https://github.com/AdguardTeam/CoreLibs/issues/661
• https://github.com/M66B/NetGuard/commit/61c8b194c3d175c78316db599fc5f90d38399b5e

Implementation wise, we could send uid as auxiliary info from tun2socks to ss-local so it can handle each connection differently based on UID.

[Mygod]

Reopening this for visibility.

[TPLC]

unsubscribe

---

发件人: Ariya383323 @.> 发送时间: 2021年4月30日 11:35 收件人: shadowsocks/shadowsocks-android @.> 抄送: Subscribed @.***> 主题: Re: [shadowsocks/shadowsocks-android] 建议增加禁止联网功能 (#2087)

Tankye

― You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/shadowsocks/shadowsocks-android/issues/2087#issuecomment-829781957, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEEHS3CWUHAH47FRCKSZ6DLTLIQQPANCNFSM4GRYGOYA.