[QUESTION] DNSCrypt and AFWall iptables

[macruspareto]

Hello everybody!

First of all.... AFWall works like charm for 2 years straight.

For extra security, none of my apps or daemons are allowed to connect directly (wifi/lan is fully unchecked except for OpenVPN client, the only allowed interface is VPN).

I would like to try the console version of DNSCrypt, just to play around and then maybe I'll add it to the boot sequence.

Here is the question:

How do I add the rule to the iptables? Which chain and is there any hidden issues I might encounter?

Phone: Samsung Galaxy, Android 8, rooted Files: /storage/emulated/0/dnscrypt-proxy -config dnsproxy.config (test location)

If this has been asked already, please link it or maybe we should add it to FAQ. Thanks to everyone!

[saveyour]

fix for afwall+ gui

$IPTABLES -A "afwall" -d 127.0.0.1 -p tcp --dport 5354 -j ACCEPT $IPTABLES -A "afwall" -d 127.0.0.1 -p udp --dport 5354 -j ACCEPT

[xxjoe2]

sorry for re-opening an old issue

i use command line dnscrypt and have no problem in blocked mode. however if i switch to allowed mode, although it is able to handle requests, it cant access upstream dns servers. i have enabled allow root processes to acesss all interfaces but no luck

tested: resolve google.com in afwall blocked mode, dig produces correct result switch to afwall allow mode, dig gets cached result from dnscrypt, so access to dnscrypt server is fine however, if i try to resolve other dns requests, it fails to resolve them (i have tried allow all in afwall but still didnt work)

the dnscrypt server starts before afwall, so it should be fine. i have also tried to restart afwall/dnscrypt server but still no luck

any solution pls?