afwall
afwall copied to clipboard
ukanth
Cannot open and uninstall AFWall+, iptables corrupt ?
Describe the bug When I open AFWall+ I see a black screen after a few seconds and the app hangs. I tried cleaning the cache of the app and then the Dalvik cache with TWRP, but to both no avail. I was even unable to uninstall AFWall+.
Even reinstalling by sideloading did not help as the sideloaded app is the 'free' version with a different app id (u0_aXXX) than the Donate version which I have installed and cannot be uninstalled.
It appears iptables is corrupt. It still does connect to the internet, but not to Google Play store, as it is (normally) on purpose, but when I wanted to update apps via the play store, I normally disable firewall to enable play store, but now it did not start up at all.
Is there a way to restore it ?
Firewall Logs
N/A (cannot open app) but here the current iptables -L (however, I am not familiar with iptables)
Chain INPUT (policy ACCEPT)
target prot opt source destination
nm_mdmprxy_doze_mode_skip all -- anywhere anywhere
afwall-input all -- anywhere anywhere
bw_INPUT all -- anywhere anywhere
fw_INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
nm_mdmprxy_iface_pkt_fwder all -- anywhere anywhere
oem_fwd all -- anywhere anywhere
fw_FORWARD all -- anywhere anywhere
bw_FORWARD all -- anywhere anywhere
tetherctrl_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
nm_mdmprxy_doze_mode_skip all -- anywhere anywhere
afwall all -- anywhere anywhere
oem_out all -- anywhere anywhere
fw_OUTPUT all -- anywhere anywhere
st_OUTPUT all -- anywhere anywhere
bw_OUTPUT all -- anywhere anywhere
Chain afwall (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere state ESTABLISHED
afwall-wifi all -- anywhere anywhere
afwall-wifi all -- anywhere anywhere
afwall-wifi all -- anywhere anywhere
afwall-wifi all -- anywhere anywhere
afwall-wifi all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
afwall-3g all -- anywhere anywhere
Chain afwall-3g (23 references)
target prot opt source destination
afwall-3g-postcustom all -- anywhere anywhere
Chain afwall-3g-fork (2 references)
target prot opt source destination
afwall-3g-home all -- anywhere anywhere
Chain afwall-3g-home (1 references)
target prot opt source destination
RETURN udp -- anywhere anywhere udp dpt:domain
RETURN tcp -- anywhere anywhere tcp dpt:domain
RETURN all -- anywhere anywhere owner UID match root
RETURN all -- anywhere anywhere owner UID match vpn
RETURN all -- anywhere anywhere owner UID match u0_a126
RETURN all -- anywhere anywhere owner UID match u0_a133
RETURN all -- anywhere anywhere owner UID match u0_a140
RETURN all -- anywhere anywhere owner UID match u0_a247
RETURN all -- anywhere anywhere owner UID match u0_a250
RETURN all -- anywhere anywhere owner UID match u0_a252
RETURN all -- anywhere anywhere owner UID match u0_a273
RETURN all -- anywhere anywhere owner UID match u0_a276
RETURN all -- anywhere anywhere owner UID match u0_a281
RETURN all -- anywhere anywhere owner UID match u0_a288
RETURN all -- anywhere anywhere owner UID match u0_a291
RETURN all -- anywhere anywhere owner UID match u0_a317
RETURN all -- anywhere anywhere owner UID match u0_a318
RETURN all -- anywhere anywhere owner UID match u0_a339
RETURN all -- anywhere anywhere owner UID match u0_a343
RETURN all -- anywhere anywhere owner UID match u0_a345
RETURN all -- anywhere anywhere owner UID match u0_a347
RETURN all -- anywhere anywhere owner UID match u0_a361
RETURN udp -- anywhere anywhere udp dpt:domain owner UID match root
RETURN tcp -- anywhere anywhere tcp dpt:domain owner UID match root
afwall-reject all -- anywhere anywhere
Chain afwall-3g-postcustom (1 references)
target prot opt source destination
afwall-3g-fork all -- anywhere anywhere
Chain afwall-3g-roam (0 references)
target prot opt source destination
RETURN udp -- anywhere anywhere udp dpt:domain
RETURN tcp -- anywhere anywhere tcp dpt:domain
RETURN udp -- anywhere anywhere udp dpt:domain owner UID match root
RETURN tcp -- anywhere anywhere tcp dpt:domain owner UID match root
afwall-reject all -- anywhere anywhere
Chain afwall-3g-tether (0 references)
target prot opt source destination
RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain
RETURN udp -- anywhere anywhere owner UID match nobody udp dpt:domain
RETURN udp -- anywhere anywhere owner UID match dns_tether udp dpt:domain
RETURN tcp -- anywhere anywhere owner UID match root tcp dpt:domain
RETURN tcp -- anywhere anywhere owner UID match nobody tcp dpt:domain
RETURN tcp -- anywhere anywhere owner UID match dns_tether tcp dpt:domain
afwall-3g-fork all -- anywhere anywhere
Chain afwall-input (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere state ESTABLISHED
Chain afwall-reject (5 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 1000/min burst 5 LOG level warning tcp-options ip-options uid prefix "{AFL}"
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain afwall-tether (0 references)
target prot opt source destination
RETURN udp -- anywhere anywhere udp dpt:domain
RETURN tcp -- anywhere anywhere tcp dpt:domain
RETURN udp -- anywhere anywhere udp dpt:domain owner UID match root
RETURN tcp -- anywhere anywhere tcp dpt:domain owner UID match root
afwall-reject all -- anywhere anywhere
Chain afwall-tor (0 references)
target prot opt source destination
Chain afwall-tor-reject (0 references)
target prot opt source destination
Chain afwall-vpn (0 references)
target prot opt source destination
RETURN udp -- anywhere anywhere udp dpt:domain
RETURN tcp -- anywhere anywhere tcp dpt:domain
RETURN udp -- anywhere anywhere udp dpt:domain owner UID match root
RETURN tcp -- anywhere anywhere tcp dpt:domain owner UID match root
afwall-reject all -- anywhere anywhere
Chain afwall-wifi (5 references)
target prot opt source destination
afwall-wifi-postcustom all -- anywhere anywhere
Chain afwall-wifi-fork (2 references)
target prot opt source destination
afwall-wifi-lan all -- anywhere 192.168.0.0/20
afwall-wifi-wan all -- anywhere !192.168.0.0/20
Chain afwall-wifi-lan (1 references)
target prot opt source destination
RETURN udp -- anywhere anywhere udp dpt:domain
RETURN tcp -- anywhere anywhere tcp dpt:domain
Chain afwall-wifi-postcustom (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere owner UID match dhcp
RETURN all -- anywhere anywhere owner UID match wifi
afwall-wifi-fork all -- anywhere anywhere
Chain afwall-wifi-tether (0 references)
target prot opt source destination
RETURN udp -- anywhere anywhere owner UID match root udp spt:bootps dpt:bootpc
RETURN udp -- anywhere anywhere owner UID match nobody udp spt:bootps dpt:bootpc
RETURN udp -- anywhere anywhere owner UID match network_stack udp spt:bootps dpt:bootpc
RETURN udp -- anywhere anywhere owner UID match root udp spt:domain
RETURN udp -- anywhere anywhere owner UID match nobody udp spt:domain
RETURN udp -- anywhere anywhere owner UID match dns_tether udp spt:domain
RETURN tcp -- anywhere anywhere owner UID match root tcp spt:domain
RETURN tcp -- anywhere anywhere owner UID match nobody tcp spt:domain
RETURN tcp -- anywhere anywhere owner UID match dns_tether tcp spt:domain
afwall-wifi-fork all -- anywhere anywhere
Chain afwall-wifi-wan (1 references)
target prot opt source destination
RETURN udp -- anywhere anywhere udp dpt:domain
RETURN tcp -- anywhere anywhere tcp dpt:domain
RETURN all -- anywhere anywhere owner UID match root
RETURN all -- anywhere anywhere owner UID match vpn
RETURN all -- anywhere anywhere owner UID match drm
RETURN all -- anywhere anywhere owner UID match u0_a126
RETURN all -- anywhere anywhere owner UID match u0_a133
RETURN all -- anywhere anywhere owner UID match u0_a140
RETURN all -- anywhere anywhere owner UID match u0_a146
RETURN all -- anywhere anywhere owner UID match u0_a247
RETURN all -- anywhere anywhere owner UID match u0_a250
RETURN all -- anywhere anywhere owner UID match u0_a251
RETURN all -- anywhere anywhere owner UID match u0_a252
RETURN all -- anywhere anywhere owner UID match u0_a255
RETURN all -- anywhere anywhere owner UID match u0_a258
RETURN all -- anywhere anywhere owner UID match u0_a273
RETURN all -- anywhere anywhere owner UID match u0_a274
RETURN all -- anywhere anywhere owner UID match u0_a276
RETURN all -- anywhere anywhere owner UID match u0_a281
RETURN all -- anywhere anywhere owner UID match u0_a288
RETURN all -- anywhere anywhere owner UID match u0_a291
RETURN all -- anywhere anywhere owner UID match u0_a305
RETURN all -- anywhere anywhere owner UID match u0_a317
RETURN all -- anywhere anywhere owner UID match u0_a318
RETURN all -- anywhere anywhere owner UID match u0_a319
RETURN all -- anywhere anywhere owner UID match u0_a324
RETURN all -- anywhere anywhere owner UID match u0_a339
RETURN all -- anywhere anywhere owner UID match u0_a343
RETURN all -- anywhere anywhere owner UID match u0_a345
RETURN all -- anywhere anywhere owner UID match u0_a347
RETURN all -- anywhere anywhere owner UID match u0_a361
RETURN all -- anywhere anywhere owner UID match u11_a346
RETURN udp -- anywhere anywhere udp dpt:domain owner UID match root
RETURN tcp -- anywhere anywhere tcp dpt:domain owner UID match root
afwall-reject all -- anywhere anywhere
Chain bw_FORWARD (1 references)
target prot opt source destination
Chain bw_INPUT (1 references)
target prot opt source destination
bw_global_alert all -- anywhere anywhere
RETURN esp -- anywhere anywhere
RETURN all -- anywhere anywhere mark match 0x100000/0x100000
MARK all -- anywhere anywhere MARK or 0x100000
Chain bw_OUTPUT (1 references)
target prot opt source destination
bw_global_alert all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere policy match dir out pol ipsec
Chain bw_costly_shared (0 references)
target prot opt source destination
bw_penalty_box all -- anywhere anywhere
Chain bw_data_saver (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain bw_global_alert (2 references)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
Chain bw_happy_box (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere match bpf pinned /sys/fs/bpf/prog_netd_skfilter_whitelist_xtbpf
bw_data_saver all -- anywhere anywhere
Chain bw_penalty_box (1 references)
target prot opt source destination
REJECT all -- anywhere anywhere match bpf pinned /sys/fs/bpf/prog_netd_skfilter_blacklist_xtbpf reject-with icmp-port-unreachable
bw_happy_box all -- anywhere anywhere
Chain fw_FORWARD (1 references)
target prot opt source destination
Chain fw_INPUT (1 references)
target prot opt source destination
Chain fw_OUTPUT (1 references)
target prot opt source destination
Chain nm_mdmprxy_doze_mode_skip (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere mark match 0x8
Chain nm_mdmprxy_iface_pkt_fwder (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain oem_fwd (1 references)
target prot opt source destination
Chain oem_out (1 references)
target prot opt source destination
Chain st_OUTPUT (1 references)
target prot opt source destination
Chain st_clear_caught (2 references)
target prot opt source destination
Chain st_clear_detect (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
CONNMARK tcp -- anywhere anywhere u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x4&0xff0000=0x10000" CONNMARK or 0x1000000
CONNMARK udp -- anywhere anywhere u32 "0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000" CONNMARK or 0x1000000
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
st_clear_caught tcp -- anywhere anywhere state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0"
st_clear_caught udp -- anywhere anywhere
Chain st_penalty_log (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK or 0x1000000
NFLOG all -- anywhere anywhere
Chain st_penalty_reject (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK or 0x2000000
NFLOG all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain tetherctrl_FORWARD (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain tetherctrl_counters (0 references)
target prot opt source destination
Smartphone (please complete the following information):
- Device: OnePlus 6
- Android OS: Onygen OS 10
I did this in a root shell:
.../files/home # ps -ef | grep -i uka
u0_a273 14719 769 0 08:12 ? 00:00:00 dev.ukanth.ufirewall.donate
root 16032 15604 2 08:14 pts/0 00:00:00 grep -i uka
.../files/home # kill -9 14719
.../files/home # ps -ef | grep -i uka
root 16147 15604 2 08:14 pts/0 00:00:00 grep -i uka
Then I started AFWall+ from the Android launcher normally and it started normally. Then I disabled the firewall to save the default firewall settings from a shell in the standard Android downloads folder:
.../files/home # iptables -L > /sdcard/Download/iptables.txt
Then I could run the playstore normally for updates and afterwards I enabled the firewall.
But after a reboot, the same problem appears and have to run the script again.
And export is not working, no files are written in /sdcard/afwall, according to the Android permission manager AFWall has no permissions and I could not set the WRITE_EXTERNAL_STORAGE permission.