afwall icon indicating copy to clipboard operation
afwall copied to clipboard

Published 20 hours ago verified publisher icon ukanth

AFWall sometimes fails to get root on connection change

Open cb474 opened this issue 7 years ago • 10 comments

I'm having a problem where sometimes AFWall is not granted root status and it fails to apply iptables rules. This is on a Pixel 2, rooted with Magisk. I don't know for sure if this is an AFWall issue or might be a Magisk issue. But Magisk is showing no errors in catlog and I have no problem with other root apps.

This seems to happen when I have a change in connection (e.g. from wifi to cell) and AFWall is reapplying the rules (I have the "Active rules" setting enabled in preferences). But it only happens somtimes, not on every connection change. I get a notification saying AFWall could not apply rules and when I open AFWall an error from AFWall saying that it was unable to get root and my device needs to be rooted. If I move AFWall out of the recents menu and restart it that solves the problem (I can then manually apply rules with success and other automatic applications of the rules on connection changes seem to work). Most of the time AFWall works fine.

Attached are some logs, captured right after this happened, from the system through Catlog.

The only clear errors I see there are from the AFWall entries in catlog:

E/AFWall (22459): libsuperuser error -2 on command 'iptables -P OUTPUT DROP'

and:

E/AFWall (21817): CONNECTIVITY_CHANGE: applySavedIptablesRules() returned an error

afwall.catlog.txt magisk.catlog.txt

Perhaps my issue is the same as this one (but almost no information is provided there): https://github.com/ukanth/afwall/issues/776

cb474 avatar Dec 04 '17 21:12 cb474

I was the one that posted the issue you linked. I disabled Magisk Hide Root settings in Magisk and noticed I stopped getting the error on connection change. Once I enabled Magisk hide again I started getting the errors. So it seems it's related to the Magisk hide root function.

TripodKnight avatar Dec 13 '17 07:12 TripodKnight

Thanks for the suggestion. It's funny, because I seem to be having the issue less, even though neither Magisk nor Afwall have been updated. But I do occasionally have it in unpredictable ways.

I do have the Magisk hide toggle switch enabled in my settings, but I don't have the hiding function enabled for any apps. Disabling the toggle switch seems to just remove the tab for enabling hiding from specific apps. Do you know if it also does other things? Otherwise, I don't quite understand how it would effect the issue. But I'll try it and see.

It does seem like even if that resolves the issue, it is still unclear whether this is a Magisk bug or an AFWall bug.

cb474 avatar Dec 13 '17 08:12 cb474

Looks like races. If I'm right, that's Magisk bug; file it there and post the link here.

ildar avatar Dec 13 '17 11:12 ildar

I know I used to only pass safety net checks with magisk hide turned on, although lately I haven't been able to get the safety net check to work so I can't confirm.

TripodKnight avatar Dec 15 '17 01:12 TripodKnight

Hi all,

I have exactly the same issue : sometimes AFWall+ is not granted root status and it fails to apply iptables rules.

It occurs randomly (perhaps at connection changes, but not sure of it) on all my phones, which are all rooted using Magisk (version 14.0 or 15.3) and have all Magisk Hide enabled. Whatever the Android version (Marshmallow or Nougat) and ROM used : Resurrection Remix or OxygenOS, I get the same problem.

I will test now your suggestion : disabling Magisk Hide (that I don't need) and I'll be back here to confirm or not, that it fixes the issue.

accnetdev avatar Jan 29 '18 08:01 accnetdev

Unfortunately disabling Magisk Hide does not fix the issue on my devices. Is there another workaround to test ?

accnetdev avatar Feb 09 '18 14:02 accnetdev

Same issue here on LinageOS 14.1. The only workaround for me is force closing the app in systemsettings and clear afwalls cache.

ghost avatar Apr 02 '18 20:04 ghost

Having same issue with LineageOS and Lineage's Root solution, not using Magisk, since several weeks. So seems not related to Magisk

MSe1969 avatar May 13 '18 11:05 MSe1969

Have this issue on a LG G2 mini (D620r) with LineageOS 14.1 when applying the same ruleset I am using on a LG G4 (H815) with LineageOS 14.1 where is works as expected. The configuration of Afwall+ is identical on both phones. When I reduce the rule set to a subset of the rejecting rules it works stable on the G2 mini, too. But this is an unsatisfying compromise in safety and privacy.

So maybe, this effect has to do with some sort of memory shortage or lesser processor performance. It would be nice if this could be checked and corrected, if possible.

(No Magisk, just the LineageOS addonsu. No power management for Afwall+).

wistein avatar Mar 09 '19 18:03 wistein

Same issue here on LinageOS 14.1. The only workaround for me is force closing the app in systemsettings and clear afwalls cache.

Thanks, this actually helped.

selurvedu avatar Apr 08 '24 18:04 selurvedu