search

emanuele-f / PCAPdroid

No-root network monitor, firewall and PCAP dumper for Android
https://emanuele-f.github.io/PCAPdroid
GNU General Public License v3.0
2.41k stars 285 forks source link

Get inspired by AFwall #267

Open yoshimo opened 2 years ago

yoshimo commented 2 years ago

I like the simple column based creation of firewall rules that AFwall by Ukanth offers VPN/Mobile/WIFI/Roaming/Tor as the column headers Applications in system/core/user tabs and then you can scroll down and mark checkboxes Having trusted wifi networks separately like home&friends would also help to prevent leakage of data.

It is nice to have this done at the system level with iptables for maximum performance

Importing existing rules would be cool so we don't have to run both apps at the same time and cause conflicts.

emanuele-f commented 2 years ago

Hi, thanks for your suggestions. Each request should be handled as a separate issue, please see below for details:

I like the simple column based creation of firewall rules that AFwall by Ukanth offers VPN/Mobile/WIFI/Roaming/Tor as the column headers

I don't really like the idea to differentiate policies based on the network type. Android already allows you to specify if an app is allowed to do background/mobile/roaming, so it seems a complication to me

Applications in system/core/user tabs and then you can scroll down and mark checkboxes

Toggle button to easily allow/block apps will be useful and something I've planned. Also displaying only user/system apps would be useful. Please open a separate ticket.

Having trusted wifi networks separately like home&friends would also help to prevent leakage of data

In essence you want to create firewall rules based on the specific wifi network you are connected to. I think very few people have this same necessity, so in my opinion this is an over-complication. If you have other insights on this use-case please let me know (edit: more insights also in #260)

It is nice to have this done at the system level with iptables for maximum performance

This is #203 , the implementation of a firewall with root. Apart from performance, this would also allow you to connect to other vpn while still using PCAPdroid, so it's something useful to implement. But I think to have full flexibility on our rules, packets would still need to be brought to the userspace and in this case there will be no performance improvement

Importing existing rules would be cool so we don't have to run both apps at the same time and cause conflicts

Please open a separate issue with references to the AFwall rules format