search

longchuan1985 / droidwall

Automatically exported from code.google.com/p/droidwall
0 stars 0 forks source link

Disabling Droid Wall removes rules not set by Droid Wall #39

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 

What steps will reproduce the problem?
1. Have a rule set at boot (/system/etc/init.d/* script)
2. Boot phone and make sure rule is shown in "iptables -L -v -n"
3. Open Droid Wall
4. Enable (if not already) firewall
5. Disable firewall
6. Display current rules "iptables -L -v -n"

What is the expected output? What do you see instead?
I expect to have my custom rules still in effect.
Actual result is an empty rule set: my custom rules are no longer there.

What version of the product are you using? On what operating system?
1.3.8-dev, OpenDesire 3.5.2 (Android 2.2)

Please provide any additional information below.

Is is possible for Droid Wall to use custom targets instead of directly 
inserting rules in builtin targets? It would allow a more flexible way to 
disable only rules set by Droid Wall.
fail2ban (Linux software) does that:

# iptables -L -v -n
Chain INPUT (policy DROP 455 packets, 73559 bytes)
 pkts bytes target     prot opt in     out     source               destination
65227 5239K fail2ban-APACHE_OVERFLOW  all  --  *      *       0.0.0.0/0         
   0.0.0.0/0
65227 5239K fail2ban-APACHE_BADPATH_ACCESS  all  --  *      *       0.0.0.0/0   
         0.0.0.0/0
65225 5239K fail2ban-APACHE_AUTH  all  --  *      *       0.0.0.0/0            
0.0.0.0/0
65225 5239K fail2ban-SSH  all  --  *      *       0.0.0.0/0            0.0.0.0/0
65226 5239K fail2ban-APACHE_CONNECT  all  --  *      *       0.0.0.0/0          
  0.0.0.0/0

[...]

Chain fail2ban-APACHE_AUTH (1 references)
 pkts bytes target     prot opt in     out     source               destination
65225 5239K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-APACHE_BADPATH_ACCESS (1 references)
 pkts bytes target     prot opt in     out     source               destination
    2    96 DROP       all  --  *      *       218.38.34.18         0.0.0.0/0
65225 5239K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-APACHE_CONNECT (1 references)
 pkts bytes target     prot opt in     out     source               destination
65226 5239K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-APACHE_OVERFLOW (1 references)
 pkts bytes target     prot opt in     out     source               destination
65227 5239K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fail2ban-SSH (1 references)
 pkts bytes target     prot opt in     out     source               destination
65225 5239K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Thanks

Original issue reported on code.google.com by fiouzy@gmail.com on 27 Aug 2010 at 5:38

GoogleCodeExporter commented 8 years ago 
Will do for v1.4.0

Original comment by rodrigo...@gmail.com on 6 Sep 2010 at 6:26

GoogleCodeExporter commented 8 years ago 
Should be fixed now on v1.4.0

Droid Wall now creates a "droidwall" netfilter chain and uses that chain to put 
the rules. The OUTPUT default chain is then linked to the "droidwall" chain.

Original comment by rodrigo...@gmail.com on 6 Sep 2010 at 7:31