Closed thegithub closed 6 years ago
afwall+ is just a frontend to iptables. You just need to add a rule that allows you to create an outbound connection. I won't go through that program to make you exact instructions, but based on the screenshots on play store, it looks like it will show you block events in the log and let you create rules based on the logs.
not really great... iirc it is linux root which will call, so to enable that willeffectly render afwall useless in many ways (depending on your use case). So not really much of a proposal for a solution there ibdroid.
It doesn't matter what user account makes a network request. iptables will still follow its rules.
that user looks like it’s probably a spambot…
I didn't really understand what lulcat is discussing. I'll have a look at iptables though
ye, flying-sheep is for sure a spambot.. anyway, my point way back then was that since you are in a chroot, to easily allow linux root outbound connections by some lenient (but convenient) manner, could lead to some unexpected security issues, but nevermind; it was clearly above and beyond for this discussion.
It's a bit late, but if anyone has the same problem, here is a workaround:
Figure out the user ID of an app that you will always allow internet access for (e.g. your browser). To do so, head to that app's folder like so:
cd /data/data/org.mozilla/firefox
ls -lah
Each file should be owned by the same user (e.g. u0_148). Now figure out the user's ID:
id u0_148
In my case the ID is 10148.
Now open the linuxdeploy root shell from Android Terminal Emulator (important, don't use VNC or something else that accesses the non-root user).
/data/data/ru.meefik.linuxdeploy/files/bin/linuxdeploy shell -u root
First, get the regular user's id (my username is android):
id android
My old user id is 3009 Now you need to modify your regular user's uid:
usermod -u 10148 android
And now to clean up, find all files still belonging to the old user id and chown it to the new user id:
find / -user 3009 -exec chown -h android {} \;
Now internet access for Linuxdeploy is coupled to the app chosen in the beginning.
@Dakkaron Your workaround is the only thing that helped for me in this issue (I spent hours on trying to find a way to solve this via iptables rules, in vane). It is worth noting that your procedure has to be applied to every user within the chrooted system that needs to pass Afwall. So in my case (chrooted Ubuntu Base), I needed to do the same thing with the _apt
user, otherwise apt
commands from within Ubuntu were blocked by Afwall (though apt
is invoked by root, it internally runs its commands as _apt
).
I would like to know what should be done in order for "Linux Deploy" to run properly with AFWall+ (android firewall). Is there any customized script that can make them both cooperate together? Problem is that there is no internet access for both root and android user in the chrooted linux, unless I turn off AFWall which is something I want to avoid at all cost.