Closed droilover closed 11 years ago
skullone
commented
11 years ago After a quick look at the code I see what might be going on and it's actually from the original Droidwall code if that's the case. I'll dig deeper after I release the next version to see if what I see is the issue.
skullone
commented
11 years ago Please e-mail me directly. I'd like to get more information from you about this.
skullone
commented
11 years ago Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
droilover
commented
11 years ago I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" notifications@github.com wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18688571 .
skullone
commented
11 years ago Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover notifications@github.com wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" notifications@github.com wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18770725 .
droilover
commented
11 years ago I Have a wildfire running CM based 4.1 from which I tether. I Connect to it from my note 2 which runs a 4.1 TW room and has no cell radio. I only use build in settings and just double checked. Neither root nor kernel are whitelisted on either devices and other apps that are not whitelisted and require connection don't work. So this is very strange to me. On 31 May 2013 20:51, "Jason Tschohl" notifications@github.com wrote:
Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover notifications@github.com wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" notifications@github.com wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18770725>
.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18770874 .
skullone
commented
11 years ago That is strange because even the original Droidwall required root and kernel to tether.
On Fri, May 31, 2013 at 3:58 PM, droilover notifications@github.com wrote:
I Have a wildfire running CM based 4.1 from which I tether. I Connect to it from my note 2 which runs a 4.1 TW room and has no cell radio. I only use build in settings and just double checked. Neither root nor kernel are whitelisted on either devices and other apps that are not whitelisted and require connection don't work. So this is very strange to me. On 31 May 2013 20:51, "Jason Tschohl" notifications@github.com wrote:
Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover notifications@github.com wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" notifications@github.com wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770725>
.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18770874>
.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18771198 .
droilover
commented
11 years ago It's the same with at least 4 other ROMs and other devices I had. I will test it on a xperia. Any ideas? How many ROMs have you tested it on? On 31 May 2013 21:02, "Jason Tschohl" notifications@github.com wrote:
That is strange because even the original Droidwall required root and kernel to tether.
On Fri, May 31, 2013 at 3:58 PM, droilover notifications@github.com wrote:
I Have a wildfire running CM based 4.1 from which I tether. I Connect to it from my note 2 which runs a 4.1 TW room and has no cell radio. I only use build in settings and just double checked. Neither root nor kernel are whitelisted on either devices and other apps that are not whitelisted and require connection don't work. So this is very strange to me. On 31 May 2013 20:51, "Jason Tschohl" notifications@github.com wrote:
Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover notifications@github.com wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" notifications@github.com wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770725>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770874>
.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18771198>
.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18771400 .
skullone
commented
11 years ago I have it across 4 different ROM's on my own devices and then two other tester's (Thunderbolt with 4.0.4 and SGS3 with stock 4.1.2).
On Fri, May 31, 2013 at 4:07 PM, droilover notifications@github.com wrote:
It's the same with at least 4 other ROMs and other devices I had. I will test it on a xperia. Any ideas? How many ROMs have you tested it on? On 31 May 2013 21:02, "Jason Tschohl" notifications@github.com wrote:
That is strange because even the original Droidwall required root and kernel to tether.
On Fri, May 31, 2013 at 3:58 PM, droilover notifications@github.com wrote:
I Have a wildfire running CM based 4.1 from which I tether. I Connect to it from my note 2 which runs a 4.1 TW room and has no cell radio. I only use build in settings and just double checked. Neither root nor kernel are whitelisted on either devices and other apps that are not whitelisted and require connection don't work. So this is very strange to me. On 31 May 2013 20:51, "Jason Tschohl" notifications@github.com wrote:
Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover notifications@github.com
wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" notifications@github.com wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770725>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770874>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771198>
.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18771400>
.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18771646 .
droilover
commented
11 years ago Just doesn't ad up. Any log I can send you? On 31 May 2013 21:11, "Jason Tschohl" notifications@github.com wrote:
I have it across 4 different ROM's on my own devices and then two other tester's (Thunderbolt with 4.0.4 and SGS3 with stock 4.1.2).
On Fri, May 31, 2013 at 4:07 PM, droilover notifications@github.com wrote:
It's the same with at least 4 other ROMs and other devices I had. I will test it on a xperia. Any ideas? How many ROMs have you tested it on? On 31 May 2013 21:02, "Jason Tschohl" notifications@github.com wrote:
That is strange because even the original Droidwall required root and kernel to tether.
On Fri, May 31, 2013 at 3:58 PM, droilover notifications@github.com wrote:
I Have a wildfire running CM based 4.1 from which I tether. I Connect to it from my note 2 which runs a 4.1 TW room and has no cell radio. I only use build in settings and just double checked. Neither root nor kernel are whitelisted on either devices and other apps that are not whitelisted and require connection don't work. So this is very strange to me. On 31 May 2013 20:51, "Jason Tschohl" notifications@github.com wrote:
Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover < notifications@github.com>
wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" notifications@github.com
wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770725>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770874>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771198>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771400>
.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18771646>
.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18771794 .
skullone
commented
11 years ago just output from iptables
su iptables -L
On Fri, May 31, 2013 at 4:13 PM, droilover notifications@github.com wrote:
Just doesn't ad up. Any log I can send you? On 31 May 2013 21:11, "Jason Tschohl" notifications@github.com wrote:
I have it across 4 different ROM's on my own devices and then two other tester's (Thunderbolt with 4.0.4 and SGS3 with stock 4.1.2).
On Fri, May 31, 2013 at 4:07 PM, droilover notifications@github.com wrote:
It's the same with at least 4 other ROMs and other devices I had. I will test it on a xperia. Any ideas? How many ROMs have you tested it on? On 31 May 2013 21:02, "Jason Tschohl" notifications@github.com wrote:
That is strange because even the original Droidwall required root and kernel to tether.
On Fri, May 31, 2013 at 3:58 PM, droilover notifications@github.com
wrote:
I Have a wildfire running CM based 4.1 from which I tether. I Connect to it from my note 2 which runs a 4.1 TW room and has no cell radio. I only use build in settings and just double checked. Neither root nor kernel are whitelisted on either devices and other apps that are not whitelisted and require connection don't work. So this is very strange to me. On 31 May 2013 20:51, "Jason Tschohl" notifications@github.com wrote:
Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover < notifications@github.com>
wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" < notifications@github.com>
wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770725>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770874>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771198>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771400>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771646>
.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18771794>
.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18771885 .
droilover
commented
11 years ago That's from the Note 2 On 31 May 2013 21:15, "Jason Tschohl" notifications@github.com wrote:
just output from iptables
su iptables -L
On Fri, May 31, 2013 at 4:13 PM, droilover notifications@github.com wrote:
Just doesn't ad up. Any log I can send you? On 31 May 2013 21:11, "Jason Tschohl" notifications@github.com wrote:
I have it across 4 different ROM's on my own devices and then two other tester's (Thunderbolt with 4.0.4 and SGS3 with stock 4.1.2).
On Fri, May 31, 2013 at 4:07 PM, droilover notifications@github.com wrote:
It's the same with at least 4 other ROMs and other devices I had. I will test it on a xperia. Any ideas? How many ROMs have you tested it on? On 31 May 2013 21:02, "Jason Tschohl" notifications@github.com wrote:
That is strange because even the original Droidwall required root and kernel to tether.
On Fri, May 31, 2013 at 3:58 PM, droilover < notifications@github.com>
wrote:
I Have a wildfire running CM based 4.1 from which I tether. I Connect to it from my note 2 which runs a 4.1 TW room and has no cell radio. I only use build in settings and just double checked. Neither root nor kernel are whitelisted on either devices and other apps that are not whitelisted and require connection don't work. So this is very strange to me. On 31 May 2013 20:51, "Jason Tschohl" notifications@github.com
wrote:
Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover < notifications@github.com>
wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" < notifications@github.com>
wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770725>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770874>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771198>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771400>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771646>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771794>
.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18771885>
.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18771985 .
u0_a274@android:/ $ su u0_a274@android:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
bw_INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
bw_FORWARD all -- anywhere anywhere
natctrl_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
droidwall all -- anywhere anywhere
samsung_market_policy-output all -- anywhere anywhere
bw_OUTPUT all -- anywhere anywhere
Chain bw_FORWARD (1 references) target prot opt source destination
Chain bw_INPUT (1 references)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
RETURN all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
Chain bw_OUTPUT (1 references)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
RETURN all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
Chain costly_shared (0 references)
target prot opt source destination
penalty_box all -- anywhere anywhere
Chain droidwall (1 references)
target prot opt source destination
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:484
RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-vpn all -- anywhere anywhere
droidwall-vpn all -- anywhere anywhere
droidwall-vpn all -- anywhere anywhere
droidwall-vpn all -- anywhere anywhere
droidwall-vpn all -- anywhere anywhere
Chain droidwall-3g (17 references)
target prot opt source destination
RETURN all -- anywhere anywhere owner UID match nobody
RETURN all -- anywhere anywhere owner UID match u0_a79
droidwall-reject all -- anywhere anywhere
Chain droidwall-reject (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning uid prefix "[AndroidFirewall] "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-vpn (5 references) target prot opt source destination
Chain droidwall-wifi (6 references)
target prot opt source destination
RETURN all -- anywhere anywhere owner UID match dhcp
RETURN all -- anywhere anywhere owner UID match wifi
RETURN all -- anywhere anywhere owner UID match u0_a229
RETURN all -- anywhere anywhere owner UID match u0_a286
RETURN all -- anywhere anywhere owner UID match u0_a287
RETURN all -- anywhere anywhere owner UID match u0_a17
RETURN all -- anywhere anywhere owner UID match u0_a30
RETURN all -- anywhere anywhere owner UID match u0_a246
RETURN all -- anywhere anywhere owner UID match u0_a247
RETURN all -- anywhere anywhere owner UID match u0_a81
RETURN all -- anywhere anywhere owner UID match u0_a216
RETURN all -- anywhere anywhere owner UID match u0_a16
RETURN all -- anywhere anywhere owner UID match u0_a73
RETURN all -- anywhere anywhere owner UID match u0_a240
RETURN all -- anywhere anywhere owner UID match u0_a218
RETURN all -- anywhere anywhere owner UID match u0_a114
RETURN all -- anywhere anywhere owner UID match u0_a244
RETURN all -- anywhere anywhere owner UID match u0_a187
RETURN all -- anywhere anywhere owner UID match u0_a74
RETURN all -- anywhere anywhere owner UID match u0_a284
RETURN all -- anywhere anywhere owner UID match u0_a111
RETURN all -- anywhere anywhere owner UID match u0_a79
RETURN all -- anywhere anywhere owner UID match u0_a196
RETURN all -- anywhere anywhere owner UID match u0_a249
droidwall-reject all -- anywhere anywhere
Chain natctrl_FORWARD (1 references) target prot opt source destination
Chain penalty_box (1 references) target prot opt source destination
Chain samsung_market_policy-output (1 references)
target prot opt source destination
u0_a274@android:/ #
skullone
commented
11 years ago That's correct. My only guess is maybe Samsung did something in their kernel source code to change things a bit.
On Fri, May 31, 2013 at 4:28 PM, droilover notifications@github.com wrote:
That's from the Note 2 On 31 May 2013 21:15, "Jason Tschohl" notifications@github.com wrote:
just output from iptables
su iptables -L
On Fri, May 31, 2013 at 4:13 PM, droilover notifications@github.com wrote:
Just doesn't ad up. Any log I can send you? On 31 May 2013 21:11, "Jason Tschohl" notifications@github.com wrote:
I have it across 4 different ROM's on my own devices and then two other tester's (Thunderbolt with 4.0.4 and SGS3 with stock 4.1.2).
On Fri, May 31, 2013 at 4:07 PM, droilover notifications@github.com
wrote:
It's the same with at least 4 other ROMs and other devices I had. I will test it on a xperia. Any ideas? How many ROMs have you tested it on? On 31 May 2013 21:02, "Jason Tschohl" notifications@github.com wrote:
That is strange because even the original Droidwall required root and kernel to tether.
On Fri, May 31, 2013 at 3:58 PM, droilover < notifications@github.com>
wrote:
I Have a wildfire running CM based 4.1 from which I tether. I Connect to it from my note 2 which runs a 4.1 TW room and has no cell radio. I only use build in settings and just double checked. Neither root nor kernel are whitelisted on either devices and other apps that are not whitelisted and require connection don't work. So this is very strange to me. On 31 May 2013 20:51, "Jason Tschohl" < notifications@github.com>
wrote:
Using the tethering built into Android, in my case CM10.1, root and kernel need to be allowed. Root is necessary to allow my laptop to connect. Kernel isn't 100% necessary but I find DNS lookups are faster with it enabled. This may or may not be the case with a 3rd party tool like WiFi tether.
On Fri, May 31, 2013 at 3:49 PM, droilover < notifications@github.com>
wrote:
I tether regularly and never had to allow either root nor kernel to connect to the Hotspot. I'm very confused by this statement. On 30 May 2013 15:39, "Jason Tschohl" < notifications@github.com>
wrote:
Closing this as it is not a bug. I have done a lot of testing and nothing has shown me that kernel or root are leaking. My firewall logs show kernel and root are blocked. Network Log itself when setting the option "Log behind firewall" does not show any leakage either.
I confirmed this further when I fixed Tethering. Tethering requires root and kernel. If those were leaking you would not need to allow them. In fact you cannot connect to the WiFi hotspot without allowing them.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18688571>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770725>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18770874>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771198>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771400>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771646>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771794>
.
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/20#issuecomment-18771885>
.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/20#issuecomment-18771985>
.
u0_a274@android:/ $ su u0_a274@android:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination bw_INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT) target prot opt source destination bw_FORWARD all -- anywhere anywhere natctrl_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination droidwall all -- anywhere anywhere samsung_market_policy-output all -- anywhere anywhere bw_OUTPUT all -- anywhere anywhere
Chain bw_FORWARD (1 references) target prot opt source destination
Chain bw_INPUT (1 references) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes RETURN all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain bw_OUTPUT (1 references) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes RETURN all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:484 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-vpn all -- anywhere anywhere droidwall-vpn all -- anywhere anywhere droidwall-vpn all -- anywhere anywhere droidwall-vpn all -- anywhere anywhere droidwall-vpn all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination RETURN all -- anywhere anywhere owner UID match nobody RETURN all -- anywhere anywhere owner UID match u0_a79 droidwall-reject all -- anywhere anywhere
Chain droidwall-reject (2 references) target prot opt source destination LOG all -- anywhere anywhere LOG level warning uid prefix "[AndroidFirewall] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-vpn (5 references) target prot opt source destination
Chain droidwall-wifi (6 references) target prot opt source destination RETURN all -- anywhere anywhere owner UID match dhcp RETURN all -- anywhere anywhere owner UID match wifi RETURN all -- anywhere anywhere owner UID match u0_a229 RETURN all -- anywhere anywhere owner UID match u0_a286 RETURN all -- anywhere anywhere owner UID match u0_a287 RETURN all -- anywhere anywhere owner UID match u0_a17 RETURN all -- anywhere anywhere owner UID match u0_a30 RETURN all -- anywhere anywhere owner UID match u0_a246 RETURN all -- anywhere anywhere owner UID match u0_a247 RETURN all -- anywhere anywhere owner UID match u0_a81 RETURN all -- anywhere anywhere owner UID match u0_a216 RETURN all -- anywhere anywhere owner UID match u0_a16 RETURN all -- anywhere anywhere owner UID match u0_a73 RETURN all -- anywhere anywhere owner UID match u0_a240 RETURN all -- anywhere anywhere owner UID match u0_a218 RETURN all -- anywhere anywhere owner UID match u0_a114 RETURN all -- anywhere anywhere owner UID match u0_a244 RETURN all -- anywhere anywhere owner UID match u0_a187 RETURN all -- anywhere anywhere owner UID match u0_a74 RETURN all -- anywhere anywhere owner UID match u0_a284 RETURN all -- anywhere anywhere owner UID match u0_a111 RETURN all -- anywhere anywhere owner UID match u0_a79 RETURN all -- anywhere anywhere owner UID match u0_a196 RETURN all -- anywhere anywhere owner UID match u0_a249 droidwall-reject all -- anywhere anywhere
Chain natctrl_FORWARD (1 references) target prot opt source destination
Chain penalty_box (1 references) target prot opt source destination
Chain samsung_market_policy-output (1 references) target prot opt source destination u0_a274@android:/ #
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/20#issuecomment-18772569 .
New app Network log revealed kernel and root connecting despite only playstore and download manager being whitelisted. Android firewall appears to be working normal otherwise.
Screenshot: http://imgur.com/a/eNeYZ#0
This is on Galaxy Note7000 4.1.2 UltimateXXLSZ JB ROM
Id love to find out if this ROM specific or goes deeper, in any case quite concerning.
Thank you.