Closed skullone closed 11 years ago
Mobile Data Limit breaks the AFon my Droid Razr Maxx running rooted stock 4.0.4. Turning off Mobile Data Limit re-enables firewall after I re-"apply rules" in AF
Mikey,
I need some extra information from you.
Thanks!
-Jason
On Wed, Jan 16, 2013 at 11:00 PM, mikeymcmikenson notifications@github.comwrote:
Mobile Data Limit breaks the AFon my Droid Razr Maxx running rooted stock 4.0.4. Turning off Mobile Data Limit re-enables firewall after I re-"apply rules" in AF
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-12353547.
Jason,
Here you go. The first iptables is without mobile data little enabled and the second is with mobile data limit enabled.
Mike
Qapp_210@cdma_spyder:/ $ su root@cdma_spyder:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP) target prot opt source destination oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes oem_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists droidwall all -- anywhere anywhere
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_109 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_110 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_134 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000 oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match log ACCEPT all -- anywhere anywhere owner UID match shell ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (1 references) target prot opt source destination REJECT all -- anywhere anywhere owner UID match app_205 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_197 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_196 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_190 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_175 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_168 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_125 reject-with icmp-net-prohibited root@cdma_spyder:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes costly_rmnet1 all -- anywhere anywhere [goto] costly_rmnet0 all -- anywhere anywhere [goto] ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP) target prot opt source destination oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes costly_rmnet1 all -- anywhere anywhere [goto] costly_rmnet0 all -- anywhere anywhere [goto] oem_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists droidwall all -- anywhere anywhere
Chain costly_rmnet0 (2 references) target prot opt source destination REJECT all -- anywhere anywhere ! quota rmnet0: 3813511388 bytes reject-with icmp-net-prohibited penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain costly_rmnet1 (2 references) target prot opt source destination REJECT all -- anywhere anywhere ! quota rmnet1: 3813511388 bytes reject-with icmp-net-prohibited penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_109 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_110 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_134 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000 oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match log ACCEPT all -- anywhere anywhere owner UID match shell ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (3 references) target prot opt source destination REJECT all -- anywhere anywhere owner UID match app_205 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_197 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_196 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_190 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_175 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_168 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_125 reject-with icmp-net-prohibited root@cdma_spyder:/ #
-----Original Message-----
From: Jason Tschohl Sent: 17 Jan 2013 12:00:19 GMT To: skullone/android_firewall Cc: mikeymcmikenson Subject: Re: [android_firewall] Mobile Data Limit bypassing AF rules on some devices (#9)
Mikey,
I need some extra information from you.
Thanks!
-Jason
On Wed, Jan 16, 2013 at 11:00 PM, mikeymcmikenson notifications@github.comwrote:
Mobile Data Limit breaks the AFon my Droid Razr Maxx running rooted stock 4.0.4. Turning off Mobile Data Limit re-enables firewall after I re-"apply rules" in AF
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-12353547.
Reply to this email directly or view it on GitHub: https://github.com/skullone/android_firewall/issues/9#issuecomment-12365118
Thanks Mikey. That's what I'm looking for.
Can you send me the output from this command as well? Same way you did the other one. So I need the data with the firewall enabled and data limit on and data limit off.
iptables --list OUTPUT --verbose
Thanks!
-Jason
On Sat, Jan 19, 2013 at 7:10 PM, mikeymcmikenson notifications@github.comwrote:
Jason,
Here you go. The first iptables is without mobile data little enabled and the second is with mobile data limit enabled.
Mike
Qapp_210@cdma_spyder:/ $ su root@cdma_spyder:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP) target prot opt source destination oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes oem_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists droidwall all -- anywhere anywhere
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_109 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_110 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_134 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000 oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match log ACCEPT all -- anywhere anywhere owner UID match shell ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (1 references) target prot opt source destination REJECT all -- anywhere anywhere owner UID match app_205 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_197 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_196 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_190 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_175 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_168 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_125 reject-with icmp-net-prohibited root@cdma_spyder:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes costly_rmnet1 all -- anywhere anywhere [goto] costly_rmnet0 all -- anywhere anywhere [goto] ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP) target prot opt source destination oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes costly_rmnet1 all -- anywhere anywhere [goto] costly_rmnet0 all -- anywhere anywhere [goto] oem_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists droidwall all -- anywhere anywhere
Chain costly_rmnet0 (2 references) target prot opt source destination REJECT all -- anywhere anywhere ! quota rmnet0: 3813511388 bytes reject-with icmp-net-prohibited penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain costly_rmnet1 (2 references) target prot opt source destination REJECT all -- anywhere anywhere ! quota rmnet1: 3813511388 bytes reject-with icmp-net-prohibited penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_109 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_110 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_134 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000 oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match log ACCEPT all -- anywhere anywhere owner UID match shell ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (3 references) target prot opt source destination REJECT all -- anywhere anywhere owner UID match app_205 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_197 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_196 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_190 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_175 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_168 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_125 reject-with icmp-net-prohibited root@cdma_spyder:/ #
-----Original Message-----
From: Jason Tschohl Sent: 17 Jan 2013 12:00:19 GMT To: skullone/android_firewall Cc: mikeymcmikenson Subject: Re: [android_firewall] Mobile Data Limit bypassing AF rules on some devices (#9)
Mikey,
I need some extra information from you.
- Install terminal emulator if you don't already have it. You can get it off the Play Store here: https://play.google.com/store/apps/details?id=jackpal.androidterm
- Disable Mobile Data Limit.
- Enable the firewall. 4 Open terminal emulator.
- Type su and hit enter. Terminal emulator will ask for root access. Grant it root access.
- type iptables -L and hit enter. Send me that output. Terminal Emulator has the ability to send that information through e-mail.
- Enable Mobile Data Limit.
- Repeat step 6.
Thanks!
-Jason
On Wed, Jan 16, 2013 at 11:00 PM, mikeymcmikenson notifications@github.comwrote:
Mobile Data Limit breaks the AFon my Droid Razr Maxx running rooted stock 4.0.4. Turning off Mobile Data Limit re-enables firewall after I re-"apply rules" in AF
Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/9#issuecomment-12353547>.
Reply to this email directly or view it on GitHub: https://github.com/skullone/android_firewall/issues/9#issuecomment-12365118
Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-12463630.
Mobile data limit on, then off: (ps this is a problem that has existed since droidwall. I checked it too)
app_210@cdma_spyder:/ $ su root@cdma_spyder:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP) target prot opt source destination oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes oem_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists droidwall all -- anywhere anywhere
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_109 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_110 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_134 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000 oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match log ACCEPT all -- anywhere anywhere owner UID match shell ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (1 references) target prot opt source destination REJECT all -- anywhere anywhere owner UID match app_205 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_197 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_196 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_190 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_175 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_168 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_125 reject-with icmp-net-prohibited root@cdma_spyder:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes costly_rmnet1 all -- anywhere anywhere [goto] costly_rmnet0 all -- anywhere anywhere [goto] ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP) target prot opt source destination oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes costly_rmnet1 all -- anywhere anywhere [goto] costly_rmnet0 all -- anywhere anywhere [goto] oem_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists droidwall all -- anywhere anywhere
Chain costly_rmnet0 (2 references) target prot opt source destination REJECT all -- anywhere anywhere ! quota rmnet0: 3813511388 bytes reject-with icmp-net-prohibited penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain costly_rmnet1 (2 references) target prot opt source destination REJECT all -- anywhere anywhere ! quota rmnet1: 3813511388 bytes reject-with icmp-net-prohibited penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_109 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_110 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_134 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 oem_out_wrigley all -- anywhere 192.168.157.2
su root@cdma_spyder:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 41 2054 all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 67589 5651K oem_out all -- any any anywhere anywhere 1246 117K ACCEPT all -- any lo anywhere anywhere 64256 5239K all -- any any anywhere anywhere owner socket exists 64752 5289K droidwall all -- any any anywhere anywhere root@cdma_spyder:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 41 2054 all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 0 0 costly_rmnet1 all -- any rmnet1 anywhere anywhere [goto] 0 0 costly_rmnet0 all -- any rmnet0 anywhere anywhere [goto] 67607 5653K oem_out all -- any any anywhere anywhere 1246 117K ACCEPT all -- any lo anywhere anywhere 64274 5241K all -- any any anywhere anywhere owner socket exists 64770 5290K droidwall all -- any any anywhere anywhere root@cdma_spyder:/ #
-----Original Message-----
From: Jason Tschohl Sent: 20 Jan 2013 01:00:41 GMT To: skullone/android_firewall Cc: mikeymcmikenson Subject: Re: [android_firewall] Mobile Data Limit bypassing AF rules on some devices (#9)
Thanks Mikey. That's what I'm looking for.
Can you send me the output from this command as well? Same way you did the other one. So I need the data with the firewall enabled and data limit on and data limit off.
iptables --list OUTPUT --verbose
Thanks!
-Jason
On Sat, Jan 19, 2013 at 7:10 PM, mikeymcmikenson notifications@github.comwrote:
Jason,
Here you go. The first iptables is without mobile data little enabled and the second is with mobile data limit enabled.
Mike
Qapp_210@cdma_spyder:/ $ su root@cdma_spyder:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP) target prot opt source destination oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes oem_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists droidwall all -- anywhere anywhere
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_109 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_110 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_134 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000 oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match log ACCEPT all -- anywhere anywhere owner UID match shell ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (1 references) target prot opt source destination REJECT all -- anywhere anywhere owner UID match app_205 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_197 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_196 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_190 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_175 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_168 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_125 reject-with icmp-net-prohibited root@cdma_spyder:/ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes costly_rmnet1 all -- anywhere anywhere [goto] costly_rmnet0 all -- anywhere anywhere [goto] ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP) target prot opt source destination oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination all -- anywhere anywhere ! quota globalAlert: 2097152 bytes costly_rmnet1 all -- anywhere anywhere [goto] costly_rmnet0 all -- anywhere anywhere [goto] oem_out all -- anywhere anywhere ACCEPT all -- anywhere anywhere all -- anywhere anywhere owner socket exists droidwall all -- anywhere anywhere
Chain costly_rmnet0 (2 references) target prot opt source destination REJECT all -- anywhere anywhere ! quota rmnet0: 3813511388 bytes reject-with icmp-net-prohibited penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain costly_rmnet1 (2 references) target prot opt source destination REJECT all -- anywhere anywhere ! quota rmnet1: 3813511388 bytes reject-with icmp-net-prohibited penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain costly_shared (0 references) target prot opt source destination penalty_box all -- anywhere anywhere all -- anywhere anywhere owner socket exists ACCEPT all -- anywhere anywhere
Chain droidwall (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-3g all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_109 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_110 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references) target prot opt source destination droidwall-reject all -- anywhere anywhere owner UID match app_134 droidwall-reject all -- anywhere anywhere owner UID match app_68 droidwall-reject all -- anywhere anywhere owner UID match app_31 droidwall-reject all -- anywhere anywhere owner UID match app_200 droidwall-reject all -- anywhere anywhere owner UID match app_164 droidwall-reject all -- anywhere anywhere owner UID match app_120 droidwall-reject all -- anywhere anywhere owner UID match app_165 droidwall-reject all -- anywhere anywhere owner UID match app_80 droidwall-reject all -- anywhere anywhere owner UID match app_163 droidwall-reject all -- anywhere anywhere owner UID match app_17 droidwall-reject all -- anywhere anywhere owner UID match app_161 droidwall-reject all -- anywhere anywhere owner UID match app_168 droidwall-reject all -- anywhere anywhere owner UID match app_53 droidwall-reject all -- anywhere anywhere owner UID match app_52 droidwall-reject all -- anywhere anywhere owner UID match app_75 droidwall-reject all -- anywhere anywhere owner UID match app_201 droidwall-reject all -- anywhere anywhere owner UID match app_84 droidwall-reject all -- anywhere anywhere owner UID match app_197 droidwall-reject all -- anywhere anywhere owner UID match app_204 droidwall-reject all -- anywhere anywhere owner UID match app_192 droidwall-reject all -- anywhere anywhere owner UID match app_210 droidwall-reject all -- anywhere anywhere owner UID match app_92 droidwall-reject all -- anywhere anywhere owner UID match app_55 droidwall-reject all -- anywhere anywhere owner UID match app_95 droidwall-reject all -- anywhere anywhere owner UID match app_94 droidwall-reject all -- anywhere anywhere owner UID match app_154 droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references) target prot opt source destination FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444 oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references) target prot opt source destination FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267 FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456 oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000 oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match log ACCEPT all -- anywhere anywhere owner UID match shell ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID match root ACCEPT all -- anywhere anywhere owner UID match radio ACCEPT all -- anywhere anywhere owner UID match mot_tcmd REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (3 references) target prot opt source destination REJECT all -- anywhere anywhere owner UID match app_205 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_197 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_196 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_190 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_175 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_168 reject-with icmp-net-prohibited REJECT all -- anywhere anywhere owner UID match app_125 reject-with icmp-net-prohibited root@cdma_spyder:/ #
-----Original Message-----
From: Jason Tschohl Sent: 17 Jan 2013 12:00:19 GMT To: skullone/android_firewall Cc: mikeymcmikenson Subject: Re: [android_firewall] Mobile Data Limit bypassing AF rules on some devices (#9)
Mikey,
I need some extra information from you.
- Install terminal emulator if you don't already have it. You can get it off the Play Store here: https://play.google.com/store/apps/details?id=jackpal.androidterm
- Disable Mobile Data Limit.
- Enable the firewall. 4 Open terminal emulator.
- Type su and hit enter. Terminal emulator will ask for root access. Grant it root access.
- type iptables -L and hit enter. Send me that output. Terminal Emulator has the ability to send that information through e-mail.
- Enable Mobile Data Limit.
- Repeat step 6.
Thanks!
-Jason
On Wed, Jan 16, 2013 at 11:00 PM, mikeymcmikenson notifications@github.comwrote:
Mobile Data Limit breaks the AFon my Droid Razr Maxx running rooted stock 4.0.4. Turning off Mobile Data Limit re-enables firewall after I re-"apply rules" in AF
Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/9#issuecomment-12353547>.
Reply to this email directly or view it on GitHub: https://github.com/skullone/android_firewall/issues/9#issuecomment-12365118
Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-12463630.
Reply to this email directly or view it on GitHub: https://github.com/skullone/android_firewall/issues/9#issuecomment-12464168
Correction: that output i sent was with mobile data limit off, then mobile data limit on
Date: Sat, 19 Jan 2013 17:00:40 -0800 From: notifications@github.com To: android_firewall@noreply.github.com CC: mikeymcmikenson@hotmail.com Subject: Re: [android_firewall] Mobile Data Limit bypassing AF rules on some devices (#9)
Thanks Mikey. That's what I'm looking for.
Can you send me the output from this command as well? Same way you did the
other one. So I need the data with the firewall enabled and data limit on
and data limit off.
iptables --list OUTPUT --verbose
Thanks!
-Jason
On Sat, Jan 19, 2013 at 7:10 PM, mikeymcmikenson
notifications@github.comwrote:
Jason,
Here you go. The first iptables is without mobile data little enabled and
the second is with mobile data limit enabled.
Mike
Qapp_210@cdma_spyder:/ $ su
root@cdma_spyder:/ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
ACCEPT all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP)
target prot opt source destination
oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
oem_out all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
droidwall all -- anywhere anywhere
Chain costly_shared (0 references)
target prot opt source destination
penalty_box all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
ACCEPT all -- anywhere anywhere
Chain droidwall (1 references)
target prot opt source destination
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references)
target prot opt source destination
droidwall-reject all -- anywhere anywhere owner UID match app_109
droidwall-reject all -- anywhere anywhere owner UID match app_154
droidwall-reject all -- anywhere anywhere owner UID match app_94
droidwall-reject all -- anywhere anywhere owner UID match app_95
droidwall-reject all -- anywhere anywhere owner UID match app_55
droidwall-reject all -- anywhere anywhere owner UID match app_92
droidwall-reject all -- anywhere anywhere owner UID match app_210
droidwall-reject all -- anywhere anywhere owner UID match app_192
droidwall-reject all -- anywhere anywhere owner UID match app_204
droidwall-reject all -- anywhere anywhere owner UID match app_197
droidwall-reject all -- anywhere anywhere owner UID match app_84
droidwall-reject all -- anywhere anywhere owner UID match app_201
droidwall-reject all -- anywhere anywhere owner UID match app_75
droidwall-reject all -- anywhere anywhere owner UID match app_52
droidwall-reject all -- anywhere anywhere owner UID match app_53
droidwall-reject all -- anywhere anywhere owner UID match app_168
droidwall-reject all -- anywhere anywhere owner UID match app_161
droidwall-reject all -- anywhere anywhere owner UID match app_17
droidwall-reject all -- anywhere anywhere owner UID match app_110
droidwall-reject all -- anywhere anywhere owner UID match app_163
droidwall-reject all -- anywhere anywhere owner UID match app_80
droidwall-reject all -- anywhere anywhere owner UID match app_165
droidwall-reject all -- anywhere anywhere owner UID match app_120
droidwall-reject all -- anywhere anywhere owner UID match app_164
droidwall-reject all -- anywhere anywhere owner UID match app_200
droidwall-reject all -- anywhere anywhere owner UID match app_31
droidwall-reject all -- anywhere anywhere owner UID match app_68
droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references)
target prot opt source destination
droidwall-reject all -- anywhere anywhere owner UID match app_134
droidwall-reject all -- anywhere anywhere owner UID match app_68
droidwall-reject all -- anywhere anywhere owner UID match app_31
droidwall-reject all -- anywhere anywhere owner UID match app_200
droidwall-reject all -- anywhere anywhere owner UID match app_164
droidwall-reject all -- anywhere anywhere owner UID match app_120
droidwall-reject all -- anywhere anywhere owner UID match app_165
droidwall-reject all -- anywhere anywhere owner UID match app_80
droidwall-reject all -- anywhere anywhere owner UID match app_163
droidwall-reject all -- anywhere anywhere owner UID match app_17
droidwall-reject all -- anywhere anywhere owner UID match app_161
droidwall-reject all -- anywhere anywhere owner UID match app_168
droidwall-reject all -- anywhere anywhere owner UID match app_53
droidwall-reject all -- anywhere anywhere owner UID match app_52
droidwall-reject all -- anywhere anywhere owner UID match app_75
droidwall-reject all -- anywhere anywhere owner UID match app_201
droidwall-reject all -- anywhere anywhere owner UID match app_84
droidwall-reject all -- anywhere anywhere owner UID match app_197
droidwall-reject all -- anywhere anywhere owner UID match app_204
droidwall-reject all -- anywhere anywhere owner UID match app_192
droidwall-reject all -- anywhere anywhere owner UID match app_210
droidwall-reject all -- anywhere anywhere owner UID match app_92
droidwall-reject all -- anywhere anywhere owner UID match app_55
droidwall-reject all -- anywhere anywhere owner UID match app_95
droidwall-reject all -- anywhere anywhere owner UID match app_94
droidwall-reject all -- anywhere anywhere owner UID match app_154
droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references)
target prot opt source destination
FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444
REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references)
target prot opt source destination
FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444
oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references)
target prot opt source destination
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000
oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner UID match root
ACCEPT all -- anywhere anywhere owner UID match radio
ACCEPT all -- anywhere anywhere owner UID match log
ACCEPT all -- anywhere anywhere owner UID match shell
ACCEPT all -- anywhere anywhere owner UID match mot_tcmd
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner UID match root
ACCEPT all -- anywhere anywhere owner UID match radio
ACCEPT all -- anywhere anywhere owner UID match mot_tcmd
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (1 references)
target prot opt source destination
REJECT all -- anywhere anywhere owner UID match app_205 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_197 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_196 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_190 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_175 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_168 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_125 reject-with
icmp-net-prohibited
root@cdma_spyder:/ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
costly_rmnet1 all -- anywhere anywhere [goto]
costly_rmnet0 all -- anywhere anywhere [goto]
ACCEPT all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
Chain FORWARD (policy DROP)
target prot opt source destination
oem_fwd all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
costly_rmnet1 all -- anywhere anywhere [goto]
costly_rmnet0 all -- anywhere anywhere [goto]
oem_out all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
droidwall all -- anywhere anywhere
Chain costly_rmnet0 (2 references)
target prot opt source destination
REJECT all -- anywhere anywhere ! quota rmnet0: 3813511388 bytes
reject-with icmp-net-prohibited
penalty_box all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
ACCEPT all -- anywhere anywhere
Chain costly_rmnet1 (2 references)
target prot opt source destination
REJECT all -- anywhere anywhere ! quota rmnet1: 3813511388 bytes
reject-with icmp-net-prohibited
penalty_box all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
ACCEPT all -- anywhere anywhere
Chain costly_shared (0 references)
target prot opt source destination
penalty_box all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
ACCEPT all -- anywhere anywhere
Chain droidwall (1 references)
target prot opt source destination
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
RETURN udp -- anywhere anywhere owner UID match root udp dpt:domain
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-3g all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
droidwall-wifi all -- anywhere anywhere
Chain droidwall-3g (17 references)
target prot opt source destination
droidwall-reject all -- anywhere anywhere owner UID match app_109
droidwall-reject all -- anywhere anywhere owner UID match app_154
droidwall-reject all -- anywhere anywhere owner UID match app_94
droidwall-reject all -- anywhere anywhere owner UID match app_95
droidwall-reject all -- anywhere anywhere owner UID match app_55
droidwall-reject all -- anywhere anywhere owner UID match app_92
droidwall-reject all -- anywhere anywhere owner UID match app_210
droidwall-reject all -- anywhere anywhere owner UID match app_192
droidwall-reject all -- anywhere anywhere owner UID match app_204
droidwall-reject all -- anywhere anywhere owner UID match app_197
droidwall-reject all -- anywhere anywhere owner UID match app_84
droidwall-reject all -- anywhere anywhere owner UID match app_201
droidwall-reject all -- anywhere anywhere owner UID match app_75
droidwall-reject all -- anywhere anywhere owner UID match app_52
droidwall-reject all -- anywhere anywhere owner UID match app_53
droidwall-reject all -- anywhere anywhere owner UID match app_168
droidwall-reject all -- anywhere anywhere owner UID match app_161
droidwall-reject all -- anywhere anywhere owner UID match app_17
droidwall-reject all -- anywhere anywhere owner UID match app_110
droidwall-reject all -- anywhere anywhere owner UID match app_163
droidwall-reject all -- anywhere anywhere owner UID match app_80
droidwall-reject all -- anywhere anywhere owner UID match app_165
droidwall-reject all -- anywhere anywhere owner UID match app_120
droidwall-reject all -- anywhere anywhere owner UID match app_164
droidwall-reject all -- anywhere anywhere owner UID match app_200
droidwall-reject all -- anywhere anywhere owner UID match app_31
droidwall-reject all -- anywhere anywhere owner UID match app_68
droidwall-reject all -- anywhere anywhere owner UID match app_134
Chain droidwall-reject (55 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain droidwall-wifi (6 references)
target prot opt source destination
droidwall-reject all -- anywhere anywhere owner UID match app_134
droidwall-reject all -- anywhere anywhere owner UID match app_68
droidwall-reject all -- anywhere anywhere owner UID match app_31
droidwall-reject all -- anywhere anywhere owner UID match app_200
droidwall-reject all -- anywhere anywhere owner UID match app_164
droidwall-reject all -- anywhere anywhere owner UID match app_120
droidwall-reject all -- anywhere anywhere owner UID match app_165
droidwall-reject all -- anywhere anywhere owner UID match app_80
droidwall-reject all -- anywhere anywhere owner UID match app_163
droidwall-reject all -- anywhere anywhere owner UID match app_17
droidwall-reject all -- anywhere anywhere owner UID match app_161
droidwall-reject all -- anywhere anywhere owner UID match app_168
droidwall-reject all -- anywhere anywhere owner UID match app_53
droidwall-reject all -- anywhere anywhere owner UID match app_52
droidwall-reject all -- anywhere anywhere owner UID match app_75
droidwall-reject all -- anywhere anywhere owner UID match app_201
droidwall-reject all -- anywhere anywhere owner UID match app_84
droidwall-reject all -- anywhere anywhere owner UID match app_197
droidwall-reject all -- anywhere anywhere owner UID match app_204
droidwall-reject all -- anywhere anywhere owner UID match app_192
droidwall-reject all -- anywhere anywhere owner UID match app_210
droidwall-reject all -- anywhere anywhere owner UID match app_92
droidwall-reject all -- anywhere anywhere owner UID match app_55
droidwall-reject all -- anywhere anywhere owner UID match app_95
droidwall-reject all -- anywhere anywhere owner UID match app_94
droidwall-reject all -- anywhere anywhere owner UID match app_154
droidwall-reject all -- anywhere anywhere owner UID match app_109
Chain oem_fwd (1 references)
target prot opt source destination
FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444
REJECT all -- anywhere 192.168.157.2 reject-with icmp-port-unreachable
Chain oem_out (1 references)
target prot opt source destination
FIX ME! implement getnetbyaddr() bionic/libc/bionic/stubs.c:444
oem_out_wrigley all -- anywhere 192.168.157.2
Chain oem_out_wrigley (1 references)
target prot opt source destination
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3265
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:3267
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
oem_out_wrigley_sens tcp -- anywhere anywhere tcp dpt:11000
oem_out_wrigley_other all -- anywhere anywhere
Chain oem_out_wrigley_other (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner UID match root
ACCEPT all -- anywhere anywhere owner UID match radio
ACCEPT all -- anywhere anywhere owner UID match log
ACCEPT all -- anywhere anywhere owner UID match shell
ACCEPT all -- anywhere anywhere owner UID match mot_tcmd
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain oem_out_wrigley_sens (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner UID match root
ACCEPT all -- anywhere anywhere owner UID match radio
ACCEPT all -- anywhere anywhere owner UID match mot_tcmd
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain penalty_box (3 references)
target prot opt source destination
REJECT all -- anywhere anywhere owner UID match app_205 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_197 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_196 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_190 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_175 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_168 reject-with
icmp-net-prohibited
REJECT all -- anywhere anywhere owner UID match app_125 reject-with
icmp-net-prohibited
root@cdma_spyder:/ #
-----Original Message-----
From: Jason Tschohl
Sent: 17 Jan 2013 12:00:19 GMT
To: skullone/android_firewall
Cc: mikeymcmikenson
Subject: Re: [android_firewall] Mobile Data Limit bypassing AF rules on
some devices (#9)
Mikey,
I need some extra information from you.
- Install terminal emulator if you don't already have it. You can get it
off the Play Store here:
https://play.google.com/store/apps/details?id=jackpal.androidterm
- Disable Mobile Data Limit.
- Enable the firewall.
4 Open terminal emulator.
- Type su and hit enter. Terminal emulator will ask for root access.
Grant it root access.
- type iptables -L and hit enter. Send me that output. Terminal
Emulator has the ability to send that information through e-mail.
- Enable Mobile Data Limit.
- Repeat step 6.
Thanks!
-Jason
On Wed, Jan 16, 2013 at 11:00 PM, mikeymcmikenson
notifications@github.comwrote:
Mobile Data Limit breaks the AFon my Droid Razr Maxx running rooted
stock
4.0.4. Turning off Mobile Data Limit re-enables firewall after I
re-"apply
rules" in AF
Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/9#issuecomment-12353547>.
Reply to this email directly or view it on GitHub:
https://github.com/skullone/android_firewall/issues/9#issuecomment-12365118
Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-12463630.
Reply to this email directly or view it on GitHub.
Has there been any progress in this area? I have an Xperia arc with 4.0.4 rooted and I'm having the same problem. When I enable the data limit, the firewall doesn't work anymore. Like @mikeymcmikenson said, this problem has excited since Droidwall, and I changed to this app because the problem was fixed here. I'm glad to see that there is a lot more development for this app, but I really would like to see this fixed...
I'm still investigating. This doesn't affect all phones. My Galaxy Nexus running CM10.1 does not have this issue. Neither does a buddies SGS3 that is stock rooted.
It doesn't appear that the Android source code does anything to iptables so I need to talk to a few devs who do AOSP ROM's to dig deeper.
On Wed, Feb 13, 2013 at 10:17 PM, Felipe Castillo notifications@github.comwrote:
Has there been any progress in this area? I have an Xperia arc with 4.0.4 rooted and I'm having the same problem. When I enable the data limit, the firewall doesn't work anymore. Like @mikeymcmikensonhttps://github.com/mikeymcmikensonsaid, this problem has excited since Droidwall, and I changed to this app because the problem was fixed here. I'm glad to see that there is a lot more development for this app, but I really would like to see this fixed...
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-13531283.
I'm using this custom ROM btw: http://forum.xda-developers.com/showthread.php?t=1920207 Maybe you could talk to that developer, jader13254. Here's his profile: http://forum.xda-developers.com/member.php?u=4659188
Can you please send me the output from this command in terminal emulator? I need it with both Mobile Data limit enabled and disabled. Make sure the firewall is enabled as well.
iptables --list OUTPUT --verbose
On Wed, Feb 13, 2013 at 10:31 PM, Felipe Castillo notifications@github.comwrote:
I'm using this custom ROM btw: http://forum.xda-developers.com/showthread.php?t=1920207 Maybe you could talk to that developer, jader13254. Here's his profile: http://forum.xda-developers.com/member.php?u=4659188
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-13531589.
Here's both outputs, they look almost identical to me
Data Limit ON: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13588 packets, 889K bytes) pkts bytes target prot opt in out source destination 13188 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17289 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29788 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32764 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36678 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37636 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37682 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39030 3939K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39960 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41174 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41701 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42631 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44328 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44340 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45327 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48145 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48315 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48342 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
Data Limit OFF: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13537 packets, 882K bytes) pkts bytes target prot opt in out source destination 13187 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17288 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29787 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32763 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36677 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37635 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37681 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39029 3938K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39959 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41173 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41700 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42630 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44327 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44339 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45326 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48144 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48314 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48341 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
They are about 99% identical. The only difference is in the packets and bytes.
Are you running any other bandwidth monitoring software or a proxy for ad blocking of some sort?
I have no clue why in the world you have all those loopback rules or why there's even a rule for "all -- any any anywhere anywhere". That doesn't exist in stock Android. I have a fully stock Nexus S with 4.1.2 and none of that is there. It's not there on my CM10.1 Galaxy Nexus either. It's not even on my old Thunderbolt running stock 2.3.4 with LeanKernel.
On Thu, Feb 14, 2013 at 10:28 AM, Felipe Castillo notifications@github.comwrote:
Here's both outputs, they look almost identical to me
Data Limit ON: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13588 packets, 889K bytes)
pkts bytes target prot opt in out source destination 13188 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17289 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29788 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32764 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36678 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37636 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37682 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39030 3939K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39960 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41174 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41701 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42631 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44328 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44340 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45327 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48145 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48315 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48342 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
Data Limit OFF: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13537 packets, 882K bytes)
pkts bytes target prot opt in out source destination 13187 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17288 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29787 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32763 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36677 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37635 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37681 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39029 3938K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39959 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41173 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41700 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42630 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44327 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44339 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45326 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48144 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48314 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48341 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-13555593.
I don't use ad block software, that's what android firewall is for :-) I have no idea either, I don't know why they're there. If you want me to try to disable some rules or any further testing just let me know, I'll be happy to do it On Feb 14, 2013 10:57 AM, "Jason Tschohl" notifications@github.com wrote:
They are about 99% identical. The only difference is in the packets and bytes.
Are you running any other bandwidth monitoring software or a proxy for ad blocking of some sort?
I have no clue why in the world you have all those loopback rules or why there's even a rule for "all -- any any anywhere anywhere". That doesn't exist in stock Android. I have a fully stock Nexus S with 4.1.2 and none of that is there. It's not there on my CM10.1 Galaxy Nexus either. It's not even on my old Thunderbolt running stock 2.3.4 with LeanKernel.
On Thu, Feb 14, 2013 at 10:28 AM, Felipe Castillo notifications@github.comwrote:
Here's both outputs, they look almost identical to me
Data Limit ON: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13588 packets, 889K bytes)
pkts bytes target prot opt in out source destination 13188 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17289 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29788 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32764 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36678 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37636 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37682 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39030 3939K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39960 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41174 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41701 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42631 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44328 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44340 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45327 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48145 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48315 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48342 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
Data Limit OFF: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13537 packets, 882K bytes)
pkts bytes target prot opt in out source destination 13187 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17288 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29787 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32763 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36677 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37635 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37681 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39029 3938K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39959 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41173 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41700 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42630 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44327 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44339 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45326 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48144 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48314 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48341 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/9#issuecomment-13555593>.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-13558631.
Do you have any other bandwidth monitor software installed? I know there are at least one or two on the Play Store that use iptables and can override AF's rules.
On Thu, Feb 14, 2013 at 11:03 AM, Felipe Castillo notifications@github.comwrote:
I don't use ad block software, that's what android firewall is for :-) I have no idea either, I don't know why they're there. If you want me to try to disable some rules or any further testing just let me know, I'll be happy to do it On Feb 14, 2013 10:57 AM, "Jason Tschohl" notifications@github.com wrote:
They are about 99% identical. The only difference is in the packets and bytes.
Are you running any other bandwidth monitoring software or a proxy for ad blocking of some sort?
I have no clue why in the world you have all those loopback rules or why there's even a rule for "all -- any any anywhere anywhere". That doesn't exist in stock Android. I have a fully stock Nexus S with 4.1.2 and none of that is there. It's not there on my CM10.1 Galaxy Nexus either. It's not even on my old Thunderbolt running stock 2.3.4 with LeanKernel.
On Thu, Feb 14, 2013 at 10:28 AM, Felipe Castillo notifications@github.comwrote:
Here's both outputs, they look almost identical to me
Data Limit ON: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13588 packets, 889K bytes)
pkts bytes target prot opt in out source destination 13188 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17289 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29788 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32764 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36678 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37636 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37682 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39030 3939K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39960 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41174 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41701 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42631 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44328 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44340 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45327 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48145 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48315 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48342 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
Data Limit OFF: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13537 packets, 882K bytes)
pkts bytes target prot opt in out source destination 13187 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17288 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29787 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32763 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36677 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37635 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37681 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39029 3938K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39959 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41173 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41700 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42630 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44327 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44339 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45326 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48144 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48314 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48341 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/9#issuecomment-13555593>.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/9#issuecomment-13558631>.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-13559238.
Just to let you know I e-mailed Jader yesterday. He's on vacation though according to his thread. Once I hear back I will update you.
On Thu, Feb 14, 2013 at 11:07 AM, Jason Tschohl jtschohl@gmail.com wrote:
Do you have any other bandwidth monitor software installed? I know there are at least one or two on the Play Store that use iptables and can override AF's rules.
On Thu, Feb 14, 2013 at 11:03 AM, Felipe Castillo < notifications@github.com> wrote:
I don't use ad block software, that's what android firewall is for :-) I have no idea either, I don't know why they're there. If you want me to try to disable some rules or any further testing just let me know, I'll be happy to do it On Feb 14, 2013 10:57 AM, "Jason Tschohl" notifications@github.com wrote:
They are about 99% identical. The only difference is in the packets and bytes.
Are you running any other bandwidth monitoring software or a proxy for ad blocking of some sort?
I have no clue why in the world you have all those loopback rules or why there's even a rule for "all -- any any anywhere anywhere". That doesn't exist in stock Android. I have a fully stock Nexus S with 4.1.2 and none of that is there. It's not there on my CM10.1 Galaxy Nexus either. It's not even on my old Thunderbolt running stock 2.3.4 with LeanKernel.
On Thu, Feb 14, 2013 at 10:28 AM, Felipe Castillo notifications@github.comwrote:
Here's both outputs, they look almost identical to me
Data Limit ON: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13588 packets, 889K bytes)
pkts bytes target prot opt in out source destination 13188 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17289 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29788 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32764 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36678 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37636 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37682 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39030 3939K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39960 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41174 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41701 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42631 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44328 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44340 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45327 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48145 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48315 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48342 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
Data Limit OFF: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13537 packets, 882K bytes)
pkts bytes target prot opt in out source destination 13187 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17288 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29787 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32763 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36677 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37635 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37681 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39029 3938K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39959 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41173 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41700 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42630 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44327 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44339 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45326 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48144 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48314 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48341 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/9#issuecomment-13555593>.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/9#issuecomment-13558631>.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-13559238.
I have received a response from Jader. We are digging deeper to try to see what's going on.
On Fri, Feb 15, 2013 at 7:49 PM, Jason Tschohl jtschohl@gmail.com wrote:
Just to let you know I e-mailed Jader yesterday. He's on vacation though according to his thread. Once I hear back I will update you.
On Thu, Feb 14, 2013 at 11:07 AM, Jason Tschohl jtschohl@gmail.comwrote:
Do you have any other bandwidth monitor software installed? I know there are at least one or two on the Play Store that use iptables and can override AF's rules.
On Thu, Feb 14, 2013 at 11:03 AM, Felipe Castillo < notifications@github.com> wrote:
I don't use ad block software, that's what android firewall is for :-) I have no idea either, I don't know why they're there. If you want me to try to disable some rules or any further testing just let me know, I'll be happy to do it On Feb 14, 2013 10:57 AM, "Jason Tschohl" notifications@github.com wrote:
They are about 99% identical. The only difference is in the packets and bytes.
Are you running any other bandwidth monitoring software or a proxy for ad blocking of some sort?
I have no clue why in the world you have all those loopback rules or why there's even a rule for "all -- any any anywhere anywhere". That doesn't exist in stock Android. I have a fully stock Nexus S with 4.1.2 and none of that is there. It's not there on my CM10.1 Galaxy Nexus either. It's not even on my old Thunderbolt running stock 2.3.4 with LeanKernel.
On Thu, Feb 14, 2013 at 10:28 AM, Felipe Castillo notifications@github.comwrote:
Here's both outputs, they look almost identical to me
Data Limit ON: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13588 packets, 889K bytes)
pkts bytes target prot opt in out source destination 13188 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17289 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29788 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32764 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36678 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37636 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37682 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39030 3939K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39960 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41174 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41701 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42631 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44328 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44340 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45327 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48145 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48315 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48342 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
Data Limit OFF: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13537 packets, 882K bytes)
pkts bytes target prot opt in out source destination 13187 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17288 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29787 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32763 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36677 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37635 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37681 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39029 3938K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39959 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41173 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41700 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42630 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44327 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44339 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45326 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48144 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48314 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48341 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/9#issuecomment-13555593>.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/9#issuecomment-13558631>.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-13559238.
I now have an experimental build for you to test. Please e-mail me directly for the link as I do not want it public since it has other new functionality that is not quite ready yet as well.
On Sat, Feb 16, 2013 at 10:05 AM, Jason Tschohl jtschohl@gmail.com wrote:
I have received a response from Jader. We are digging deeper to try to see what's going on.
On Fri, Feb 15, 2013 at 7:49 PM, Jason Tschohl jtschohl@gmail.com wrote:
Just to let you know I e-mailed Jader yesterday. He's on vacation though according to his thread. Once I hear back I will update you.
On Thu, Feb 14, 2013 at 11:07 AM, Jason Tschohl jtschohl@gmail.comwrote:
Do you have any other bandwidth monitor software installed? I know there are at least one or two on the Play Store that use iptables and can override AF's rules.
On Thu, Feb 14, 2013 at 11:03 AM, Felipe Castillo < notifications@github.com> wrote:
I don't use ad block software, that's what android firewall is for :-) I have no idea either, I don't know why they're there. If you want me to try to disable some rules or any further testing just let me know, I'll be happy to do it On Feb 14, 2013 10:57 AM, "Jason Tschohl" notifications@github.com wrote:
They are about 99% identical. The only difference is in the packets and bytes.
Are you running any other bandwidth monitoring software or a proxy for ad blocking of some sort?
I have no clue why in the world you have all those loopback rules or why there's even a rule for "all -- any any anywhere anywhere". That doesn't exist in stock Android. I have a fully stock Nexus S with 4.1.2 and none of that is there. It's not there on my CM10.1 Galaxy Nexus either. It's not even on my old Thunderbolt running stock 2.3.4 with LeanKernel.
On Thu, Feb 14, 2013 at 10:28 AM, Felipe Castillo notifications@github.comwrote:
Here's both outputs, they look almost identical to me
Data Limit ON: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13588 packets, 889K bytes)
pkts bytes target prot opt in out source destination 13188 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17289 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29788 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32764 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36678 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37636 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37682 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39030 3939K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39960 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41174 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41701 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42631 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44328 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44340 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45327 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48145 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48315 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48342 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
Data Limit OFF: root@android:/ # iptables --list OUTPUT --verbose Chain OUTPUT (policy ACCEPT 13537 packets, 882K bytes)
pkts bytes target prot opt in out source destination 13187 833K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 17288 1081K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 29787 2802K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 32763 3221K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 36677 3708K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37635 3787K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 37681 3791K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39029 3938K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 39959 4035K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41173 4161K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 41700 4219K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 42630 4321K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44327 4852K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 44339 4859K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 45326 5302K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48144 6810K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48314 6858K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 48341 6867K all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes 34617 1805K ACCEPT all -- any lo anywhere anywhere 163K 25M all -- any any anywhere anywhere owner socket exists 165K 25M droidwall all -- any any anywhere anywhere
— Reply to this email directly or view it on GitHub<
https://github.com/skullone/android_firewall/issues/9#issuecomment-13555593>.
— Reply to this email directly or view it on GitHub< https://github.com/skullone/android_firewall/issues/9#issuecomment-13558631>.
— Reply to this email directly or view it on GitHubhttps://github.com/skullone/android_firewall/issues/9#issuecomment-13559238.
What's your email address? I couldn't find it on your profile
This was fixed in version 2.1.3.
Currently investigating reports of this issue. Mobile Data limit does not break my Galaxy Nexus (toro) so further information is needed.