ukanth
commented
3 years ago I see you have enabled LAN. Have you given LAN permission for Adguard ?
Open freebrowser1 opened 3 years ago
ukanth
commented
3 years ago I see you have enabled LAN. Have you given LAN permission for Adguard ?
freebrowser1
commented
3 years ago Yes, I have enabled LAN as well.
EDIT: It appears iptables (got by iptables -L -n) has no ACCEPT on port 80 / 443 or any http port on user id 0 (root).
When I turn off the AFWall+ firewall, then the Adguard proxy works normally. And Adguard obviously does not block anything from AFWall+.
ukanth
commented
3 years ago can you try changing DNS proxy to "disable" and try reapplying ?
freebrowser1
commented
3 years ago Where can I find this in AFWall ? EDIT: I noticed that Adguard also uses iptables when setting it to local automatic proxy, so it is not a proxy at all in that case.
I first set Adguard to 'local automatic proxy' and turned Afwall+ OFF. Then I listed iptables -L -n and saw that there were indeed chains like
`
Chain INPUT (policy ACCEPT)
target prot opt source destination
ADGUARD_INPUT all -- 0.0.0.0/0 0.0.0.0/0
bw_INPUT all -- 0.0.0.0/0 0.0.0.0/0
fw_INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ADGUARD_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
oem_out all -- 0.0.0.0/0 0.0.0.0/0
fw_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
st_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
bw_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain ADGUARD_INPUT (1 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42117 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1113 reject-with tcp-reset
Chain ADGUARD_OUTPUT (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1001
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1000
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10339
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10254
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10276
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10229
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10250
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10160
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10274
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10273
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10318
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10317
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10146
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10252
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10126
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10271
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10247
RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10281
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:443
......
`
Then I set Adguard to VPN mode (i.e. no iptables anymore) and turned on AFWall.
Now I saw that the Adguard rules were gone and there were lots of AFWall rules (set by profile).
Now I can understand that using them both in iptables mode can be confusing ...?
I am using AdGuard which is a VPN based ad blocker and works awesome. But I noticed that with a rooted device, it can also work as an automatic proxy server to block ads. I had set it according to their instructions how to set up automatic HTTP proxy mode (root only). https://kb.adguard.com/en/android/faq#http So I tried that. I already have approved Adguard full internet access by Afwall+ which works indeed. But because Adgard now works as root, I now had to enable 'apps running as root' for internet and LAN access.
Despite this Firewall Logs Log from 'apps with root access' : Denied while these are checked uid: 0 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:63668,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:30251,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:8875,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:25824,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:53323,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:43710,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:32670,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:30740,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:55806,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:5122,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:1797,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:44688,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:19990,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:23937,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:57969,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:33419,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:16299,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:20826,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:55219,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:11000,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:16660,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:55014,dport:1100 src:192.168.0.7,dst:127.0.0.1,proto:UDP,sport:46829,dport:1100 Please get the log from Menu -> Show Rules -> (menu) Export to storage and attach it here IPv4rules.log
Smartphone (please complete the following information):