Open MartinEichner opened 3 years ago
MrEngineerMind
commented
3 years ago Try adding this custom script to afwall+ and see if tethering starts to work (it worked for me):
iptables -I afwall-wifi-tether 1 -p udp -m owner --uid-owner 1052 -m udp --sport 53 -j RETURN iptables -I afwall-wifi-tether 1 -p tcp -m owner --uid-owner 1052 -m tcp --sport 53 -j RETURN
MartinEichner
commented
3 years ago I am now working with version 3.5.2.1, but I still have the same problem. I have implemented the script by JohnCGH and re-ran AFWall+, but that did not help either. In case, somebody wants to try that script, please notice that after the "iptables -" there is an upper case i not a lower case L (on my browser, the two are practically undistinguishable).
omaer0
commented
2 years ago I had the same problem for a long time on FP2 with Android 7.1.2 and Afwall+ 3.5.2, despite trying above custom script (which was already given in https://github.com/ukanth/afwall/issues/965)
I then discovered via adb shell that dnsmasq was not running as PID 1052, but as PID 6941 on the Fairphone:
ps | grep -e dns -e USER
USER PID PPID VSIZE RSS WCHAN PC NAME
nobody 6941 11336 3928 1436 poll_sched ae4b7778 S /system/bin/dnsmasqafter changing --uid-owner to 6941 in the above Afwall script, USB tethering and Wi-Fi hotspot now work
omaer0
commented
2 years ago Correction to previous entry - I mixed up the PID with the UID, sorry. the user nobody UID on FP2 is 9999, and when setting --uid-owner 9999 tethering works
I do not know if there could be any adverse side-effects, the only other process running as user nobody is rmt_storage
FP2:/ $ ps | grep nobody
nobody 269 1 10308 1520 poll_sched 00000000 S /system/bin/rmt_storage
nobody 12068 303 3928 1428 poll_sched 00000000 S /system/bin/dnsmasq
foxB612
commented
2 years ago For my case I need to enable LAN for [0] (root) - Apps running as root first (in AFWall gui), otherwise the guest device cannot ping the ip address which dnsmasq is listening to.
After that applying the mentioned custom script solves the problem.
breversa
commented
1 year ago Related: https://github.com/ukanth/afwall/issues/1297 ?
frmayall1978
commented
7 months ago I know it's been a while, but what worked for me on Android 13 is the contents of my custom script:
/system/bin/iptables -I afwall-wifi-lan -m owner --uid-owner 1052 -j RETURN
/system/bin/iptables -I afwall-wifi-wan -m onwer --uid-owner 1052 -j RETURNAfwall was sending me a notification saying that packages from the guest host were being rejected ("Unknown(1052): 192.168.0.123:45678"), so I went to "Show rules" and grepped rules for package that is allowed to communicate in localhost and there were rules that allow for chain 'afwall-wifi-lan' and 'afwall-wifi-wan'. I rewrote the same rule for uid-owner 1052.
EDIT: removed unnecessary reply quote.
0xzfs
commented
2 months ago You can fix this by forcing standard DNS settings (Set private DNS mode: off/automatic) and allowing these apps in AFWall:
If it still doesn't work, try to allow even these:
It seems to work differently for me in case I use another SIM card.
Anyway, 100% working fix is this one:
When I switch on tethering, the DNS is not resolved on the guest device.
Firewall Logs IPv4rules.log is attached below after the text (I did not want to clutter this report with the log file).
Additional context When using AFWall+ 3.4, clients were able to resolve DNS when the mobile phone provided the internet via tethering (either by cable or WLAN). After upgrading to 3.5 or to 3.5.2.1, this no longer works. Only, if I deactivate DNS over netd, the client again is able to resolve DNS. I would like to keep DNS over netd deactivated.
System: Lineage OS (latest build from last week) Hardware: BQ Aquaris X Pro
Firewall Logs
IPv4 Rules
Chain INPUT (policy ACCEPT 1788 packets, 1056K bytes) pkts bytes target prot opt in out source destination
7501 2899K afwall-input all -- 0.0.0.0/0 0.0.0.0/0
23898 8984K bw_INPUT all -- 0.0.0.0/0 0.0.0.0/0
23898 8984K fw_INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
124 9630 oem_fwd all -- 0.0.0.0/0 0.0.0.0/0
124 9630 fw_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
124 9630 bw_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
124 9630 tetherctrl_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1621 packets, 185K bytes) pkts bytes target prot opt in out source destination
8398 1371K afwall all -- 0.0.0.0/0 0.0.0.0/0
22291 2807K nm_oem_filter_ssdp_dropper all -- 0.0.0.0/0 0.0.0.0/0
22291 2807K oem_out all -- 0.0.0.0/0 0.0.0.0/0
22291 2807K fw_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
22291 2807K st_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
22291 2807K bw_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall (1 references) pkts bytes target prot opt in out source destination
5679 1135K RETURN all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 1365 98269 afwall-vpn all -- tun+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-vpn all -- ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-vpn all -- tap+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-vpn all -- 0.0.0.0/0 0.0.0.0/0 [goto] mark match 0x3c/0xfffc 0 0 afwall-vpn all -- 0.0.0.0/0 0.0.0.0/0 [goto] mark match 0x40/0xfff8 0 0 afwall-wifi all -- eth+ 0.0.0.0/0 0.0.0.0/0
24 2988 afwall-wifi all -- wlan+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-wifi all -- tiwlan+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-wifi all -- ra+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-wifi all -- bnep+ 0.0.0.0/0 0.0.0.0/0
52 5603 afwall-3g all -- rmnet+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- pdp+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- uwbr+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- wimax+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- vsnet+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- rmnet_sdio+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- ccmni+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- qmi+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- svnet0+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- ccemni+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- wwan+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- cdma_rmnet+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- clat4+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- cc2mni+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- bond1+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- rmnet_smux+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- ccinet+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- v4-rmnet+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- seth_w+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- v4-rmnet_data+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- rmnet_ipa+ 0.0.0.0/0 0.0.0.0/0
2 280 afwall-3g all -- rmnet_data+ 0.0.0.0/0 0.0.0.0/0
0 0 afwall-3g all -- r_rmnet_data+ 0.0.0.0/0 0.0.0.0/0
Chain afwall-3g (23 references) pkts bytes target prot opt in out source destination
54 5883 afwall-3g-postcustom all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-3g-fork (2 references) pkts bytes target prot opt in out source destination
18 1711 afwall-3g-home all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-3g-home (1 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1001 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1021 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10080 4 560 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10163 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10229 8 544 afwall-reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0 0 0 afwall-reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 owner UID match 0 42 4779 afwall-reject all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-3g-postcustom (1 references) pkts bytes target prot opt in out source destination
18 1711 afwall-3g-fork all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-3g-roam (0 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1001 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10080 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10163 0 0 afwall-reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0 0 0 afwall-reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 owner UID match 0 0 0 afwall-reject all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-3g-tether (0 references) pkts bytes target prot opt in out source destination
0 0 afwall-3g-fork all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-input (1 references) pkts bytes target prot opt in out source destination
5569 2733K RETURN all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED Chain afwall-reject (18 references) pkts bytes target prot opt in out source destination
149 12511 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1000/min burst 5 LOG flags 14 level 4 prefix "{AFL}" 1300 96587 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain afwall-tether (0 references) pkts bytes target prot opt in out source destination
0 0 afwall-reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0 0 0 afwall-reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 owner UID match 0 0 0 afwall-reject all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-tor (0 references) pkts bytes target prot opt in out source destination
Chain afwall-tor-reject (0 references) pkts bytes target prot opt in out source destination
Chain afwall-vpn (5 references) pkts bytes target prot opt in out source destination
15 979 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 0 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1001 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10010 1 60 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10028 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10042 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10074 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10080 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10092 25 1552 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10095 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10099 2 135 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10103 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10104 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10109 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10110 6 360 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10117 24 1560 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10126 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10165 4 248 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10170 9 1304 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10174 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10176 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10229 0 0 afwall-reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0 0 0 afwall-reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 owner UID match 0 0 0 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 owner UID match 1000 1238 90388 afwall-reject all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 0-999999999 Chain afwall-wifi (5 references) pkts bytes target prot opt in out source destination
24 2988 afwall-wifi-postcustom all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-wifi-fork (2 references) pkts bytes target prot opt in out source destination
17 1756 afwall-wifi-wan all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-wifi-lan (0 references) pkts bytes target prot opt in out source destination
0 0 afwall-reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0 0 0 afwall-reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 owner UID match 0 0 0 afwall-reject all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-wifi-postcustom (1 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1014 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1010 17 1756 afwall-wifi-fork all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-wifi-tether (0 references) pkts bytes target prot opt in out source destination
0 0 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 0 udp spt:67 dpt:68 0 0 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 9999 udp spt:67 dpt:68 0 0 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1073 udp spt:67 dpt:68 0 0 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 0 udp spt:53 0 0 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 9999 udp spt:53 0 0 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1052 udp spt:53 0 0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 0 tcp spt:53 0 0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 9999 tcp spt:53 0 0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1052 tcp spt:53 0 0 afwall-wifi-fork all -- 0.0.0.0/0 0.0.0.0/0
Chain afwall-wifi-wan (1 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1073 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10032 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10080 12 2112 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 10163 12 876 afwall-reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 owner UID match 0 0 0 afwall-reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 owner UID match 0 0 0 afwall-reject all -- 0.0.0.0/0 0.0.0.0/0
Chain bw_FORWARD (1 references) pkts bytes target prot opt in out source destination
0 0 bw_costly_rmnet_data0 all -- rmnet_data0 0.0.0.0/0 0.0.0.0/0
0 0 bw_costly_rmnet_data0 all -- rmnet_data0 0.0.0.0/0 0.0.0.0/0
Chain bw_INPUT (1 references) pkts bytes target prot opt in out source destination
23898 8984K bw_global_alert all -- 0.0.0.0/0 0.0.0.0/0
264 11225 bw_costly_rmnet_data0 all -- rmnet_data0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN esp -- 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 mark match 0x100000/0x100000 23898 8984K MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK or 0x100000 Chain bw_OUTPUT (1 references) pkts bytes target prot opt in out source destination
22291 2807K bw_global_alert all -- 0.0.0.0/0 0.0.0.0/0
156 6240 bw_costly_rmnet_data0 all -- rmnet_data0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- ipsec+ 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 policy match dir out pol ipsec Chain bw_costly_rmnet_data0 (4 references) pkts bytes target prot opt in out source destination
420 17465 bw_penalty_box all -- 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 ! quota rmnet_data0: 9223372036854775807 bytes reject-with icmp-port-unreachable Chain bw_costly_shared (0 references) pkts bytes target prot opt in out source destination
0 0 bw_penalty_box all -- 0.0.0.0/0 0.0.0.0/0
Chain bw_data_saver (1 references) pkts bytes target prot opt in out source destination
2295 548K RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain bw_global_alert (2 references) pkts bytes target prot opt in out source destination
426 366K all -- 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes Chain bw_happy_box (1 references) pkts bytes target prot opt in out source destination
2646 496K RETURN all -- 0.0.0.0/0 0.0.0.0/0 match bpf pinned /sys/fs/bpf/prog_netd_skfilter_whitelist_xtbpf 2295 548K bw_data_saver all -- 0.0.0.0/0 0.0.0.0/0
Chain bw_penalty_box (2 references) pkts bytes target prot opt in out source destination
0 0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 match bpf pinned /sys/fs/bpf/prog_netd_skfilter_blacklist_xtbpf reject-with icmp-port-unreachable 4941 1044K bw_happy_box all -- 0.0.0.0/0 0.0.0.0/0
Chain fw_FORWARD (1 references) pkts bytes target prot opt in out source destination
Chain fw_INPUT (1 references) pkts bytes target prot opt in out source destination
Chain fw_OUTPUT (1 references) pkts bytes target prot opt in out source destination
Chain nm_mdmprxy_doze_mode_skip (0 references) pkts bytes target prot opt in out source destination
Chain nm_mdmprxy_iface_pkt_fwder (0 references) pkts bytes target prot opt in out source destination
Chain nm_oem_filter_ssdp_dropper (1 references) pkts bytes target prot opt in out source destination
0 0 DROP udp -- r_rmnet_data+ 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 0 0 DROP udp -- rmnet_data+ 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 Chain oem_fwd (1 references) pkts bytes target prot opt in out source destination
Chain oem_out (1 references) pkts bytes target prot opt in out source destination
Chain st_OUTPUT (1 references) pkts bytes target prot opt in out source destination
Chain st_clear_caught (2 references) pkts bytes target prot opt in out source destination
Chain st_clear_detect (0 references) pkts bytes target prot opt in out source destination
0 0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 connmark match 0x1000000/0x1000000 0 0 CONNMARK tcp -- 0.0.0.0/0 0.0.0.0/0 u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x4&0xff0000=0x10000" CONNMARK or 0x1000000 0 0 CONNMARK udp -- 0.0.0.0/0 0.0.0.0/0 u32 "0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000" CONNMARK or 0x1000000 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 connmark match 0x1000000/0x1000000 0 0 st_clear_caught tcp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0" 0 0 st_clear_caught udp -- 0.0.0.0/0 0.0.0.0/0
Chain st_penalty_log (0 references) pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK or 0x1000000 0 0 NFLOG all -- 0.0.0.0/0 0.0.0.0/0
Chain st_penalty_reject (0 references) pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK or 0x2000000 0 0 NFLOG all -- 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain tetherctrl_FORWARD (1 references) pkts bytes target prot opt in out source destination
0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain tetherctrl_counters (0 references) pkts bytes target prot opt in out source destination
72 5526 RETURN all -- wlan0 tun0 0.0.0.0/0 0.0.0.0/0
52 4104 RETURN all -- tun0 wlan0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- rndis0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- tun0 rndis0 0.0.0.0/0 0.0.0.0/0
Chain vpnhotspot_acl (0 references) pkts bytes target prot opt in out source destination
Chain vpnhotspot_fwd (0 references) pkts bytes target prot opt in out source destination
================== Network interfaces
r_rmnet_data5 rmnet_data6 sit0 rmnet_ipa0 lo r_rmnet_data7 wlan0 r_rmnet_data0 rmnet_data1 r_rmnet_data2 rmnet_data3 ip_vti0 ip6tnl0 r_rmnet_data4 rmnet_data5 tun0 dummy0 r_rmnet_data6 rmnet_data7 p2p0 r_rmnet_data8 rmnet_data0 r_rmnet_data1 rmnet_data2 ip6_vti0 r_rmnet_data3 rmnet_data4
======== ifconfig
dummy0 Link encap:Ethernet HWaddr EA:26:29:08:BF:C9
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:70 (70.0 B) ip6_vti0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ip6tnl0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1452 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ip_vti0 Link encap:UNSPEC HWaddr 00-00-00-00-01-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:4325 errors:0 dropped:0 overruns:0 frame:0 TX packets:4325 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:458804 (448.0 KiB) TX bytes:458804 (448.0 KiB) p2p0 Link encap:Ethernet HWaddr B6:9D:0B:7C:40:6D
UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data3 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data4 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data5 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data6 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data7 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) r_rmnet_data8 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) rmnet_data0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:37.83.194.129 Mask:255.255.255.252 UP RUNNING MTU:1500 Metric:1 RX packets:1711 errors:0 dropped:0 overruns:0 frame:0 TX packets:1393 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:444761 (434.3 KiB) TX bytes:156900 (153.2 KiB) rmnet_data1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) rmnet_data2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) rmnet_data3 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) rmnet_data4 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) rmnet_data5 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) rmnet_data6 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) rmnet_data7 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) rmnet_ipa0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING MTU:2000 Metric:1 RX packets:1532 errors:0 dropped:0 overruns:0 frame:0 TX packets:1393 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:465293 (454.3 KiB) TX bytes:168044 (164.1 KiB) sit0 Link encap:UNSPEC HWaddr 00-00-00-00-01-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.9.0.4 P-t-P:10.9.0.4 Mask:255.255.255.0 UP POINTOPOINT RUNNING MTU:1280 Metric:1 RX packets:4981 errors:0 dropped:0 overruns:0 frame:0 TX packets:4253 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:3749930 (3.5 MiB) TX bytes:697781 (681.4 KiB) wlan0 Link encap:Ethernet HWaddr B4:9D:0B:7C:40:6D
inet addr:192.168.178.102 Bcast:192.168.178.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2746 errors:0 dropped:0 overruns:0 frame:0 TX packets:1006 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:780693 (762.3 KiB) TX bytes:253715 (247.7 KiB)
=========== System info
Android version: 10 Manufacturer: bq Model: Aquaris X Pro Build: lineage_bardockpro-userdebug 10 QQ3A.200805.001 7521827434 Active interface: wifi Wifi Tether status: no Bluetooth Tether status: unknown Usb Tether status: unknown Roam status: no IPv4 subnet: 192.168.178.102/24 IPv6 subnet: fe80::14ca:49c8:72e9:dc6f/64 /system/bin/su: not present /system/xbin/su: not present /data/magisk/magisk: not present /system/app/Superuser.apk: not present Superuser: com.topjohnwu.magisk v23.0
=========== Preferences
NewDBNotification: true activeNotification: true activeRules: true appVersion: 20210517 bb_path: builtin block_filter_app: controlIPv6: false disableIcons: false disableTaskerToast: true dns_value: disable enableConfirm: true enableDeviceCheck: false enableIPv6: false enableInbound: true enableLAN: false enableLogService: true enableRoam: true enableTether: false enableTor: false enableVPN: true forward_chain: true forward_chain_v6: true hasRoot: true initPath: /data/adb/service.d/ input_chain: true input_chain_v6: true ip_path: auto ipt_path: system ipurchaseddonatekey: true locale: de logDmesg: OS logPingTime: logTarget: LOG logTargets: NFLOG,LOG multiUser: false multiUserId: 0 notification_priority: 0 notifyAppInstall: true oldLogView: false output_chain: true output_chain_v6: true passSetting: p0 patternMax: 3 runNotification: true selectedFilter: 2 showAllApps: false showFilter: true showHostName: true showLogToasts: false showUid: true sort: s0 storedPid: [8388] supportDualApps: false sysColor: -16721118 theme: B toast_pos: bottom widgetX: 1080 widgetY: 1920 Profile Mode : whitelist Status : Enabled
====== Logcat
05:10:16 Selected Profile: AFWallPrefs 05:10:16 Startin boot service 05:10:16 Starting firewall service onboot 05:10:16 Getting interface details... 05:10:16 Now assuming NO connection (all interfaces down) 05:10:16 Selected Profile: AFWallPrefs 05:10:16 Using applySavedIptablesRules 05:10:16 Setting OUTPUT to Drop for v4 05:10:16 Callin interface routing for false 05:10:16 Setting OUTPUT to Accept State 05:10:16 Using applySaved4IptablesRules 05:10:16 Received cmds: #154 05:10:16 Hashing4....false 05:10:16 -1 05:10:16 Starting root shell... 05:10:16 Starting log service onboot 05:10:16 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 05:10:16 Staring log watcher 05:10:16 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 05:10:16 Staring log watcher 05:10:16 Root shell is open 05:10:16 Start processing next state 05:10:20 BOOT_COMPLETED: applied rules at 1621998620414 05:10:20 Received cmds: #3 05:10:20 Hashing4....false 05:10:20 -1 05:10:20 Start processing next state 05:10:30 State of rootShell(4): READY 05:10:39 Network change captured. 05:10:39 isWifiApEnabled is false 05:10:39 Getting interface details... 05:10:39 Now assuming 3G connection (roaming: nowifi-tethered: no, bluetooth-tethered: no, usb-tethered: no) 05:10:39 No ipaddress found 05:10:39 Selected Profile: AFWallPrefs 05:10:39 Using fastApply 05:10:39 Setting OUTPUT chain to DROP 05:10:39 isWifiApEnabled is false 05:10:39 Setting OUTPUT chain to ACCEPT 05:10:39 Received cmds: #12 05:10:39 Hashing4....false 05:10:39 -1 05:10:39 Start processing next state 05:10:39 CONNECTIVITY_CHANGE: applied rules at 1621998639643 05:10:39 Received cmds: #3 05:10:39 Hashing4....false 05:10:39 -1 05:10:39 Start processing next state 05:10:49 State of rootShell(4): READY 06:35:13 Tether change captured. 06:35:14 isWifiApEnabled is true 06:35:14 Found ipv6: fe80::3431:58ff:fe71:2ac6/64 06:35:14 Found ipv4: 192.168.43.95/24 06:35:14 Getting interface details... 06:35:14 Now assuming 3G connection (roaming: nowifi-tethered: yes, bluetooth-tethered: no, usb-tethered: no) 06:35:14 IPv4 LAN netmask on wlan0: 192.168.43.95/24 06:35:14 IPv6 LAN netmask on wlan0: fe80::3431:58ff:fe71:2ac6/64 06:35:14 Selected Profile: AFWallPrefs 06:35:14 Using fastApply 06:35:14 Setting OUTPUT chain to DROP 06:35:14 isWifiApEnabled is true 06:35:14 Found ipv6: fe80::3431:58ff:fe71:2ac6/64 06:35:14 Found ipv4: 192.168.43.95/24 06:35:14 Setting OUTPUT chain to ACCEPT 06:35:14 Received cmds: #12 06:35:14 Hashing4....false 06:35:14 -1 06:35:14 Start processing next state 06:35:14 Tether change captured. 06:35:14 isWifiApEnabled is true 06:35:14 Found ipv6: fe80::3431:58ff:fe71:2ac6/64 06:35:14 Found ipv4: 192.168.43.95/24 06:35:14 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:35:14 command 'iptables -P OUTPUT DROP' exited with status 4, retrying (attempt 1/10) 06:35:14 Network change captured. 06:35:14 isWifiApEnabled is true 06:35:14 Found ipv6: fe80::3431:58ff:fe71:2ac6/64 06:35:14 Found ipv4: 192.168.43.95/24 06:35:14 command 'iptables -P OUTPUT DROP' exited with status 4, retrying (attempt 2/10) 06:35:14 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:35:14 command 'iptables -F afwall-3g-fork' exited with status 4, retrying (attempt 1/10) 06:35:14 TETHER_STATE_CHANGED: applied rules at 1622003714489 06:35:14 Received cmds: #3 06:35:14 Hashing4....false 06:35:14 -1 06:35:14 Start processing next state 06:35:24 State of rootShell(4): READY 06:36:13 Private link has registered already 06:36:13 Received cmds: #1 06:36:13 Hashing4....false 06:36:13 -1 06:36:13 Start processing next state 06:36:13 Selected Profile: AFWallPrefs 06:36:13 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 06:36:13 Staring log watcher 06:36:13 Network change captured. 06:36:13 isWifiApEnabled is true 06:36:13 Found ipv6: fe80::3431:58ff:fe71:2ac6/64 06:36:13 Found ipv4: 192.168.43.95/24 06:36:13 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:36:13 Tether change captured. 06:36:13 isWifiApEnabled is true 06:36:13 Found ipv6: fe80::3431:58ff:fe71:2ac6/64 06:36:13 Found ipv4: 192.168.43.95/24 06:36:13 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:36:29 Using applySavedIptablesRules 06:36:29 Setting OUTPUT to Drop for v4 06:36:29 Callin interface routing for false 06:36:29 isWifiApEnabled is true 06:36:30 Found ipv6: fe80::3431:58ff:fe71:2ac6/64 06:36:30 Found ipv4: 192.168.43.95/24 06:36:30 Setting OUTPUT to Accept State 06:36:30 Using applySaved4IptablesRules 06:36:30 Received cmds: #166 06:36:30 Hashing4....false 06:36:30 -1 06:36:30 Start processing next state 06:36:42 Using applySavedIptablesRules 06:36:42 Setting OUTPUT to Drop for v4 06:36:42 Callin interface routing for false 06:36:42 isWifiApEnabled is true 06:36:42 Found ipv6: fe80::3431:58ff:fe71:2ac6/64 06:36:42 Found ipv4: 192.168.43.95/24 06:36:42 Setting OUTPUT to Accept State 06:36:42 Using applySaved4IptablesRules 06:36:42 Received cmds: #154 06:36:42 Hashing4....false 06:36:42 -1 06:36:42 Start processing next state 06:37:04 Log service removed 06:37:09 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 06:37:09 Staring log watcher 06:37:13 Tether change captured. 06:37:13 isWifiApEnabled is false 06:37:13 Getting interface details... 06:37:13 Now assuming 3G connection (roaming: nowifi-tethered: no, bluetooth-tethered: no, usb-tethered: no) 06:37:13 No ipaddress found 06:37:13 Selected Profile: AFWallPrefs 06:37:13 Using fastApply 06:37:13 Setting OUTPUT chain to DROP 06:37:13 isWifiApEnabled is false 06:37:13 Setting OUTPUT chain to ACCEPT 06:37:13 Received cmds: #12 06:37:13 Hashing4....false 06:37:13 -1 06:37:13 Start processing next state 06:37:13 Network change captured. 06:37:13 isWifiApEnabled is false 06:37:13 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:37:13 Network change captured. 06:37:13 isWifiApEnabled is false 06:37:13 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:37:13 TETHER_STATE_CHANGED: applied rules at 1622003833432 06:37:13 Received cmds: #3 06:37:13 Hashing4....false 06:37:13 -1 06:37:13 Start processing next state 06:37:15 Tether change captured. 06:37:16 isWifiApEnabled is false 06:37:16 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:37:16 Tether change captured. 06:37:16 isWifiApEnabled is false 06:37:16 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:37:23 State of rootShell(4): READY 06:37:29 Network change captured. 06:37:29 isWifiApEnabled is false 06:37:29 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:37:29 Found ipv4: 192.168.178.102/24 06:37:29 Getting interface details... 06:37:29 Now assuming wifi connection (bluetooth-tethered: no, usb-tethered: no) 06:37:29 IPv4 LAN netmask on wlan0: 192.168.178.102/24 06:37:29 IPv6 LAN netmask on wlan0: fe80::14ca:49c8:72e9:dc6f/64 06:37:29 Selected Profile: AFWallPrefs 06:37:29 Using fastApply 06:37:29 Setting OUTPUT chain to DROP 06:37:29 isWifiApEnabled is false 06:37:29 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:37:29 Found ipv4: 192.168.178.102/24 06:37:29 Setting OUTPUT chain to ACCEPT 06:37:29 Received cmds: #12 06:37:29 Hashing4....false 06:37:29 -1 06:37:29 Start processing next state 06:37:29 Network change captured. 06:37:29 isWifiApEnabled is false 06:37:29 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:37:29 command 'iptables -F afwall-3g-postcustom' exited with status 4, retrying (attempt 1/10) 06:37:29 Found ipv4: 192.168.178.102/24 06:37:29 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:37:29 CONNECTIVITY_CHANGE: applied rules at 1622003849797 06:37:29 Received cmds: #3 06:37:29 Hashing4....false 06:37:29 -1 06:37:29 Start processing next state 06:37:31 Private link has registered already 06:37:31 Received cmds: #1 06:37:31 Hashing4....false 06:37:31 -1 06:37:31 Start processing next state 06:37:31 Selected Profile: AFWallPrefs 06:37:31 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 06:37:31 Staring log watcher 06:37:32 Network change captured. 06:37:32 isWifiApEnabled is false 06:37:32 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:37:32 Found ipv4: 192.168.178.102/24 06:37:32 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:37:32 Tether change captured. 06:37:32 isWifiApEnabled is false 06:37:32 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:37:32 Found ipv4: 192.168.178.102/24 06:37:32 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:37:39 State of rootShell(4): READY 06:37:45 Log service removed 06:37:56 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 06:37:56 Staring log watcher 06:38:44 Tether change captured. 06:38:44 isWifiApEnabled is false 06:38:44 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:38:44 Found ipv4: 192.168.178.102/24 06:38:44 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:38:44 Tether change captured. 06:38:44 isWifiApEnabled is false 06:38:44 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:38:44 Found ipv4: 192.168.178.102/24 06:38:44 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:38:45 Tether change captured. 06:38:45 isWifiApEnabled is false 06:38:45 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:38:45 Found ipv4: 192.168.178.102/24 06:38:45 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:38:45 Tether change captured. 06:38:45 isWifiApEnabled is false 06:38:45 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:38:45 Found ipv4: 192.168.178.102/24 06:38:45 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:38:45 Tether change captured. 06:38:45 isWifiApEnabled is false 06:38:45 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:38:45 Found ipv4: 192.168.178.102/24 06:38:45 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:38:45 Tether change captured. 06:38:45 isWifiApEnabled is false 06:38:45 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:38:45 Found ipv4: 192.168.178.102/24 06:38:45 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:38:45 Network change captured. 06:38:45 isWifiApEnabled is false 06:38:45 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:38:45 Found ipv4: 192.168.178.102/24 06:38:45 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:39:31 Tether change captured. 06:39:31 isWifiApEnabled is false 06:39:31 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:39:31 Found ipv4: 192.168.178.102/24 06:39:31 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:39:31 Network change captured. 06:39:31 isWifiApEnabled is false 06:39:31 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:39:31 Found ipv4: 192.168.178.102/24 06:39:31 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:40:50 Private link has registered already 06:40:51 Received cmds: #1 06:40:51 Hashing4....false 06:40:51 -1 06:40:51 Start processing next state 06:40:51 Selected Profile: AFWallPrefs 06:40:51 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 06:40:51 Staring log watcher 06:40:51 Network change captured. 06:40:51 isWifiApEnabled is false 06:40:51 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:40:51 Found ipv4: 192.168.178.102/24 06:40:51 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 06:40:51 Tether change captured. 06:40:51 isWifiApEnabled is false 06:40:51 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:40:51 Found ipv4: 192.168.178.102/24 06:40:51 TETHER_STATE_CHANGED: interface state has not changed, ignoring 06:41:00 Using applySavedIptablesRules 06:41:00 Setting OUTPUT to Drop for v4 06:41:00 Callin interface routing for false 06:41:00 isWifiApEnabled is false 06:41:00 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:41:00 Found ipv4: 192.168.178.102/24 06:41:00 Setting OUTPUT to Accept State 06:41:00 Using applySaved4IptablesRules 06:41:00 Received cmds: #166 06:41:00 Hashing4....false 06:41:00 -1 06:41:00 Start processing next state 06:42:48 Using applySavedIptablesRules 06:42:48 Setting OUTPUT to Drop for v4 06:42:48 Callin interface routing for false 06:42:48 isWifiApEnabled is false 06:42:48 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 06:42:48 Found ipv4: 192.168.178.102/24 06:42:48 Setting OUTPUT to Accept State 06:42:48 Using applySaved4IptablesRules 06:42:48 Received cmds: #154 06:42:48 Hashing4....false 06:42:48 -1 06:42:48 Start processing next state 07:41:34 Log service removed 07:41:39 Network change captured. 07:41:39 isWifiApEnabled is false 07:41:39 Getting interface details... 07:41:39 Now assuming 3G connection (roaming: nowifi-tethered: no, bluetooth-tethered: no, usb-tethered: no) 07:41:39 No ipaddress found 07:41:39 Selected Profile: AFWallPrefs 07:41:39 Using fastApply 07:41:39 Setting OUTPUT chain to DROP 07:41:39 isWifiApEnabled is false 07:41:39 Setting OUTPUT chain to ACCEPT 07:41:39 Received cmds: #12 07:41:39 Hashing4....false 07:41:39 -1 07:41:39 Start processing next state 07:41:39 Network change captured. 07:41:39 isWifiApEnabled is false 07:41:39 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 07:41:39 command 'iptables -F afwall-wifi-fork' exited with status 4, retrying (attempt 1/10) 07:41:39 command 'iptables -A afwall-wifi-postcustom -m owner --uid-owner 1014 -j RETURN' exited with status 4, retrying (attempt 1/10) 07:41:39 CONNECTIVITY_CHANGE: applied rules at 1622007699762 07:41:39 Received cmds: #3 07:41:39 Hashing4....false 07:41:39 -1 07:41:39 Start processing next state 07:41:49 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 07:41:49 Staring log watcher 07:41:49 State of rootShell(4): READY 07:43:04 Tether change captured. 07:43:05 isWifiApEnabled is false 07:43:05 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:05 Tether change captured. 07:43:05 isWifiApEnabled is false 07:43:05 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:07 Network change captured. 07:43:07 isWifiApEnabled is false 07:43:07 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:07 Found ipv4: 192.168.178.102/24 07:43:07 Getting interface details... 07:43:07 Now assuming wifi connection (bluetooth-tethered: no, usb-tethered: no) 07:43:07 IPv4 LAN netmask on wlan0: 192.168.178.102/24 07:43:07 IPv6 LAN netmask on wlan0: fe80::14ca:49c8:72e9:dc6f/64 07:43:07 Selected Profile: AFWallPrefs 07:43:07 Using fastApply 07:43:07 Setting OUTPUT chain to DROP 07:43:07 isWifiApEnabled is false 07:43:07 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:07 Found ipv4: 192.168.178.102/24 07:43:07 Setting OUTPUT chain to ACCEPT 07:43:07 Received cmds: #12 07:43:07 Hashing4....false 07:43:07 -1 07:43:07 Start processing next state 07:43:07 Network change captured. 07:43:07 isWifiApEnabled is false 07:43:07 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:07 Found ipv4: 192.168.178.102/24 07:43:07 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 07:43:07 command 'iptables -F afwall-wifi-postcustom' exited with status 4, retrying (attempt 1/10) 07:43:07 CONNECTIVITY_CHANGE: applied rules at 1622007787758 07:43:07 Received cmds: #3 07:43:07 Hashing4....false 07:43:07 -1 07:43:07 Start processing next state 07:43:17 State of rootShell(4): READY 07:43:39 Tether change captured. 07:43:39 isWifiApEnabled is false 07:43:39 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:39 Found ipv4: 192.168.178.102/24 07:43:39 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:39 Tether change captured. 07:43:39 isWifiApEnabled is false 07:43:39 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:39 Found ipv4: 192.168.178.102/24 07:43:39 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:39 Tether change captured. 07:43:39 isWifiApEnabled is false 07:43:39 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:39 Found ipv4: 192.168.178.102/24 07:43:40 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:40 Tether change captured. 07:43:40 isWifiApEnabled is false 07:43:40 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:40 Found ipv4: 192.168.178.102/24 07:43:40 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:40 Tether change captured. 07:43:40 isWifiApEnabled is false 07:43:40 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:40 Found ipv4: 192.168.178.102/24 07:43:40 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:40 Tether change captured. 07:43:40 isWifiApEnabled is false 07:43:40 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:40 Found ipv4: 192.168.178.102/24 07:43:40 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:40 Network change captured. 07:43:40 isWifiApEnabled is false 07:43:40 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:40 Found ipv4: 192.168.178.102/24 07:43:40 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 07:43:59 Tether change captured. 07:43:59 isWifiApEnabled is false 07:43:59 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:59 Found ipv4: 192.168.178.102/24 07:43:59 TETHER_STATE_CHANGED: interface state has not changed, ignoring 07:43:59 Network change captured. 07:43:59 isWifiApEnabled is false 07:43:59 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:43:59 Found ipv4: 192.168.178.102/24 07:43:59 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 07:44:46 Private link has registered already 07:44:46 Received cmds: #1 07:44:46 Hashing4....false 07:44:46 -1 07:44:46 Start processing next state 07:44:46 Selected Profile: AFWallPrefs 07:44:47 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 07:44:47 Staring log watcher 07:44:47 Network change captured. 07:44:47 isWifiApEnabled is false 07:44:47 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:44:47 Found ipv4: 192.168.178.102/24 07:44:47 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 07:44:47 Tether change captured. 07:44:47 isWifiApEnabled is false 07:44:47 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 07:44:47 Found ipv4: 192.168.178.102/24 07:44:47 TETHER_STATE_CHANGED: interface state has not changed, ignoring 08:23:48 Selected Profile: AFWallPrefs 08:33:51 Log service removed 08:36:53 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 08:36:53 Staring log watcher 08:37:42 Private link has registered already 08:37:42 Received cmds: #1 08:37:42 Hashing4....false 08:37:42 -1 08:37:42 Start processing next state 08:37:42 Selected Profile: AFWallPrefs 08:37:43 Starting Log Service: cat /proc/kmsg for LogTarget: LOG 08:37:43 Staring log watcher 08:37:43 Network change captured. 08:37:43 isWifiApEnabled is false 08:37:43 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 08:37:43 Found ipv4: 192.168.178.102/24 08:37:43 CONNECTIVITY_CHANGE: interface state has not changed, ignoring 08:37:43 Tether change captured. 08:37:43 isWifiApEnabled is false 08:37:43 Found ipv6: fe80::14ca:49c8:72e9:dc6f/64 08:37:43 Found ipv4: 192.168.178.102/24 08:37:43 TETHER_STATE_CHANGED: interface state has not changed, ignoring 08:40:17 Selected Profile: AFWallPrefs 08:50:43 Selected Profile: AFWallPrefs 08:50:54 Received cmds: #1 08:50:54 Hashing4....false 08:50:54 -1 08:50:54 Start processing next state 08:50:54 Received cmds: #1 08:50:54 Hashing4....false 08:50:54 -1 08:50:54 Start processing next state 08:50:54 Received cmds: #1 08:50:54 Hashing4....false 08:50:54 -1 08:50:54 Start processing next state