AFWall sometimes fails to get root on connection change

[cb474]

I'm having a problem where sometimes AFWall is not granted root status and it fails to apply iptables rules. This is on a Pixel 2, rooted with Magisk. I don't know for sure if this is an AFWall issue or might be a Magisk issue. But Magisk is showing no errors in catlog and I have no problem with other root apps.

This seems to happen when I have a change in connection (e.g. from wifi to cell) and AFWall is reapplying the rules (I have the "Active rules" setting enabled in preferences). But it only happens somtimes, not on every connection change. I get a notification saying AFWall could not apply rules and when I open AFWall an error from AFWall saying that it was unable to get root and my device needs to be rooted. If I move AFWall out of the recents menu and restart it that solves the problem (I can then manually apply rules with success and other automatic applications of the rules on connection changes seem to work). Most of the time AFWall works fine.

Attached are some logs, captured right after this happened, from the system through Catlog.

The only clear errors I see there are from the AFWall entries in catlog:

E/AFWall (22459): libsuperuser error -2 on command 'iptables -P OUTPUT DROP'

and:

E/AFWall (21817): CONNECTIVITY_CHANGE: applySavedIptablesRules() returned an error

afwall.catlog.txt magisk.catlog.txt

Perhaps my issue is the same as this one (but almost no information is provided there): https://github.com/ukanth/afwall/issues/776

[TripodKnight]

I was the one that posted the issue you linked. I disabled Magisk Hide Root settings in Magisk and noticed I stopped getting the error on connection change. Once I enabled Magisk hide again I started getting the errors. So it seems it's related to the Magisk hide root function.

[cb474]

Thanks for the suggestion. It's funny, because I seem to be having the issue less, even though neither Magisk nor Afwall have been updated. But I do occasionally have it in unpredictable ways.

I do have the Magisk hide toggle switch enabled in my settings, but I don't have the hiding function enabled for any apps. Disabling the toggle switch seems to just remove the tab for enabling hiding from specific apps. Do you know if it also does other things? Otherwise, I don't quite understand how it would effect the issue. But I'll try it and see.

It does seem like even if that resolves the issue, it is still unclear whether this is a Magisk bug or an AFWall bug.

[ildar]

Looks like races. If I'm right, that's Magisk bug; file it there and post the link here.

[TripodKnight]

I know I used to only pass safety net checks with magisk hide turned on, although lately I haven't been able to get the safety net check to work so I can't confirm.

[accnetdev]

Hi all,

I have exactly the same issue : sometimes AFWall+ is not granted root status and it fails to apply iptables rules.

It occurs randomly (perhaps at connection changes, but not sure of it) on all my phones, which are all rooted using Magisk (version 14.0 or 15.3) and have all Magisk Hide enabled. Whatever the Android version (Marshmallow or Nougat) and ROM used : Resurrection Remix or OxygenOS, I get the same problem.

I will test now your suggestion : disabling Magisk Hide (that I don't need) and I'll be back here to confirm or not, that it fixes the issue.

[accnetdev]

Unfortunately disabling Magisk Hide does not fix the issue on my devices. Is there another workaround to test ?

[ghost]

Same issue here on LinageOS 14.1. The only workaround for me is force closing the app in systemsettings and clear afwalls cache.

[MSe1969]

Having same issue with LineageOS and Lineage's Root solution, not using Magisk, since several weeks. So seems not related to Magisk

[wistein]

Have this issue on a LG G2 mini (D620r) with LineageOS 14.1 when applying the same ruleset I am using on a LG G4 (H815) with LineageOS 14.1 where is works as expected. The configuration of Afwall+ is identical on both phones. When I reduce the rule set to a subset of the rejecting rules it works stable on the G2 mini, too. But this is an unsatisfying compromise in safety and privacy.

So maybe, this effect has to do with some sort of memory shortage or lesser processor performance. It would be nice if this could be checked and corrected, if possible.

(No Magisk, just the LineageOS addonsu. No power management for Afwall+).

[selurvedu]

Same issue here on LinageOS 14.1. The only workaround for me is force closing the app in systemsettings and clear afwalls cache.

Thanks, this actually helped.