What steps will reproduce the problem? 1. Set mode to blacklist 2. Select apps to block, enable firewall &apply rules 3. Run blocked apps

What is the expected output? What do you see instead? Block not taking effect; ads still showing in them

What version of the product are you using? On what operating system? 1.5.7 on Ice Cream Sandwich

Please provide any additional information below. droidwall chain must be INSERTED to beginning of OUTPUT chain to work, not ADDed to the end.

I can confirm I've issues with ads coming through on new installed (blocked) apps. Also blocking the standard browser does not work, it still reaches the internet without issues.

I don't think this was the case on 3.0, now I've 4.0.3 (rooted official image) I've not investigated on the rules yet but I think there might be an issue.

Interesting... I use ICS 4.0.3 on my Nexus S and it works perfectly. I will investigate

I have also avast mobile beta which has firewall, though this is not related to droidwall. Droidwall and avast both dont seem to work after applying rules. Is this somehow related?

Comment deleted

The problem seem to be related to "Set mobile data limit" setting. Enabling this option will allow internet access to all applications regardless of the Droid Wall settings. Disabling it will restore Droid Wall functionality. The issue is not related to Droid Wall, the same thing happens with Avast.

I would like to see Droidwall able to work with ICS mobile data limit. I would attempt this myself but I never properly learned Java programming, but I do know iptables rules (no pun intended).

attached is a few dumps of iptables on my Galaxy Nexus. I restricted background data on two apps, hence contents in penalty box.

"neat" is with both droidwall and mobile data limit ("limit") disabled. "limit" is with only limit on. "droidwall" is with only droidwall on. "droidwalllimit" is with both on.

The problem is with chain "costly_rmnet0" and how ICS handles it. In the main OUTPUT chain, rule to go there is second in position; that to droidwall is last. the "costly" rule has "goto" set, and with an ACCEPT rule at its end, means iptables stops parsing rules before reaching the droidwall chain. The simple way around is to insert droidwall's rule in position 1. This makes sense, as droidwall users will expect rules there to take precedence, having set them up themselves.

Another interesting note is that ICS always insert the mobile data limit rules into position 2 of INPUT and OUTPUT chains. Usually the first rule is related to data usage warning. Looks like Google left a gap for us to put our own rules first.

I had the same problem on my Nexus S with ICS but i have fixed it by this way : http://blog.skyplabs.net/index.php/2011/12/29/probleme-dutilisation-de-droidwall-depuis-la-version-4-dandroid/

This article is in french (beaucause it's my native language) but i think it's not too hard to understand with the screenshots and the code.

Work for me :) galaxy nexus 4.0.2

add two command to custom script

$IPTABLES -D OUTPUT -j droidwall $IPTABLES -I OUTPUT 2 -j droidwall

thanks guys...

add two command to custom script works on Galaxy S2-ZSLPE

$IPTABLES -D OUTPUT -j droidwall $IPTABLES -I OUTPUT 2 -j droidwall

DroidWall does not work for me at all with ICS (Android 4.0.3, SGS2).

Specifically, I block mobile data for the Play Store in DroidWall with and without the above custom script (and also LBE Privacy Guard, but this shouldn't interfere as it does not appear to use iptables). Whether or not I also restrict mobile data via the system settings, the Play Store still loads its store frontend via mobile data.

Any ideas?

I am running ICS (ICSSGS ROM, Android 4.0.3, SGS GT-I9000)

The two lines of custom script worked fine for me. Sorry, to pull out the basic troubleshooting questions, but:

1) did you double check to see if you made spelling errors in the custom script? 2) is your droidwall enabled? 3) did you accidently tick the 'any' option under 3g in droidwall? 4) Is your droidwall set to whitelist or blacklist mode? Droidwall starts in whitelist mode (allow selected) by default, so ticking the store would grant it mobile access. This is displayed at the top of the screen beneath your droidwall version number.

On a side note, 'restrict mobile data' only disables background data for an app, so the store will still load normally when you open it, since that is foreground data usage.

Thanks for the quick reply. For the record, I'm using the Lite'ning ROM 2.6 (w/4.0.3) on a GT-i9100.

1) Yes, of course. 2) Yes, of course. 3) No. 4) Black-list, with 3G ticket selectively for apps (and system components) I want to block from using mobile data.

I've meanwhile read that LBE Privacy Guard has recently switched its implementation to using iptables as well. However, iptables -L listed only DroidWall rules, so I figure there shouldn't be a conflict. I'll try disabling LBE temporarily and see whether this makes DroidWall's rules take effect.

Addendum: I've frozen LBE Privacy Guard, taking it out of the picture. Background data restriction is disabled in the system settings. DroidWall is configured as before (black-list mode, disable 3G for the Play Store and various other apps and components). The Play Store still manages to load its frontend (previously unloaded pages to avoid being fooled by caching).

Sorry, drawing a blank here.

If you do find a solution though, please post it here. It would be interesting to see what it was in the end.

IPTABLES -D OUTPUT -j droidwall IPTABLES -I OUTPUT 2 -j droidwall

these 2 lines solved my problem in ICS4.0.4 with Google Nexus. so it is the priority of droidwall's rule faults, would you update the apps to resolve the issue, people don't like anything relate to "script"

Didn't work on 4.0.3 by adding these lines in custom script: $IPTABLES -D OUTPUT -j droidwall $IPTABLES -I OUTPUT 2 -j droidwall Does anyone has solution? Thanks.

The two lines work! BUT you have to apply the rules at every boot of the phone. We need a new version 100% compatible with ICS.

If ticked limitation of mobile data in the data set used is not blocked even if the registered creaking, I turned off and everything was working

The two lines work！

Before adding the two lines, DroidWall only works for Wifi rather than Data.

I noticed that by changing the app permissions & giving it full permission,the rules are applied after re-booting;using xplore goto /root/mnt/asec/ and check for the apk file if installed on SD card or /root/system/app/com.googlecode.droidwall.free.apk if installed as a system app

The two lines work. Only down side is when you reboot you have to manually re-apply droidwall rules. Tried giving /data/app/com.googlecode.droiwall.free.apk full right's but it didn't work, still have to re-apply rules.

So let me see if I understood correctly. Those 2 lines, I paste them into the custom script option?

Correct.

Thanks, I just noticed the same behaviour on CM9.

The two works for me too

Thanks guys, you just make my day

Under ICS the two lines work fine! But with Jelly Bean the two lines don't work!!!!

On a RAZR XT910 ICS 4.0.4 The two lines didn't work :(

I tried this two options:

1. Create the .log file with the two lines

$IPTABLES -D OUTPUT -j droidwall $IPTABLES -I OUTPUT 2 -j droidwall

on this route: /mnt/sdcard/pmw/logs/dw3.log

And add the route into the Custom Script Option on Droidwall like this: . /mnt/sdcard/pmw/logs/dw3.log

2. Just copy/paste the two lines into the Custom Script Option on Droidwall.

No ones works. Any idea?

Comment deleted

Comment deleted

Samsung GALAXY Note 4.0.4 ICS with stock rom + speedmod kernel + rooted By adding those two lines, it work after apply the new rules.

using DroidWall version 1.5.7 Both Wifi and 3G Data work

I just need to re-apply the firewall rules after each reboot.

Thank you!

I added the two lines and it doesn't work. I'm using 4.0.4. Many people report that it works but I see the same behavior as before the lines where added. For the moment I'll have to disable data monitoring. It'll be great if droidwall could report data consumption so we don't have to rely on android. I don't know what's easier, make droidwall report data consumption or make it compatible with android's "firewall"

On a RAZR XT910 ICS 4.0.4 with following one line DroidWall works (i.e. block internet via 3G): iptables -A droidwall -j droidwall-3g -o qmi+ It is important that all letters (exept "-A") will be low case.

for me the two lines do not work (2G/3G is not blocked, wifi works): SGS2, CM9 but after disableling mobile data limitation, it works for 2G/3G as well!

next I will try it wihout the "two lines", but just without mobile data limit... Andreas

YES, I GOT THE PROBLEM NOW! - droidwall is working well as long as data limitation is off. - if droidwall is on, the two lines above (moving droidwall to position 2) solves the problem! - but when mobile data is disconnected, the limiting firewall OUTPUT rule (costly_rmnet0) is removed... and when reconnecting (e.g. after WLAN is disabled) the costly_rmnet0 rule is reinserted to position 2, and droidwall is moved to position 3, and thus fails to filter 2G/3G data! - reapplying the two lines above would help again, but this is not save enough!

WORKAROUNDS: 1) switching off data limitation and inserting a script rule doing the same feature (copy the existing rule) 2) moving the today rule at position nr. 1 of the OUTPUT chain to the top of the droidwall chain and inserting the droidwall rule instead... then the data limit rule can be inserted/removed at position 2 and both should work

next, I will test 2), I let you know about the result :-) Andreas

@ Andreas / everyone I don’t understand the steps of n° 1. Can you tell me step-by-step what I’ve to do?

Since Jelly Bean (4.1.2 in my case), the $IPTABLES shell variable provides by Droidwall doesn't seem to be valid. Consequently, I've updated my script :

http://blog.skyplabs.net/index.php/2011/12/29/probleme-dutilisation-de-droidwall-depuis-la-version-4-dandroid/

It works perfectly for me, again.

iptables -A droidwall -j droidwall-3g -o qmi+

RAZT XT910 ICS 4.0.4 Solved my problem. Thanks aak.rus@gmail.com

There is a properly maintained fork of Droidwall, which supports ICS+: https://play.google.com/store/apps/details?id=com.jtschohl.androidfirewall&hl=en https://github.com/skullone/android_firewall

@ #39,

I've installed "android firewall" by jtschohl, but this has the same problem.

OK, added

$IPTABLES -D OUTPUT -j droidwall $IPTABLES -I OUTPUT 2 -j droidwall

to the custom script on "android firewall", now it works, WHILE data limit is active