-
-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firewall: Root mode #66
Comments
I think the battery consumption won't deviate too much (after all, the VPN is also implemented with iptables, ip route and such). But for sure it's going to be a bit less with bare iptables. |
Will the iptable usage enable device wide "vpn" back again? Since android VPN is a per-user profile thing. |
Yes, with root, RethinkDNS would likely hook netlink commands and wouldn't be beholden to trapping packets from the VPN tunnel. Also, we do plan to integrate Wiregaurd with the app itself, so even in non root mode, users would be optionally able to forward connections from the firewall out to a wireguard endpoint of their choice. #52 |
@ignoramous any progress in the root mode firewall ? Afwall+ is kind of dead. |
I wouldn't say AfWall+ is dead, but rather there's nothing more to add nor remove (: Re: RethinkDNS and root mode: We haven't started on it yet. It isn't hard to do what AfWall+ does, but it is fundamentally at odds with the kind of (app-oriented) firewall we have built. An interface exposing AfWall+ like rules (IPTables) and RethinkDNS like rules (app-specific) is likely to confuse not just the users, but us as well. We keep looking for that finer balance (there are ideas for it in the OpenSnitch code-base), but it isn't trivial to do so, unfortunately. I am open to someone else coding down this path and willing to spend time with them on this on impl/design, as right now, and for some more months to come, our team is stretched super thin amidst rolling out a newer network-engine for the firewall, redesigning the UI of the app, and creating a paid version (similar to NextDNS or ControlD). Note though, the app will remain free and open source. |
When the device has root access, it is probably efficient on the battery to switch to IP Tables than rely on the VPN APIs which among other things prevent other VPN apps from running on the device.
Ref: github/ukanth/dev/ukanth/ufirewall/Api.java
The text was updated successfully, but these errors were encountered: