2020-12-07 11:58

dnsmasq problem

I'm running dnsmasq for ad-blocking purposes on my phone as user -11. Now I'm running into the issue that the firewall blocks dnsmasq traffic, but the tethering option for dns & root apps is ticked.

I copied the content of rules.log into this gist: https://gist.github.com/icaruseffect/1a018c27a2b4d67826eb

The firewall log gives me the following output:

AppID : -11 Application's Name: Total Packets Blocked: 5 [UDP] [UDP]

Any help would be appreciated


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • weixin_39895862 weixin_39895862 5月前

    looks like DNS requests are getting blocked. Try allowing kernel (-11)

    点赞 评论 复制链接分享
  • weixin_39869432 weixin_39869432 5月前

    Hi, sorry, I had been on vacation and afterwards work was stacking up.. I checked kernel (-11) for all interfaces. The option was anyway already checked and I made a reset of my whole afwall setup and started back from zero. Still no change then.. Must I apply a custom firewall rule in this case?

    点赞 评论 复制链接分享
  • weixin_39869432 weixin_39869432 5月前

    So I tried to fix it via the CustomScript section by applying this general rule:

    $IPTABLES -A "afwall" -p udp --dport 53 -j -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN || exit

    But the result is still, that apps like F-Droid cannot access the web (they're unblocked in the firewall) I don't have a clue what I could try to solve this. Regards

    点赞 评论 复制链接分享
  • weixin_39869432 weixin_39869432 5月前

    I have solved it by unblocking only for user nobody with follwing https://github.com/ukanth/afwall/issues/4 :

    $IPTABLES -A afwall -m owner --uid-owner nobody -j RETURN || exit

    Adding the (destination)port didn't solve the problem, using the stricter rules recommended by neither. So it's working now, bug is (partly) solved. For anyone who wants to evaluate this: the Rom is ArchiDroid with the latest experimental build (dnsmasq does not change often). Regards

    点赞 评论 复制链接分享