Top Related Projects
A simple way to block access to the internet per app
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
Quick Overview
AFWall+ (Android Firewall+) is an advanced iptables-based firewall for Android devices. It provides granular control over network access for installed applications, allowing users to block or allow internet connectivity on a per-app basis. AFWall+ is particularly useful for privacy-conscious users and those looking to reduce data usage.
Pros
- Fine-grained control over app network access
- Supports both Wi-Fi and mobile data filtering
- Open-source and actively maintained
- Customizable profiles for different network environments
Cons
- Requires root access, which may void device warranty
- Can be complex for novice users
- May cause issues with some apps that rely on background data
- Potential battery drain due to constant monitoring of network traffic
Getting Started
To use AFWall+:
- Ensure your Android device is rooted.
- Download AFWall+ from the Google Play Store or F-Droid.
- Launch the app and grant root permissions when prompted.
- Select the apps you want to allow or block internet access for.
- Apply the rules by tapping the checkmark icon.
Note: Be cautious when blocking system apps, as it may cause unexpected behavior. It's recommended to start with blocking only user-installed apps until you're familiar with the app's functionality.
Competitor Comparisons
A simple way to block access to the internet per app
Pros of NetGuard
- User-friendly interface with easier app management
- Supports both Wi-Fi and mobile data filtering
- Offers additional features like address blocking and app-specific data usage monitoring
Cons of NetGuard
- Requires VPN connection, which may conflict with other VPN apps
- Less granular control over individual app permissions compared to AFWall+
Code Comparison
NetGuard (Java):
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
getSupportFragmentManager().beginTransaction().replace(R.id.content_frame, new FragmentMain()).commit();
}
AFWall+ (Java):
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
Toolbar toolbar = findViewById(R.id.main_toolbar);
setSupportActionBar(toolbar);
}
Both projects use similar Android lifecycle methods, but NetGuard implements a fragment-based approach for its main activity, while AFWall+ uses a more traditional activity layout.
Summary
NetGuard offers a more user-friendly experience with additional features, but requires VPN usage. AFWall+ provides more granular control and doesn't require VPN, but has a steeper learning curve. Both projects are actively maintained and offer robust firewall solutions for Android devices.
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
Pros of OpenSnitch
- Cross-platform support (Linux, macOS, Windows)
- More granular control with per-process rules
- User-friendly GUI for rule management
Cons of OpenSnitch
- Requires more system resources
- Steeper learning curve for configuration
- Less focus on mobile platforms
Code Comparison
AFWall+ (Java):
private void applyRules(RuleDataSet rules) {
List<String> cmds = new ArrayList<String>();
for (RuleData rule : rules) {
cmds.add(rule.getCommand());
}
applyRules(cmds);
}
OpenSnitch (Go):
func (r *Rule) Match(con *conman.Connection) bool {
if r.Enabled && r.Operator != nil {
return r.Operator.Match(con)
}
return false
}
AFWall+ is primarily designed for Android, using Java and focusing on iptables rules. It offers a simpler interface and is more lightweight, making it suitable for mobile devices.
OpenSnitch, written in Go, provides a more comprehensive network monitoring solution with advanced features like per-process rules and a desktop GUI. It's better suited for desktop environments and offers more flexibility in rule creation and management.
While AFWall+ excels in simplicity and mobile optimization, OpenSnitch offers more advanced features and cross-platform support, making it a stronger choice for desktop users who need granular control over network traffic.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
AFWall+ (Android Firewall+)
Your Privacy, Your Control - AFWall+ gives you complete control over which apps can access the internet on your Android device.
ð Support AFWall+ Development
AFWall+ is developed and maintained by volunteers in their free time. If you find it useful, consider supporting the project:
ð° Making Donations
Why Donate? AFWall+ is completely free and open-source. Your donations help:
- ð§ Continue development - Fund new features and maintenance
- ð Bug fixes and testing - Keep the app stable and secure
- ð± Device compatibility - Support more Android versions and devices
- ð Community support - Help users and maintain documentation
Donation Options:
- PayPal:
- Google Play: Purchase the unlocker key for additional features
- Amazon Gift Cards:
cumakt+amazon@gmail.com - Bitcoin:
bc1q54nf3y9zmdcpasxx9sywkprd6309rfhav3mape - Ethereum:
0x5e65649C2B26eD816fCeD25a8E507C90D4b1D697
ð Other Ways to Help
- â Star this repository
- ð Report bugs and test new features
- ð Contribute translations on Crowdin
- ð Improve documentation
- ð¬ Help other users in forums
ð¥ What is AFWall+?
AFWall+ (Android Firewall+) is a powerful, open-source firewall application for rooted Android devices. Built on Linux's robust iptables framework, AFWall+ provides granular network control at the system level - something impossible with standard Android permissions.
ð¯ Core Purpose
- Block unwanted network access by apps, even when they have internet permission
- Prevent data leaks and unauthorized background connections
- Monitor network activity with comprehensive logging
- Save battery and data by controlling which apps can connect when
- Enhance privacy by blocking tracking and analytics
ð¡ï¸ How It Works
AFWall+ operates at the Linux kernel level using iptables rules to:
- Intercept all network requests before they leave your device
- Apply custom firewall rules based on your preferences
- Allow or block connections per app, per network type (WiFi, mobile, VPN)
- Log blocked attempts for monitoring and analysis
This approach is far more powerful than app-level solutions because it works regardless of how apps try to connect to the internet.
ð¥ Download
ð Release Notes: Check the changelog for what's new in each version.
ð Key Features
ð Granular Control
- Per-app network rules - Allow/block individual apps
- Network type filtering - Different rules for WiFi, mobile data, VPN, tethering
- IPv4 & IPv6 support - Complete protocol coverage
- Custom rule scripting - Advanced users can write custom iptables rules
ðï¸ User Experience
- Clean, intuitive interface - Easy to understand app list with clear allow/block controls
- Quick search & filtering - Find apps instantly, sort by name, install date, or permissions
- Bulk operations - Enable/disable rules for multiple apps at once
- Profile management - Switch between different rule sets (home, work, travel)
ð Monitoring & Logging
- Real-time network monitoring - See which apps are trying to connect
- Detailed connection logs - Track blocked attempts with timestamps and destinations
- Notification system - Get alerts for blocked connection attempts
- Export/import rules - Backup your configuration or share with others
ð§ Advanced Features
- Boot protection - Apply rules before apps start (prevents data leaks during startup)
- Startup delay management - Robust boot rule application with network change handling
- Multi-user support - Different profiles for different Android users
- Tasker/Locale integration - Automate firewall based on conditions
- Password protection - Secure your firewall settings
- Tor and VPN detection - Special handling for privacy networks
ð Network Types Supported
- ð¶ Mobile Data (3G/4G/5G) - including roaming detection
- ð¡ WiFi - home, work, public hotspots
- ð VPN - all VPN types and providers
- ð Tethering - WiFi hotspot, USB, Bluetooth
- ð§ Tor - onion routing support
- ð LAN - local network access
ð System Requirements
â Compatibility
- Android versions: 5.0 (API 21) to 14+ (actively maintained)
- Legacy support: Android 4.x (version 2.9.9), Android 2.x (version 1.3.4.1)
- Root access: Required (Magisk, SuperSU, LineageOS su)
- Architectures: ARM, ARM64, x86, x86_64
- Storage: ~15MB app + ~5MB for binaries
ð§ Root Methods Supported
- â Magisk (recommended)
- â LineageOS built-in su
- â SuperSU (legacy)
- â KingRoot (not recommended)
ð« Limitations
- Requires root access - No root = no functionality
- Not an antivirus - Doesn't scan files for malware
- Not an ad-blocker - Blocks network access, not ads within allowed connections
- VPN conflicts - Some VPN apps may interfere with firewall rules
- System-level apps - Some system processes may bypass rules if they have root access
ð Quick Start Guide
1. Pre-Installation
# Verify root access
su -c "id"
# Should return: uid=0(root) gid=0(root)
2. Installation
- Install AFWall+ from your preferred source
- Grant root permission when prompted
- Enable firewall in main screen
3. Basic Configuration
- Enable the firewall - Toggle the main switch
- Configure apps - Tap apps to allow WiFi (green) or mobile data (orange)
- Apply rules - Tap the apply button (firewall icon)
- Test connectivity - Verify apps work as expected
4. Essential Settings
- Boot startup delay: Prevents rule conflicts during boot
- Notification settings: Control alert behavior
- Log settings: Enable if you want connection monitoring
ð§ Advanced Configuration
ð Custom Rules
AFWall+ supports custom iptables rules for advanced users:
# Example: Allow specific IP range
-A afwall-wifi -d 192.168.1.0/24 -j ACCEPT
# Example: Block specific port
-A afwall -p tcp --dport 443 -j REJECT
ð Profiles
Create different rule sets for different scenarios:
- Home: Relaxed rules for trusted network
- Work: Restrictive rules for corporate network
- Public: Maximum security for public WiFi
- Travel: Balanced rules for mobile use
ð Logging Configuration
- Packet logging: Uses nflog for detailed connection tracking
- Log rotation: Automatic cleanup of old logs
- Export options: Save logs for external analysis
ð Language Support
AFWall+ is available in 40+ languages thanks to our community translators:
ðºð¸ English ⢠ðªð¸ Español ⢠ð«ð· Français ⢠ð©ðª Deutsch ⢠ð®ð¹ Italiano ⢠ð·ðº Ð ÑÑÑкий ⢠ð¨ð³ ä¸æ ⢠ð¯ðµ æ¥æ¬èª ⢠ð°ð· íêµì´ ⢠ðµð¹ Português ⢠ð³ð± Nederlands ⢠ðµð± Polski ⢠ð¹ð· Türkçe ⢠ð¸ð¦ اÙعربÙØ© ⢠ð®ð³ हिà¤à¤¦à¥ ⢠And many more!
Want to help translate? Join our Crowdin translation project.
ð ï¸ Development
ðï¸ Building from Source
Prerequisites
- Android SDK (API level 21+)
- Java 17+
- Git
- Android NDK (for native binaries)
Quick Build
git clone https://github.com/ukanth/afwall.git
cd afwall
./gradlew clean assembleDebug
Native Binaries
To compile iptables, busybox, and other native components:
# Requires Android NDK
export NDK=/opt/android-ndk-r25
make -C external NDK=$NDK
ð Project Structure
afwall/
âââ app/src/main/java/dev/ukanth/ufirewall/
â âââ Api.java # Core iptables interface
â âââ MainActivity.java # Main UI
â âââ InterfaceTracker.java # Network state monitoring
â âââ util/BootRuleManager.java # Boot rule application
â âââ service/ # Background services
â âââ broadcast/ # System event receivers
â âââ log/ # Logging subsystem
âââ app/src/main/res/raw/ # Native binaries (iptables, busybox)
âââ external/ # Native binary sources
âââ scripts/ # Build scripts
𧪠Testing
# Run lint checks
./gradlew lint
# Run unit tests
./gradlew test
# Install debug build
./gradlew installDebug
ð¤ Contributing
We welcome contributions! Here's how you can help:
ð Bug Reports
- Check existing issues first
- Follow our bug report guide
- Include device info, Android version, and logs
ð¡ Feature Requests
- Open an issue with the "enhancement" label
- Describe the use case and expected behavior
- Consider if it fits AFWall+'s scope and philosophy
ð¨âð» Code Contributions
# Standard GitHub workflow
1. Fork the repository
2. Create a feature branch: git checkout -b feature-name
3. Make your changes and test thoroughly
4. Submit a pull request with clear description
ð Translations
- Join our Crowdin project
- No technical knowledge required
- Help make AFWall+ accessible worldwide
ð Community & Support
ð¬ Discussion Forums
- XDA Thread: Official community discussion
- GitHub Issues: Technical problems and feature requests
- Wiki: Comprehensive documentation
â Frequently Asked Questions
Before reporting issues, check our FAQ for common solutions.
ð Getting Help
- Check the FAQ and wiki
- Search existing GitHub issues
- Ask on XDA forums
- Create a new GitHub issue (last resort)
ð Technical Details
ð§ Architecture
AFWall+ uses a layered architecture:
- UI Layer: Android activities and fragments for user interaction
- Service Layer: Background services for rule application and monitoring
- Core Layer: iptables rule generation and management
- System Layer: Native binaries and root shell interface
ðï¸ Key Components
- BootRuleManager: Robust boot-time rule application with race condition prevention
- InterfaceTracker: Network interface monitoring and change detection
- Api.java: Central iptables command generation and execution
- FirewallService: Background service for continuous monitoring
- LogService: Network packet logging and analysis
ð± Android Integration
- Broadcast Receivers: Monitor system events (boot, network changes, app installs)
- Content Providers: Share configuration data securely
- Notification System: User alerts for blocked connections
- Quick Settings Tile: Fast firewall toggle (Android 7+)
ð Acknowledgements
AFWall+ builds upon the work of many open-source projects and contributors:
ð Origins
- Original concept: Derived from DroidWall by Rodrigo Rosauro
- Current maintainer: Umakanthan Chandran
ð Libraries & Dependencies
| Component | License | Purpose |
|---|---|---|
| iptables | GPL v2 | Linux firewall framework |
| BusyBox | GPL v2 | Unix utilities |
| libsuperuser | Apache 2.0 | Root access management |
| libsu | Apache 2.0 | Modern root interface |
| Material Dialogs | MIT | UI components |
| DBFlow | MIT | Database ORM |
| PrettyTime | Apache 2.0 | Human-readable timestamps |
ð¥ Contributors
Thanks to all contributors who have helped improve AFWall+ over the years!
ð License
AFWall+ is released under the GNU General Public License v3.0.
Copyright (C) 2009-2011 Rodrigo Zechin Rosauro
Copyright (C) 2011-2024 Umakanthan Chandran
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
Full license text: LICENSE file or gnu.org/licenses/gpl-3.0
Made with â¤ï¸ for Android privacy and security
AFWall+ - Your Network, Your Rules
Top Related Projects
A simple way to block access to the internet per app
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot