1

I've been looking for a firewall app for Android for a couple hours now and all I could find is apps that only let me block outgoing connections (for specific apps). Is there any way to set which incoming connections and on which ports should be allowed/denied (something like Inbound Rules in Windows Firewall)? I'm OK with with the app requiring root.

Irfan Latif
  • 20,353
  • 3
  • 70
  • 213
jackson
  • 11
  • 1
  • 2

2 Answers2

1

If you don't mind with the solution not being an app, then you can use iptables. They are included in the AOSP kernel. You can access them by downloading a terminal app off of the app store. You might however need root for this.

The usage of iptables on android should be same as the ones on desktop Linux, so you can look up some GNU manual for it.

John K
  • 479
  • 5
  • 23
1

It's simple to achieve with iptables; thanks to Linux kernel. Since Android uses default policy ACCEPT, drop any unwanted packets. For instance you want to allow port 22 and block all others:

~# iptables -N MYCHAIN
~# iptables -I INPUT -j MYCHAIN
~# iptables -A MYCHAIN -i lo -j RETURN
~# iptables -A MYCHAIN -p tcp ! --dport 22 -m conntrack ! --ctstate ESTABLISHED,RELATED -j DROP
~# iptables -I FORWARD -j DROP

This will also block incoming connections from tethered devices on hotspot network. You can exclude those, see this: Is There A Mobile Hotspot App With A Firewall to Block Incoming Connections?

Irfan Latif
  • 20,353
  • 3
  • 70
  • 213
  • 1
    Note that, on older Android Linux kernels, (for eg; mine is kernel 3.10.xx) the match state, -m conntract --ctstate should be -m state --state because conntrack wasn't implemented yet on older linux kernels. Conntrack is a bit advanced than state, as conntract uses more granular forms to match packets. – atheros Sep 17 '20 at 05:14