1

On my Android-based device I need to block access to all websites except ones are in a whitelist. I know that on desktop Windows I can list allowed hosts in the hosts file and then switch the DNS in the network adapter from automatically obtained to 127.0.0.1. And now I can access only websites from the hosts file.

I've tried the same thing by adding allowed hosts in the system/etc/hosts file on Android and then I've added the line

new_domain_name_servers="127.0.0.1 $new_domain_name_servers"

to the beggining of the file /etc/dhcpcd/dhcpcd-hooks/20-dns.conf as described by the link.

And then I've restarted my device.

But I still can access all websites, so the solution doesn't work. And even if I just add a website to be resolved as 127.0.0.1 in the hosts file and clear browser cache, the website is still opened.

PS: I'm interested only in a solution which could be done on rooted device only (Android 4.0.4)

Irfan Latif
  • 20,353
  • 3
  • 70
  • 213
stckvrw
  • 121
  • 3

1 Answers1

2

Add allowed hosts to /etc/hosts and define these firewall rules to block any outgoing DNS queries on standard UDP port 53:

~# iptables -I OUTPUT -p udp --dport 53 -j REJECT

* May also use less rude DROP target in place of REJECT

To be on safe side also block TCP port:

~# iptables -I OUTPUT -p tcp --dport 53 -j REJECT

iptables is part of stock Android releases. You need to add these rules on every boot. Use init.d script or define init service: How to run an executable on boot?

Irfan Latif
  • 20,353
  • 3
  • 70
  • 213
  • Do you mean if I turn my device off and then turn on back, the blocking rules would not work? – stckvrw Jan 17 '20 at 17:26
  • @stckvrw iptables rules are not saved anywhere. You need to apply the rule(s) on every boot. Then blocking will definitely work. – Irfan Latif Jan 17 '20 at 19:26
  • Is there a way how to block all hosts except those are in the hosts permanently? For example by changing some file(s) on rooted device? – stckvrw Feb 01 '20 at 15:47
  • @stckvrw Is there a way how to block all hosts except those are in the hosts permanently? That's what the original question is and that's what I answered. For example by changing some file(s) on rooted device? See the link in answer. That explains how to create a file in /etc/init to execute some commands on every boot. – Irfan Latif Feb 01 '20 at 19:55
  • Sorry, maybe I understood you incorrectly. Do you mean if I add your rules to a file in /etc/init and then reboot my device, the file automatically will run the rules again without any manual actions? – stckvrw Feb 07 '20 at 15:27