system
August 5, 2013, 10:59am
1
Hi,
I am using Avast Mobile Security 2.0.4993 and have problems monitoring, what connections are blocked. Since I Work in whitelist mode there should be a whole bunch of blocked connections.
Allthough I activated logging, the Logviewer insists on not having any records.
Is it a Bug or am i doing sth wrong?
Cheers,
Tobi
system
August 6, 2013, 9:47am
2
Hi,
I still can’t figure out, how to log blocked traffic of the avast mobile firewall.
I suppose it is a bug.
My config:
Sony LT25i, Xperia V
Android 4.1.2 / 9.1.A.1.140
Anyone with the same problem?
Cheers,
Tobi
system
August 6, 2013, 10:59am
3
can you send me iptables --list output (from shell)
system
August 6, 2013, 6:36pm
4
thanks!
sh says:
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:484
Chain INPUT (policy ACCEPT)
target prot opt source destination
bw_INPUT all – anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
bw_FORWARD all – anywhere anywhere
natctrl_FORWARD all – anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
avastwall all – anywhere anywhere
bw_OUTPUT all – anywhere anywhere
Chain avastwall (1 references)
target prot opt source destination
RETURN udp – anywhere anywhere udp dpt:domain
avastwall-3g all – anywhere anywhere
[…]
Chain avastwall-3g (8 references)
target prot opt source destination
RETURN all – anywhere anywhere owner UID match u0_a47
[…]
RETURN all – anywhere anywhere owner UID match u0_a186
avastwall-reject all – anywhere anywhere
Chain avastwall-reject (2 references)
target prot opt source destination
REJECT all – anywhere anywhere reject-with icmp-port-unreachable
Chain avastwall-wifi (4 references)
target prot opt source destination
RETURN all – anywhere anywhere owner UID match dhcp
[…]
RETURN all – anywhere anywhere owner UID match u0_a190
avastwall-reject all – anywhere anywhere
Chain bw_FORWARD (1 references)
target prot opt source destination
Chain bw_INPUT (1 references)
target prot opt source destination
all – anywhere anywhere ! quota globalAlert: 2097152 bytes
RETURN all – anywhere anywhere
all – anywhere anywhere owner socket exists
Chain bw_OUTPUT (1 references)
target prot opt source destination
all – anywhere anywhere ! quota globalAlert: 2097152 bytes
RETURN all – anywhere anywhere
all – anywhere anywhere owner socket exists
Chain costly_shared (0 references)
target prot opt source destination
penalty_box all – anywhere anywhere
Chain natctrl_FORWARD (1 references)
target prot opt source destination
Chain penalty_box (1 references)
target prot opt source destination
system
August 7, 2013, 7:29am
5
can you try to type
iptables (or ip6tables) -A avastwall-reject -j LOG --log-prefix "[AVASTWALL] " --log-uid
and see if it works?
system
August 9, 2013, 8:10am
6
it says:
“No chain/target/match by that name”
system
August 12, 2013, 7:15am
7
No change even after reinstalling avast.
Tried it on a S4 as well, same results.
I think it’s a bug.
system
August 12, 2013, 9:24am
8
a) which command did you use for the dump (iptables or ip6tables) and which for the second command?
b) did you use the same command for both?
system
August 12, 2013, 9:29pm
9
a1) iptables --list (ip6table --list is slightly different)
a2) iptables -A avastwall-reject -j LOG --log-prefix "[AVASTWALL] " --log-uid
and ip6tables -A avastwall-reject -j LOG --log-prefix "[AVASTWALL] " --log-uid
Both a2) say: “No chain/target/match by that name”.
system
August 14, 2013, 8:23am
10
AFAIK a LOG or NFLOG rule would precede the REJECT rule, which it doesn’t.
Without log I can’t see blocked traffic, so I have to turn the firewall off for some actions.
This makes it pretty useless to me. I removed AVAST from my device an started using AFWall+ instead.
No problems with AFWall+ so far.
system
October 1, 2013, 9:05pm
11
Problem solved!
The LOG-target is not supported by the kernel.
@android #su -c ‘cat /proc/net/ip_tables_targets’
TRACE
SECMARK
NFQUEUE
NFQUEUE
NFQUEUE
NFLOG
CONNSECMARK
CLASSIFY
CONNMARK
MARK
REJECT
REDIRECT
NETMAP
MASQUERADE
DNAT
SNAT
ERROR
TPROXY
TPROXY
Using NFLOG instead works for me:
iptables -A -j NFLOG --nflog-prefix "[IPTables-Dropped:] "
Check out /android/4.3/external/iptables/extensions/libxt_NFLOG.c
Fix in avast would be nice. AFWall already supports this.
Cheers
system
January 5, 2014, 3:33pm
12
Curently setting the firewall, i can’t find the “log”; where is possible to enable it?
Avast Mobile Security & Antivirus 1.0.2129 on Android 4.1.2
thx