Firewall Log empty / blocked traffic not logged

Hi,
I am using Avast Mobile Security 2.0.4993 and have problems monitoring, what connections are blocked. Since I Work in whitelist mode there should be a whole bunch of blocked connections.

Allthough I activated logging, the Logviewer insists on not having any records.

Is it a Bug or am i doing sth wrong?

Cheers,
Tobi

Hi,
I still can’t figure out, how to log blocked traffic of the avast mobile firewall.
I suppose it is a bug.

My config:
Sony LT25i, Xperia V
Android 4.1.2 / 9.1.A.1.140

Anyone with the same problem?

Cheers,
Tobi

can you send me iptables --list output (from shell)

thanks!

sh says:
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:484

Chain INPUT (policy ACCEPT)
target prot opt source destination
bw_INPUT all – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
bw_FORWARD all – anywhere anywhere
natctrl_FORWARD all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
avastwall all – anywhere anywhere
bw_OUTPUT all – anywhere anywhere

Chain avastwall (1 references)
target prot opt source destination
RETURN udp – anywhere anywhere udp dpt:domain
avastwall-3g all – anywhere anywhere
[…]

Chain avastwall-3g (8 references)
target prot opt source destination
RETURN all – anywhere anywhere owner UID match u0_a47
[…]
RETURN all – anywhere anywhere owner UID match u0_a186
avastwall-reject all – anywhere anywhere

Chain avastwall-reject (2 references)
target prot opt source destination
REJECT all – anywhere anywhere reject-with icmp-port-unreachable

Chain avastwall-wifi (4 references)
target prot opt source destination
RETURN all – anywhere anywhere owner UID match dhcp
[…]
RETURN all – anywhere anywhere owner UID match u0_a190
avastwall-reject all – anywhere anywhere

Chain bw_FORWARD (1 references)
target prot opt source destination

Chain bw_INPUT (1 references)
target prot opt source destination
all – anywhere anywhere ! quota globalAlert: 2097152 bytes
RETURN all – anywhere anywhere
all – anywhere anywhere owner socket exists

Chain bw_OUTPUT (1 references)
target prot opt source destination
all – anywhere anywhere ! quota globalAlert: 2097152 bytes
RETURN all – anywhere anywhere
all – anywhere anywhere owner socket exists

Chain costly_shared (0 references)
target prot opt source destination
penalty_box all – anywhere anywhere

Chain natctrl_FORWARD (1 references)
target prot opt source destination

Chain penalty_box (1 references)
target prot opt source destination

can you try to type

iptables (or ip6tables) -A avastwall-reject -j LOG --log-prefix "[AVASTWALL] " --log-uid

and see if it works?

it says:
“No chain/target/match by that name”

No change even after reinstalling avast.
Tried it on a S4 as well, same results.
I think it’s a bug.

a) which command did you use for the dump (iptables or ip6tables) and which for the second command?
b) did you use the same command for both?

a1) iptables --list (ip6table --list is slightly different)
a2) iptables -A avastwall-reject -j LOG --log-prefix "[AVASTWALL] " --log-uid
and ip6tables -A avastwall-reject -j LOG --log-prefix "[AVASTWALL] " --log-uid

Both a2) say: “No chain/target/match by that name”.

AFAIK a LOG or NFLOG rule would precede the REJECT rule, which it doesn’t.

Without log I can’t see blocked traffic, so I have to turn the firewall off for some actions.
This makes it pretty useless to me. I removed AVAST from my device an started using AFWall+ instead.

No problems with AFWall+ so far.

Problem solved!
The LOG-target is not supported by the kernel.

@android:confused: #su -c ‘cat /proc/net/ip_tables_targets’
TRACE
SECMARK
NFQUEUE
NFQUEUE
NFQUEUE
NFLOG
CONNSECMARK
CLASSIFY
CONNMARK
MARK
REJECT
REDIRECT
NETMAP
MASQUERADE
DNAT
SNAT
ERROR
TPROXY
TPROXY

Using NFLOG instead works for me:
iptables -A -j NFLOG --nflog-prefix "[IPTables-Dropped:] "

Check out /android/4.3/external/iptables/extensions/libxt_NFLOG.c

Fix in avast would be nice. AFWall already supports this.
Cheers

Curently setting the firewall, i can’t find the “log”; where is possible to enable it?

Avast Mobile Security & Antivirus 1.0.2129 on Android 4.1.2

thx