![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
介紹
OUTPUT -> afwall -> afwall-wifi, afwall-3g -> afwall-reject
afwall, afwall-wifi, afwall-3g
all those chains are guaranteed to be cleared before the custom script is executed
If you use any chain not listed above, then you need to manually purge it BEFORE adding your custom rules
$IPTABLES -F INPUT # otherwise the rules will be duplicated every time they are applied
IMPORTANT
Never manually purge the OUTPUT chain - this will cause AFWall+ rules to be ignored.
(Use the 'afwall' chain instead)
Set custom script
[1] use the $IPTABLES shell variable to call iptables
IPTABLES=/system/bin/iptables
[2] Big scripts can be quite hard to edit
Start
. /storage/<SD-Card>/fw/fw.sh
Stop
IPTABLES=/system/bin/iptables $IPTABLES -F INPUT
Rule
# Block port
$IPTABLES -I "INPUT" -p TCP --dport 59777 -j DROP
# Block App
-A afwall -m owner --uid-owner 10008 -j DROP
My Setting
fw.sh
IPTABLES=/system/bin/iptables # cleanup $IPTABLES -F INPUT # default $IPTABLES -P INPUT DROP # keep connection $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # allow ping $IPTABLES -A INPUT -p icmp --icmp-type 8 -j ACCEPT $IPTABLES -I afwall -p icmp --icmp-type 0 -j ACCEPT # open port $IPTABLES -A INPUT -m state --state NEW -p TCP --dport 2222 -j ACCEPT