AFWall+ (Android Firewall+)

License F-Droid Downloads Repo Size

Your Privacy, Your Control - AFWall+ gives you complete control over which apps can access the internet on your Android device.

Support AFWall+ Development

AFWall+ is developed and maintained by volunteers. If you find it useful, please consider supporting the project:

How to Donate

Why donate? AFWall+ is free and open-source. Your support helps:

Continue development and add new features
Fix bugs and keep the app stable
Support more Android versions and devices
Maintain documentation and help the community

Donation options:

PayPal:
Google Play: Purchase the unlocker key for extra features
Amazon Gift Cards: cumakt+amazon at gmail.com (not preferred)
Bitcoin: bc1q54nf3y9zmdcpasxx9sywkprd6309rfhav3mape
Ethereum: 0x5e65649C2B26eD816fCeD25a8E507C90D4b1D697

After donating, please send your receipt to contact@portgenix.com to receive an unlocker. Please allow 1-2 days for a response.

Other Ways to Help

Star this repository
Report bugs and test new features
Contribute translations on Crowdin
Improve documentation
Help other users in forums

What is AFWall+?

AFWall+ (Android Firewall+) is a powerful, open-source firewall application for rooted Android devices. Built on Linux's robust iptables framework, AFWall+ provides granular network control at the system level - something impossible with standard Android permissions.

Core Purpose

Block unwanted network access by apps, even if they have internet permission
Prevent data leaks and unauthorized background connections
Monitor network activity with comprehensive logging
Save battery and data by controlling which apps can connect
Enhance privacy by blocking tracking and analytics

How It Works

AFWall+ operates at the Linux kernel level using iptables rules to:

Intercept all network requests before they leave your device
Apply custom firewall rules based on your preferences
Allow or block connections per app, per network type (WiFi, mobile, VPN)
Log blocked attempts for monitoring and analysis

This approach is much more powerful than app-level solutions because it works regardless of how apps try to connect to the internet.

Download

Release Notes: Check the changelog for what's new in each version.

Key Features

Granular Control

Per-app network rules: Allow or block individual apps
Network type filtering: Different rules for WiFi, mobile data, VPN, tethering
IPv4 & IPv6 support
Custom rule scripting for advanced users

User Experience

Clean, intuitive interface
Quick search and filtering
Bulk operations for multiple apps
Profile management for different rule sets

Monitoring & Logging

Real-time network monitoring
Detailed connection logs
Notification system for blocked attempts
Export/import rules for backup or sharing

Advanced Features

Boot protection: Apply rules before apps start
Startup delay management
Multi-user support
Tasker/Locale integration for automation
Password protection
Tor and VPN detection

Network Types Supported

Mobile Data (3G/4G/5G), including roaming detection
WiFi (home, work, public hotspots)
VPN (all types and providers)
Tethering (WiFi hotspot, USB, Bluetooth)
Tor (onion routing support)
LAN (local network access)

System Requirements

Compatibility

Android versions: 5.0 (API 21) to 14+ (actively maintained)
- Legacy support: Android 4.x (version 2.9.9), Android 2.x (version 1.3.4.1)
Root access: Required (Magisk, SuperSU, LineageOS su)
Architectures: ARM, ARM64, x86, x86_64
Storage: ~15MB app + ~5MB for binaries

Root Methods Supported

Magisk (recommended)
LineageOS built-in su
SuperSU (legacy)
KingRoot (not recommended)

Limitations

Requires root access (no root = no functionality)
Not an antivirus (doesn't scan files for malware)
Not an ad-blocker (blocks network access, not ads within allowed connections)
VPN conflicts: Some VPN apps may interfere with firewall rules
System-level apps: Some system processes may bypass rules if they have root access

Quick Start Guide

1. Pre-Installation

# Verify root access
su -c "id"
# Should return: uid=0(root) gid=0(root)

2. Installation

Install AFWall+ from your preferred source
Grant root permission when prompted
Enable the firewall on the main screen

3. Basic Configuration

Enable the firewall (toggle the main switch)
Configure apps (tap apps to allow WiFi or mobile data)
Apply rules (tap the apply button)
Test connectivity (verify apps work as expected)

4. Essential Settings

Boot startup delay: Prevents rule conflicts during boot
Notification settings: Control alert behavior
Log settings: Enable if you want connection monitoring

Advanced Configuration

Custom Rules

AFWall+ supports custom iptables rules for advanced users:

# Example: Allow specific IP range
-A afwall-wifi -d 192.168.1.0/24 -j ACCEPT

# Example: Block specific port
-A afwall -p tcp --dport 443 -j REJECT

Profiles

Create different rule sets for different scenarios:

Home: Relaxed rules for trusted network
Work: Restrictive rules for corporate network
Public: Maximum security for public WiFi
Travel: Balanced rules for mobile use

Logging Configuration

Packet logging: Uses nflog for detailed connection tracking
Log rotation: Automatic cleanup of old logs
Export options: Save logs for external analysis

🌍 Language Support

AFWall+ is available in 40+ languages thanks to our community translators:

🇺🇸 English • 🇪🇸 Español • 🇫🇷 Français • 🇩🇪 Deutsch • 🇮🇹 Italiano • 🇷🇺 Русский • 🇨🇳 中文 • 🇯🇵 日本語 • 🇰🇷 한국어 • 🇵🇹 Português • 🇳🇱 Nederlands • 🇵🇱 Polski • 🇹🇷 Türkçe • 🇸🇦 العربية • 🇮🇳 हिंदी • And many more!

Want to help translate? Join our Crowdin translation project.

Development

Building from Source

Prerequisites

Android SDK (API level 21+)
Java 17+
Git
Android NDK (for native binaries)

Quick Build

git clone https://github.com/ukanth/afwall.git
cd afwall
./gradlew clean assembleDebug

Native Binaries

To compile iptables, busybox, and other native components:

# Requires Android NDK
export NDK=/opt/android-ndk-r25
make -C external NDK=$NDK

Project Structure

afwall/
├── app/src/main/java/dev/ukanth/ufirewall/
│   ├── Api.java                    # Core iptables interface
│   ├── MainActivity.java           # Main UI
│   ├── InterfaceTracker.java       # Network state monitoring
│   ├── util/BootRuleManager.java   # Boot rule application
│   ├── service/                    # Background services
│   ├── broadcast/                  # System event receivers
│   └── log/                        # Logging subsystem
├── app/src/main/res/raw/           # Native binaries (iptables, busybox)
├── external/                       # Native binary sources
└── scripts/                        # Build scripts

Testing

# Run lint checks
./gradlew lint

# Run unit tests
./gradlew test

# Install debug build
./gradlew installDebug

Contributing

We welcome contributions! Here's how you can help:

Bug Reports

Check existing issues first
Follow our bug report guide
Include device info, Android version, and logs

Feature Requests

Open an issue with the "enhancement" label
Describe the use case and expected behavior
Consider if it fits AFWall+'s scope and philosophy

Code Contributions

# Standard GitHub workflow
1. Fork the repository
2. Create a feature branch: git checkout -b feature-name
3. Make your changes and test thoroughly
4. Submit a pull request with a clear description

Translations

Join our Crowdin project
No technical knowledge required
Help make

Afwall

Install / Use

README