Skip to content

Rule activation in earlier boot stage #80

@kendon

Description

@kendon

The firewall rules are applied only a certain amount of time after the device has booted up. Due to this, some apps, which are started before the activation of the firewall, can transfer data even though they are blocked in the firewall. This poses two problems:

Security: I use the firewall mainly for security reasons. I do not want apps to phone home if I do not allow it.

Data usage: when roaming or on limited budget this can eat through your budget pretty fast. During my recent holiday I bought a local PAYG/prepaid SIM, which was preloaded with 20 bucks of the local currency. Without a data plan (which I was about to buy) the rate is 1 buck per MB. When I finally got to buying the data plan my account balance was down to 8 bucks. Yeah, 4G was surprisingly fast, and in that short time frame between boot and rule activation the Amazon Appshop downloaded 12MB of some game. No drama, but unnecessary.

My idea was, since the phone needs to be rooted anyway, to provide some init.d script, which completely blocks communication until the firewall rules are implemented. This shouldn't be too hard, as it only needs a generic "deny all" statement which is activated during the boot process, and is later overwritten by the firewall rules.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions