Greetings,

I have an app for Android that leverages IPTABLES to block apps based on UID.

It works great with one exception on some devices using Android 4.x. When a user enables "Set Mobile Data Limit" on some devices the iptables for cellular data are negated.

How would I insert my rules to offset this?

pkts bytes target prot opt in out source destination
37 7848 costly_rmnet_sdio0 all -- any rmnet_sdio0 anywhere anywhere [goto]

I currently insert into the beginning of the chain and reapplying the rules doesn't change anything.

IPTABLES -I OUTPUT 1 -j droidwall

Here is the full output on a device that is affected by this issue.

root@android:/ # iptables --list OUTPUT --verbose
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
108 6758 all -- any !lo+ anywhere anywhere ! quota globalAlert: 2097152 bytes
37 7848 costly_rmnet_sdio0 all -- any rmnet_sdio0 anywhere anywhere [goto]
1321 85531 ACCEPT all -- any lo anywhere anywhere
39239 2701K all -- any any anywhere anywhere owner socket exists
273 21255 droidwall all -- any any anywhere anywhere

Any help is greatly appreciated!
Thanks in advance!

Hi,

i dont have android phone ^_^ but i know many thinks about SDK & NDK, so i think that this activate the quotation with the commande:
that's why the iptables for cellular data are negated.

for more information about quotaon

Best regards

If I used quotas on my rules I would override the Mobile Data Limit rule thus breaking that functionality correct?

Can't I get my rules to insert before the quota so that the firewall is functional and the Mobile Data Limit is still functional as well?

Hi,

The use the quotation quotaon so when you activate this application the iptables for cellular data are negated

so i think you can use one of them the Mobile Data Limit/quoaton or iptables

Best Regards

That's a no go since quota is not in Android.