IP Networking

Go to a command line, and run that command.

I downloaded the "Android Terminal Emulator" app. I typed in and pressed enter. That made the superuser app pop up and I allowed it.

Then I typed in

Code:

modprobe config

and pressed enter. It then said, "modprobe: can't change directory to '2.6.35.7-perf-T680UVLG3-CL1165714' : No such fire or directory.

Then I typed in and pressed enter. Then all it said was "CONFIG _NETFILTER_XT_MATCH_MAC=y"

I don't know what that means. And I also still have internet access.

Well, your phone definitely supports mac filtering -- it's y, not no. And it doesn't need modprobe -- it's y, not m. So you shouldn't need to load anything special to get it to work. Which is very good since it's probably not feasible for you to change it... config.gz is a list of options that particular kernel was built with.

Please try the script I suggested (slightly changing to make it match the syntax your app seems to need )

Code:

$IPTABLES -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP
$IPTABLES -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -j DROP

The FORWARD table may be necessary depending on how the phone uses its internet connection; packets might make it to the FORWARD chain instead of the INPUT chain first. It'd end up in INPUT eventually, but after it passes through FORWARD, it loses its MAC address.

I don't think REJECT makes sense in all contexts, and DROP definitely works on my systems.

Oh... Which MAC address are you putting in there? The router's, right?

Ok, I put in the code that you said:

Code:

$IPTABLES -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP
$IPTABLES -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -j DROP

Still not blocking internet access.

I was totally lost when you said this: Not sure if this has to do with anything, but I enabled logs in AFWall+, but when I go to look, it always says "Log is Empty," even if I browse around on the internet. It's always just empty.

It'd make more sense if you've ever built your own kernel. You get a list of options to choose from, and get to pick whether device drivers are disabled (n), built-in(y), or put in modules to load later(m). /proc/config.gz is a list of what options were picked when the kernel was made.

The point is, this kernel has built-in support for mac filtering.

Does the AF+ documentation say to use $IPTABLES instead of iptables, or did you pick that up from an example somewhere? Try plain 'iptables'.

I know nothing about AF+, so I couldn't say. iptables itself doesn't log unless told, but a firewall generator which talks to iptables could do who-knows-what.

My suggestion would be:

1) Turn off AF+
2) Type iptables -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP and iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -j DROP into a root console
3) See if that works

If that works, you might just be fighting your firewall generator.

P.S: There's probably not much reason to obscure your MAC address. That's not useful to anyone outside your local network.

If I turned off AFWall+, I had no internet access. So I just uninstalled it. When you said "root console," I assume you mean the Android Terminal Emulator app? I opened that app, and typed in:

Code:

iptables -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP

and pressed enter. It just went to a new line. Didn't say or tell me anything. Then I typed in:

Code:

iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -j DROP

and pressed enter. Still didn't give me any message. Just a new line. Went to open another app... still had internet access. :/

Depends on whether "android terminal emulator app" gives you a root console or not...

People who root their androids often install sshd, so they can ssh into an actual terminal without any "app" nonsense or uncertainty. Some of these terminal apps are half-pretend.

Which MAC address are you putting in? The router's, right?