http://bbs.hikemobile.com/thread-1644-1-1.html
http://5e76.net/show-2409.html
http://www.myexception.cn/open-source/429531.html
http://www.eoeandroid.com/thread-245052-1-1.html
http://blog.csdn.net/Zengyangtech/article/details/5579311
https://code.google.com/p/droidwall/
http://www.oschina.net/p/droidwall/similar_projects?lang=0&sort=view&p=16
http://smallnopoint.iteye.com/blog/1465138
private static boolean applyIptablesRulesImpl(Context ctx, List<Integer> uidsWifi, List<Integer> uids3g, boolean showErrors) { if (ctx == null) { return false; } assertBinaries(ctx, showErrors); final String ITFS_WIFI[] = { "tiwlan+", "wlan+", "eth+", "ra+", "mlan+" }; final String ITFS_3G[] = { "rmnet+", "pdp+", "ppp+", "uwbr+", "wimax+", "vsnet+", "ccmni+", "usb+", "qmi+", "ccinet+" }; final StringBuilder script = new StringBuilder(); try { int code; script.append(String.format("export LD_LIBRARY_PATH=%s\n", System .getenv("LD_LIBRARY_PATH"))); script.append(scriptHeader(ctx)); script.append("" + "$IPTABLES --version\n" + "# Create the DROIDWALL chains if necessary\n" + "$IPTABLES --new DROIDWALL\n" + "$IPTABLES --new DROIDWALL_MOBILE\n" + "$IPTABLES --new DROIDWALL_WIFI\n" + "$IPTABLES --new DROIDWALL_REJECT\n" + "# Add DROIDWALL chain to OUTPUT chain if necessary\n" + "$IPTABLES -D OUTPUT -j DROIDWALL\n" + "$IPTABLES -I OUTPUT -j DROIDWALL\n" + "$IPTABLES -F DROIDWALL || exit 7\n" + "$IPTABLES -F DROIDWALL_MOBILE || exit 8\n" + "$IPTABLES -F DROIDWALL_WIFI || exit 9\n" + "$IPTABLES -F DROIDWALL_REJECT || exit 10\n" + ""); script.append("" + "# Create the reject rule (log disabled)\n" + "$IPTABLES -A DROIDWALL_REJECT -j REJECT || exit 11\n" + ""); script.append("# Main rules (per interface)\n"); for (final String itf : ITFS_3G) { script.append("$IPTABLES -A DROIDWALL -o ").append(itf).append( " -j DROIDWALL_MOBILE || exit\n"); } for (final String itf : ITFS_WIFI) { script.append("$IPTABLES -A DROIDWALL -o ").append(itf).append( " -j DROIDWALL_WIFI || exit\n"); } script.append("# Filtering rules\n"); final String targetRule = "DROIDWALL_REJECT"; // final boolean any_3g = uids3g.indexOf(SPECIAL_UID_ANY) >= 0; // final boolean any_wifi = uidsWifi.indexOf(SPECIAL_UID_ANY) >= 0; if (any_3g) { script.append("$IPTABLES -A DROIDWALL_MOBILE -j ").append( targetRule).append(" || exit\n"); } else { /* release/block individual applications on this interface */ for (final Integer uid : uids3g) { if (uid >= 0) script .append( "$IPTABLES -A DROIDWALL_MOBILE -m owner --uid-owner ") .append(uid).append(" -j ").append(targetRule) .append(" || exit\n"); } } if (any_wifi) { script.append("$IPTABLES -A DROIDWALL_WIFI -j ").append( targetRule).append(" || exit\n"); } else { /* release/block individual applications on this interface */ for (final Integer uid : uidsWifi) { if (uid >= 0) script .append( "$IPTABLES -A DROIDWALL_WIFI -m owner --uid-owner ") .append(uid).append(" -j ").append(targetRule) .append(" || exit\n"); } } if (uids3g.indexOf(SPECIAL_UID_KERNEL) >= 0) { script.append("# hack to BLOCK kernel packets on black-list\n"); script .append("$IPTABLES -A DROIDWALL_MOBILE -m owner --uid-owner 0:999999999 -j RETURN || exit\n"); script .append("$IPTABLES -A DROIDWALL_MOBILE -j DROIDWALL_REJECT || exit\n"); } if (uidsWifi.indexOf(SPECIAL_UID_KERNEL) >= 0) { script.append("# hack to BLOCK kernel packets on black-list\n"); script .append("$IPTABLES -A DROIDWALL_WIFI -m owner --uid-owner 0:999999999 -j RETURN || exit\n"); script .append("$IPTABLES -A DROIDWALL_WIFI -j DROIDWALL_REJECT || exit\n"); } final StringBuilder res = new StringBuilder(); code = runScriptAsRoot(ctx, script.toString(), res); if (showErrors && code != 0) { // String msg = res.toString(); // Log.e("DroidWall", msg); // Remove unnecessary help message from output // if // (msg.indexOf("\nTry `iptables -h' or 'iptables --help' for more information.") // != -1) { // msg = // msg.replace("\nTry `iptables -h' or 'iptables --help' for more information.", // ""); // } // alert(ctx, "Error applying iptables rules. Exit code: " + // code + "\n\n" + msg.trim()); Toast.makeText(ctx, ctx.getString(R.string.kn_traffic_item_info_no_root), 300).show(); System.out.println("applyIptablesRulesImpl"); } else { return true; } } catch (Exception e) { if (showErrors) Toast.makeText(ctx, ctx.getString(R.string.kn_traffic_item_info_no_root), 300).show(); System.out.println("applyIptablesRulesImpl"); } return false; }