Its been a while since I made manual firewall rules and the firewall has very little documentation except to say you can use * to represent all addresses. I want to make a rule to allow a range of IP addresses 172-217-0-0 to 172-217-255-255 but it doesn't say how to do that so I am guessing to use a subnet mask but I have forgotten Should that be 172-217-0-0,255-255-255-255 or 172-217-0-0,172,217,255,255 or 172-217-0-0,0-0-255,255?
What firewall? I have always seen IP range in firewalls typed normally, with commas and a dash between IPs, no spaces, a comma after setting up another IP, like for Windows Firewall: netsh advfirewall firewall add rule name="POP Peeper IMAP" dir=out action=allow protocol=TCP remoteip=94.100.176.0-94.100.183.255,217.69.136.0-217.69.141.255 remoteport=143,587 program="%ProgramFiles(x86)%\POP Peeper\POPPeeper.exe"
In NoRoot - Don't do range. Type in 172.217.0.0/32 then use dropdown to select a port, or all ports (*)
Shouldn't that be 172.217.0.0/16 ? Assuming it's dealing with ipv4 addressing, this will reserve the first 16 bits to the network portion of the address, and the final 16 bits to the hosts portion.
Yes, it should be /16. Sorry for the careless answer I just confirmed so with the CIDR calculator. In any case, NoRoot accepts CIDR notation instead of ranges.
I thought 172.217.0.0/16 was working but apparently it's not. I am still getting connection requests to IP addresses within the allowed range...
There is a Wilders thread here on the firewall, and based on some of the images posted for custom filters, it looks like you may have to set the range as per the following example: Code: 172.271.*.*:80 this would give you the network address range you're looking for, restricted to port 80. If you want any port you would use an "*" (without quotes).
/16 Seems to be working here - all packets went to Pending access, and syncing contacts didn't work. OS monitor showed Syn_Sent and no established connection. I made the rule in Pre-Filter. Maybe that's not a good test. Edit: (1) I deleted a picture, I posted earlier, of just one application (wasn't a good demo). When 172.217.x.x range was blocked, Android subsequently redirected things to another IP. To completely block this stuff use ... (2) another syntax *.1e100.net and (*) for port. Is it a good idea or not, I'm not sure. It knocked out a lot of stuff - google account manager, google play services and framework, gmail (but gmail worked without 1e100.net), and other such. (3) also this seems to have worked 172.217.*.*:* I've been looking at Access Log to see what exactly is or is not being blocked.
Oh so you CAN use * to represent the subnet? That was one of the first things I tried but it kept saying invalid format, I'll give that another shot and see. Edit: It seems to be a small bug in noroot that says invalid format while you're typing in an IP range using * to mean the subnet, the invalid format message dissapears when you finish typing it in.