orWall will force selected applications through Orbot
while preventing unchecked applications to have network access.
In order to do so, it will call the iptables binary. This binary, present on your Android device, requires superuser access (aka root). It's the application that manages the firewall on Linux and, by extension, on Android.
In short, orWall will add special iptables rules in order to redirect traffic for applications through Tor; it will also add required rules in
order to block traffic for other apps.
The redirection is based on the application user id. Each android application runs as a dedicated user, and iptables has support for traffic filtering based on the process owner, meaning it's really easy and pretty safe to do this kind of thing on an Android device.
This application takes care of IP connections only, not GSM. It won't protect you if an attacker sends commands to your baseband through SMS, for example.
Also, on some Android versions (at least 4.1.1), the init-script will not work, meaning you may have outgoing connections before orWall starts.
The application works in two stages: first, an init-script will block all incoming and outgoing traffic. This should prevent leaks, knowing Android sends
stuff before you can even access the device.
Second stage comes once the device is fully booted: orWall itself takes the lead on the firewall, and add required rules in order to allow Orbot traffic, and redirect selected application to Orbot TransPort.
iptables -vnL -t nat;
Great news, thanks! Just create a fork and submit pull-requests. We're opened for new features, bug corrections and so on, feel free to help.
We're seeking people for translations, bug swatting, read proofing.
We're also wanting to add the following features to orWall:
There's a trademark on "Tor", and it seems Tor Project wants to enforce it.
Kindly, that said (and I emphasize this fact). So, in order to both respect the trademark and avoid useless discussions, I prefered to change the name to something else.
All is fine now :).
Long live orWall, your new Onion Router Firewall!