Put your apps behind Orbot and block all unwanted traffic in one go.

How does it work?

orWall will force selected applications through Orbot while preventing unchecked applications to have network access.
In order to do so, it will call the iptables binary. This binary, present on your Android device, requires superuser access (aka root). It's the application that manages the firewall on Linux and, by extension, on Android.

In short, orWall will add special iptables rules in order to redirect traffic for applications through Tor; it will also add required rules in order to block traffic for other apps.
The redirection is based on the application user id. Each android application runs as a dedicated user, and iptables has support for traffic filtering based on the process owner, meaning it's really easy and pretty safe to do this kind of thing on an Android device.


This application takes care of IP connections only, not GSM. It won't protect you if an attacker sends commands to your baseband through SMS, for example.

Also, on some Android versions (at least 4.1.1), the init-script will not work, meaning you may have outgoing connections before orWall starts.

The application works in two stages: first, an init-script will block all incoming and outgoing traffic. This should prevent leaks, knowing Android sends stuff before you can even access the device.
Second stage comes once the device is fully booted: orWall itself takes the lead on the firewall, and add required rules in order to allow Orbot traffic, and redirect selected application to Orbot TransPort.

Basically, orWall is a simple UI for scripts provided by Mike Perry in his blog post on torproject.

What orWall is

  • A firewall configurator: it allows you to set up your device in order to force apps through Orbot.
  • A way to prevent unwanted network access: only the apps you select access the Net through Orbot.
  • An app you should use with caution: if you don't understand what it's doing, you may have some bad surprises.

What orWall isn't

  • A replacement for Orbot: you still need Orbot on your device.
  • A replacement for AFWall/DroidWall – but it may lead to weird problems if you're using both.
  • The Answer to the Ultimate Question of Life, the Universe and Everything: everybody knows it's 42.


Warning! As we're still in alpha, the following stuff may be useful:

  • A computer;
  • USB cable in order to connect your device to the computer;
  • Android SDK and, espcially, Android Debug Bridge (ADB);
  • Some knowledge about shell commands (iptables, mostly);
  • A towel.

How to use orWall

  • Ensure you have Root access on your device.
  • Ensure you have Orbot installed.
  • Ensure Orbot has no Transparent Proxy enabled, like on the screenshot.
  • Start orWall , select the apps you want to redirect to Orbot.
  • Reboot.
  • Enjoy more privacy!



Orbot configuration

Please ensure you don't use Orbot Transparent Proxy feature. At all.


Application list

You see only application requesting Network rights.
Red applications are System.


Manage init-script

Enforce, remove or don't manage init-script


Search your application

Have a lot of applications? No problem, you can search by name


Settings are documented

Want to try some new stuff? Just read the settings summary in order to know what they do


Convenient menu

The menu let you access quick function in a convenient way. Activate stuff in settings, access new features in menu



  • No network anymore: Did you start Orbot? Did you select applications? Do you have network (i.e. wireless, 3G and so on)?
  • No network anymore (bis): Ensure you don't have Transparent Proxy enabled in Orbot.
  • No network anymore (tris): Is Orbot connected to the Tor Network?
  • My apps aren't going through Tor: Are you using some other firewall application, like AFWall or DroidWall? If so, please remove it, reboot, and test again.
  • Application crashes with no message: Please fire up ADB logcat and fill in a new issue. :)
  • Some menu entries are disabled: Did you activate those options in the settings? Did you select Browser app and/or SIP app in the settings?

How to uninstall orWall

  • Remove the init-script (from the settings)
  • Uninstall the app as usual.
  • Reboot.
We cannot catch the uninstall event in order to make things, meaning you have to remove the init-script by hand.

How to request support?

Please open an issue with the following information:
  • Device model;
  • Android version;
  • orWall version;
  • Steps to reproduce the problem;
  • LogCat output;
  • screenshots (if possible);
  • Output of iptables -vnL and iptables -vnL -t nat;
Yes, that's a lot of things, but we do not possess a crystal ball allowing us to guess your problem…

I want to take part!

Great news, thanks! Just create a fork and submit pull-requests. We're opened for new features, bug corrections and so on, feel free to help.

We're seeking people for translations, bug swatting, read proofing.
We're also wanting to add the following features to orWall:

  • Action: when we deselect an app in orWall, it should be restarted in order to ensure network is cut.
  • Action: panic button: allow user to cut all connections in one shot (though it's possible to do so by cutting Orbot).
  • When we remove an application, it should be removed from orWall authorization list in order to prevent UID overlaps.

What about the previous name, Torrific?

There's a trademark on "Tor", and it seems Tor Project wants to enforce it. Kindly, that said (and I emphasize this fact). So, in order to both respect the trademark and avoid useless discussions, I prefered to change the name to something else. All is fine now :).
Long live orWall, your new Onion Router Firewall!