What are iptables? What was my doing?

[LostInBass]

Hi...

I'm just curious as to what my phone was doing while I was sleeping yesterday.

I have these process in activity history and I've never seen this before:

20191004-17:01:03 [4086,4116] done (0.000047s)
20191004-17:01:03 [4086,4115] /system/bin/iptables-restore -t filter -A bw_costly_rmnet4 -j bw_penalty_box
20191004-17:01:03 [4086,4115] done (0.000528s)
20191004-17:01:03 [4086,4115] /system/bin/iptables-restore -t filter -A bw_costly_rmnet4 -j bw_roaming_reduction
20191004-17:01:03 [4086,4115] done (0.000082s)
20191004-17:01:03 [4086,4115] /system/bin/iptables-restore -t filter -A bw_costly_rmnet4 -j bw_foc_box
20191004-17:01:03 [4086,4115] done (0.000048s)
20191004-17:01:03 [4086,4115] /system/bin/iptables-restore -t filter -I bw_INPUT 2 -i rmnet4 --jump bw_costly_rmnet4
20191004-17:01:03 [4086,4115] done (0.000052s)
20191004-17:01:03 [4086,4115] /system/bin/iptables-restore -t filter -I bw_OUTPUT 2 -o rmnet4 --jump bw_costly_rmnet4
20191004-17:01:03 [4086,4115] done (0.000046s)
20191004-17:01:03 [4086,4115] /system/bin/iptables-restore -t filter -A bw_FORWARD -i rmnet4 --jump bw_costly_rmnet4
20191004-17:01:03 [4086,4115] done (0.000091s)
20191004-17:01:03 [4086,4115] /system/bin/iptables-restore -t filter -A bw_FORWARD -o rmnet4 --jump bw_costly_rmnet4
20191004-17:01:03 [4086,4115] done (0.000048s)
20191004-17:01:03 [4086,4115] /system/bin/iptables-restore -t filter -A bw_costly_rmnet4 -m quota2 ! --quota 9223372036854775807 --name rmnet4 --jump REJECT
20191004-17:01:03 [4086,4115] done (0.000065s)
20191004-17:01:03 [4086,4116] /system/bin/ip6tables-restore -t filter -A bw_costly_rmnet4 -j bw_penalty_box
20191004-17:01:03 [4086,4116] done (0.000100s)
20191004-17:01:03 [4086,4116] /system/bin/ip6tables-restore -t filter -A bw_costly_rmnet4 -j bw_roaming_reduction

It goes on for a quite a long time at various intervals, this is just a section of the data.

Can anyone tell me what it relates to?

I use my for very basic things - general web browsing, social media, that kind of thing.

If anyone can gather anything from this, I'd be grateful for some insight.

Thank you.

I can't find a relevant category but I have Samsung A50 and Android 9.

 

[B. Diddy]

Welcome to Android Central! Here's an article about iptables: https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/. As to what all of that activity is, perhaps @Rukbat can shed some light on it.

 

[LostInBass]

Thanks B. Diddy...that's similar to the article I was trying to make sense of before I posted here...

I understood it to be some kind of firewall activity but both articles make it sound like something that's carried by the user, ie me, as opposed to something that's done autonomously.

 

[B. Diddy]

Do you have 3rd party security apps installed? It could be due to that.

 

[LostInBass]

No, but I use Nord and Cyber ghost vpn, so it could be related to either of them I guess.

 

[Rukbat]

It can be set up by you - if you know what you're doing. But you normally don't have to work with IP tables, whether in your phone or in a desktop running Linux. Linux handles everything properly be default, It's only for special setups, that iptables can't handle that you have to write some rules. For example, if someone at 198.51.100.0 is constantly pinging your server, you can issue

iptables -I INPUT -s 198.51.100.0 -j DROP

And all packets from 198.51.100.0 will just get dropped.

In the cases you cited, iptables-restore -t only runs the rest of the command as a test, it doesn't do anything (the -t switch). Why? No idea. Did you "exit" some app by using the Home button, leaving the app running in the background?

 

[LostInBass]

Thanks for your answer and, yes, I possibly did both of those things - fell asleep while using my phone.

I'm pretty sure they weren't all -t but I cant check now because its gone my process history :/