I have an application on an android device that hosts web pages. If I connect to the device that runs this via its android hotspot, I can use the default IP view the page.
This page is fed data from the internet. So the android device needs to have access to the internet. However, I do not want users who connect to the device's hotspot to be able to access the internet. I was wondering what the best way to sever that data bridge between the android hotspot and it's outgoing data connection. (I'm currently using Ethernet.)
I'd prefer a solution where I can edit the source files of the firmware itself as this is something that should be irreversible. I have full control over the source and also root.
Thanks in advance.
So I was given advice out of the blue to look at iptables which is installed in android 4.2.2. This solution however will only work if you have root.
Thankfully it shows this :
Chain natctrl_FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 natctrl_tether_counters all -- eth0 wlan0 0.0.0.0/0 0.0.0.0/0 [goto] state RELATED,ESTABLISHED
0 0 DROP all -- wlan0 eth0 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 natctrl_tether_counters all -- wlan0 eth0 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
This chain is what passes the data from the Ethernet to the wifi. So if I ran the following in the command line:
iptables -I natctrl_FORWARD 1 -j DROP
It just puts a DROP to the top and throws all traffic away.
So in an app, you can run the command line script with:
Runtime.getRuntime().exec(new String[]{"su", "-c", "iptables -I natctrl_FORWARD 1 -j DROP"});