Database Develop

[Q] proxy ssh tunnel

Hi guys,
Have a question for you...
I'm outside of US... I have private hosting on US soil... I've used it like ssh tunnel proxy on my Win7-PC (Socks5+Putty)
No the question. How can I run this proxy on Nexus One of mine. I want it for "App Market" (to see/buy not-free apps)

Much simpler - root your Nexus and use Market Access.

david2tm said:
Hi guys,
Have a question for you...
I'm outside of US... I have private hosting on US soil... I've used it like ssh tunnel proxy on my Win7-PC (Socks5+Putty)
No the question. How can I run this proxy on Nexus One of mine. I want it for "App Market" (to see/buy not-free apps)
Click to expand...
Click to collapse
In case there are other motives, you can still do it, but you need a rooted phone.
I know I have a proxy section in the networks and wireless, but it's possible its just a cyanogenmod app. That's where you'll want it though, you'll need to open an ssh tunnel using ssh -D (never done this, but this is how you do it on traditional linux) and then localport:remotehost:remoteport. After that you log in, and your tunnel is made!
So a command for opening up a local proxy on port 8118 to myproxy.org on port 22 (ssh) would look like
Code:
ssh -D 8118:myproxy.org:22
You then set your local proxy to 127.0.0.1 on port 8118 and all your traffic goes through your established ssh tunnel.

Jack_R1 said:
Much simpler - root your Nexus and use Market Access.
Click to expand...
Click to collapse
Well, I want market to think that I'm in US too. For updated version of Maps app - for example

Acidictadpole said:
In case there are other motives, you can still do it, but you need a rooted phone.
I know I have a proxy section in the networks and wireless, but it's possible its just a cyanogenmod app. That's where you'll want it though, you'll need to open an ssh tunnel using ssh -D (never done this, but this is how you do it on traditional linux) and then localport:remotehost:remoteport. After that you log in, and your tunnel is made!
So a command for opening up a local proxy on port 8118 to myproxy.org on port 22 (ssh) would look like
Code:
ssh -D 8118:myproxy.org:22
You then set your local proxy to 127.0.0.1 on port 8118 and all your traffic goes through your established ssh tunnel.
Click to expand...
Click to collapse
I've rooted stock froyo. And there's no proxy option in my Wireless & Network.
1. How can I get this app (?) w/o cyanogenmod?
2. where do I type ssh commands? [I'm not a Linux guy]
*. I wish my wireless router had the option to share "proxyfied" connection....

david2tm said:
Well, I want market to think that I'm in US too. For updated version of Maps app - for example
Click to expand...
Click to collapse
That's exactly what you get, I guess you never tried. Market recognizes provider's MCC and MNC, and SSH tunneling won't help you even a little bit. On the other hand, Market Enabler / Market Access allow faking MCC and MNC to match any supported provider for paid markets.

Jack_R1 said:
I guess you never tried
Click to expand...
Click to collapse
I'll try it right now

[Q] Problem with Global Proxy

Hello:
Until a week ago I was using the ProxyDroid to use the internet through wifi using my laptop with Virtual WiFi router without problems. I could use all applications using the global proxy that adjusts ProxyDroid, including 1mobile market apk.
However, after using other WiFi connections at a conference, which did not require proxy, my cel can't access the previous network through its old proxy. I fear that installing and uninstalling some applications, something changed some internal settings and I can't reset my cel connection.
Something remarkable, to activate ProxyDroid at work, I need to declare some bypass for some IP so that they can see. These pages show the alert if this, what makes me think that the ProxyDroid is working ok and changing the global proxy cel.
I use HTC Nexus One with CyanogenMod-7.2.0-passion
Please, help...:crying:
Thanks

About ProxyDroid and iptbles
I notice that ProxyDroid 2.7.0 not chage the iptables chains. I configure PD and enabled it, but when I use adb shell and then iptables -L just show this...
C:\Developers\ADT-Bundle\sdk\platform-tools>adb shell
# iptables
iptables
iptables v1.4.7: no command specified
Try `iptables -h' or 'iptables --help' for more information.
# iptables -L
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#
So, it don't work
Help....... PLEASE
I use HTC Nexus One with MIUI 2.3.7 ES

[Guide][Linux] Reverse-tethering + working app store over USB.

After a few evenings of searching, reading and testing, I finally found a solution for setting up a reverse-tether connection between my Droid 3 and my Ubuntu box over a USB cable, which I can use to download apps and app updates from Google Play without eating up my mobile data credit. And since it seems to me that complete and clear explanations of how to do this with USB and Ubuntu are not available anywhere, I want to detail here all the steps of my connection setup process, in a way that will hopefully be accessible to most users of Android and Ubuntu. So here goes:
Prerequisites:
- a PC that is connected to the Internet and running Ubuntu, where you have root access and a free USB port
- a rooted Android device (in my case the Motorola Droid 3) with a SIM and an active mobile subscription
- a USB cable (I have the one that came with the phone).
Setup:
#1. Disconnect your Android device's data connection from your mobile carrier by touching the corresponding icon in the notifications tray (2 parallel vertical arrows pointing in opposite directions) or by switching your phone to Airplane Mode.
#2. Launch the Terminal emulator app on your Android device and enter this command:
ifconfig
You should get a response that shows only one network interface, named "lo" or "lo0" or something like that, with an information field that says "inet addr:127.0.0.1". This is the local loopback connection. We will not be using it - just know that it's always there in responses to "ifconfig" and ignore it from now on.
#3. Re-enable your Android device's data connection by reversing what you did at #1. Go back to the Terminal and do another
ifconfig
This time, in addition to the "lo" interface, you should see another interface that is used to communicate with the Internet through your mobile carrier. For me this interface is called "ppp0"; you may have something else, but just remember what it is because you will have to use it later wherever you see me use ppp0 in the commands below.
#4. Now connect your Android device to your Ubuntu PC using the USB cable. Access the USB connection notification in your Android notifications tray and select "PC Mode" as your USB Mode. (If you don't have this option, then I don't know what to say, you will probably have to try them all, but in that case I wouldn't start with the "Mass storage" option - that's the least likely one to work for this.)
#5. Still on the Android, open Settings -> Wireless & networks -> Tethering & Mobile Hotspot and enable "USB tethering". You should get a second, green USB icon on your status bar after tethering is enabled.
#6. Go back to the Terminal app on your Android device and do yet another
ifconfig
This time you should receive information for 3 network interfaces: in addition to "lo" and "ppp0" you should now see a new interface that corresponds to your USB. For me it's called "gether0"; remember what yours is and use it wherever I use gether0 in the commands below.
Also, look at the "inet addr:" specification of your gether0 interface and remember this IP address because we will need it later. (My USB tether interface always gets the same IP address - 192.168.42.129 - so this is what I will be using in my example commands below.)
#7. Now let's look at the PC's network interfaces. Open a terminal emulator (I use Ctrl-Alt-T to do this; depending on what launchers, shortcuts or desktop environments you have, you may need to find it in a menu or do something else to get to it) and type
ifconfig
This response depends a lot on how your PC is set up, but generally I'd expect to see at least a "lo" (local loopback) interface, a "usb0" interface, one or more "eth0", "eth1" etc. interfaces and maybe a "ppp0" interface. The "ppp0" and "eth0" type interfaces will be for your PC's Internet connection and the "usb0" interface will correspond to the USB cable connecting you to the Android device. If you have a "ppp0", that's probably the one you should use in all setup commands to be run on the PC where I will use ppp0. Otherwise if you only have "lo", "usb0" and "eth0", your PC's Internet is probably on "eth0", so use that one in place of my ppp0 in commands run on the PC. (If you have any other combinations without a "ppp0", I don't know what to suggest except try them all one by one, everything you have besides "lo" and "usb0".)
#8. Back to the Android device. What we want here is for the ppp0 interface to remain enabled - because that's the only way the app store will agree to download any apps - but all our Internet communication to actually go through the gether0 interface, i.e. through the USB tether. To do this, we need to change the default route Android apps use to send data, namely to delete the default route that points to ppp0 and add a new default route that points to gether0 and that uses as a gateway the IP address of the Ubuntu PC (an address we will set up on the PC at the end of this process). So run these commands in the Terminal on the Android:
su
route del default
route add default gw 192.168.42.1 dev gether0
setprop net.dns1 8.8.8.8
Notice that the gateway IP address we will be using is made up of the first 3 numbers from our USB tether interface's IP from step #6, followed by a ".1" instead of whatever the 4th group was in the original IP.
#9. On the PC we want to set up standard Internet connection sharing between usb0 and ppp0 according to the instructions from the Ubuntu manual, so we will run these commands in the terminal window:
sudo su -
(enter your password here to get root access and then do 5 more lines)
iptables -A FORWARD -o ppp0 -i usb0 -s 192.168.42.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Here again you can see we're using the first 3 numbers from the USB tether interface's IP, but adding a ".0" and a "/24" at the end to specify an entire class of IPs we're going to accept packets from over the USB, a class that includes our Android's actual IP, 192.168.42.129. (We could probably just use that single IP without a "/24", but whatever, this class stuff is usually the way it's done.)
#10. Finally, we will set our PC's usb0 interface IP to the gateway IP we already told the Android to send everything to, i.e. 192.168.42.1, after which we need to quickly check that the connection is working and jump right into Google Play to download some apps. I say "quickly" because in my case, for whatever reason, after I set the gateway IP on the PC I can only leave the connection unused for about 1 minute before it drops on its own. So don't wait too much after #10.1 to do the rest:
#10.1. Enter this into your PC's terminal:
ip addr add 192.168.42.1/24 dev usb0
#10.2. Check that the connection is up by entering this into your Android's terminal first:
ping -c 3 google.com
If you get 3 responses from Google, you're all set to launch Google Play and download some apps:victory:. If there's no response, go back to #10.1 and try again.
Another indication that the PC has dropped the connection is that you get a notification popup on the PC that says "Wired network/ Disconnected". That tells you you need to jump back to #10.1 to get the USB link working again.
Also, you will know you need to do this again if you find Google Play is suddenly refusing to load apps or pages even though it was loading them before - you probably waited too long between clicks and allowed the connection to drop.
#11. To reset all the connections to normal when you're done, make sure to
#11.A. Go to Settings -> Wireless & networks -> Tethering & Mobile Hotspot and disable "USB tethering" before you unplug the USB cable from either device, otherwise the gether0 interface may remain active and interfere with your ability to get back your data link to your mobile carrier.
#11.B. Do steps #1 and #3 again to get your Android to automatically re-establish the proper settings for the link to your mobile carrier.
Final remarks:
- In order to streamline this process, especially steps #8-#10, you should probably put these commands and your specific interface names and IP addresses in some scripts - one on the PC, one on the Android device - that you can then launch more easily. I'm a newbie at both Ubuntu and Android, so I have to do some more searching to figure out how to do this properly.
- Keeping the connection up even if you're idle - e.g. while reading app descriptions and deciding what to download - is probably a matter of sending some dummy packets periodically through the USB, which would probably involve another script running in the background - again something I haven't taken the time to figure out how to set up yet.
- Anytime you get paranoid about whether the apps are being downloaded through the USB cable or your mobile data plan, go to your Android terminal and check whether your default network route is still pointing to your gateway PC by running:
route
This will show you all the routes that are configured on your Android. The last line in the table should say "default", then "192.168.42.1" and end with "gether0". This means the data is still going through the USB and not eating up your mobile data credit.
Enjoy!

It seems to work, but I'm still not sure whether my phone uses my computer's internet connection or my 3G. Upon executing:
Code:
busybox route
I get a lot of lines instead of just "192.168.42.1" ended with "rndis0" (this is how its named on my device) though this "192.168.42.1" exists.

leledumbo said:
It seems to work, but I'm still not sure whether my phone uses my computer's internet connection or my 3G.
Click to expand...
Click to collapse
The simple way I confirm it is by looking at the 3G icon at the top: during normal usage the two arrows in the icon light up depending on whether I'm transmitting or receiving or both; when I'm reverse-tethered they never light up at all.
I get a lot of lines instead of just "192.168.42.1" ended with "rndis0" (this is how its named on my device) though this "192.168.42.1" exists.
Click to expand...
Click to collapse
Well, in principle you should only need to care about the "default" line, but if by any chance you have some rule in that table that specifies a non-default route for exactly the websites you're trying to access in all this and that rule happens to specify a different interface than "rndis0", then yes - you might be using your mobile data plan after all. But I wouldn't bet on it. I have a few routes on there, but I think they're just related to services my carrier is offering at some specific IPs it has.
If you can't confirm the 3G is being bypassed by looking at the icon and if you can't spare the traffic to do a direct consumption test (query how much traffic is left/spent, use some more traffic through this setup, query again and compare), then the only other way to make sure that I can think of is to clean up the whole routing table ("route del" everything) and leave only the "default" rule from the instructions above. Then there really won't be any other path for your network packets to take but through the USB. But then you have to hope the routing table will get rebuilt as it was after you reset everything. Or you could just write down all the rules you had before so you can reconfigure them if they don't get re-created automatically at reset.

In fact - what am I talking about? - there's another way you can make sure your Android is really trying to go through the USB to get to the Internet: when you do step #10.1 on the PC just set up a wrong gateway IP, for example 192.1.1.1. If your Android fails to open any webpages or the app store and then if you do #10.1 properly it starts working (again), then it's clear that it's trying to go through the USB cable and isn't using any alternate route.

Weird, the method doesn't work anymore for the subsequent trials. I'll try rebooting the phone.

Works for Windows too
I mixed the instructions found in this thread with another thread here in xda and it worked well under Windows 7.
Thank you for the excelent guide!

donjoe0 said:
After a few evenings of searching, reading and testing, I finally found a solution for setting up a reverse-tether connection between my Droid 3 and my Ubuntu box over a USB cable, which I can use to download apps and app updates from Google Play without eating up my mobile data credit. And since it seems to me that complete and clear explanations of how to do this with USB and Ubuntu are not available anywhere, I want to detail here all the steps of my connection setup process, in a way that will hopefully be accessible to most users of Android and Ubuntu. So here goes:
[guide goes here, edited quote]
Enjoy!
Click to expand...
Click to collapse
So I tried everything on a LG Phoenix running Kitkat and no go. All the commands go through except the ping command. Any suggestions?

AndrMatr said:
So I tried everything on a LG Phoenix running Kitkat and no go. All the commands go through except the ping command. Any suggestions?
Click to expand...
Click to collapse
All I can say is this method continued to work for me pretty much the same as described when I switched to KitKat on an ASUS Padfone 2 with two minor exceptions:
- busybox was no longer set up to be invoked automatically on this other custom ROM so I had to prefix some commands with "busybox " (e.g. the "route" commands)
- my USB tether connection is now named "rndis0" instead of "gether0"; I had to fiddle around a bit with the "netcfg" command to figure that out.

VPN + Hotspot = AWESOME!

Ok so a while back I discovered that after you gain root access to the BIONIC (probably works with other too. idk...) you can make changes to iptables. For those who don't know what that is: It's a built in firewall that handles packets as they come in and leave your phone. This is pretty much the defacto standard for any Linux machine to date (please enlighten me if I'm wrong). Anyhow, after discovering this I came up with an idea to see if I could pipe my hotspot directly into my openvpn tunnel. Well, after a bit of web research on how iptables works I was able to get it up and running. HOWEVER I'm not an expert at this yet, and my config definitely has a flaw in the fact that I leave the phone completely vulnerable on the "rmnetX" interface, as I completely flush the old tables to add mine, leavign the firewall WIDE OPEN. I'll post a fix as soon as I can come up with one. In the mean time here's the steps to take to get your phone to be a hotspot access point to your openvpn network!
**PHONE MUST HAVE ROOT!!!!***
1) Follow along and setup an OpenVPN server http://openvpn.net/howto.html
2) Install "OpenVPN Installer" and "OpenVPN settings" from Google Play marketplace (both are free)
3) Run OpenVPN Installer and install OpenVPN client to your phone. The defaults should be fine.
4) Create a folder called "openvpn" ont he root of your INTERNAL sdcard. IE "/sdcard/openvpn
5) Copy your client keys that you made during your OpenVPN setup to your phone into the /sdcard/openvpn directory (client.crt, client.key, ca.crt, and ta.key)
6) Copy over the client.conf file as well. You will need to tweek this a bit to call your certs from the /sdcard/openvpn file as well as putting in the public IP to connect to. Keep in mind if you are doing this at home you will need to PAT/NAT this connection accross your firewall on udp port 1194.
7)Ok, at this point you just want to make sure your OpenVPN connection works. So open up OpenVPN settings and try and connect to your VPN, if you can connect and brows to shares inside your network over the 4g connection EXCELENT! MOVE ON! If not refer to the OpenVPN HOW TO!!!
8) After that's done you neet to get the Verizon HotSpot Tether working, There's a hack for it on the web. Google "BIONIC Hotspot SQLite Editor"... in the mean time I'll try and walk you through it.
a) get SQLite Editor from Google Play
b) open it and scroll down to "Settings Storage" (the one with the hammer icon), open "settings.db", then click settings. You should see a long list of database entries. Click the magnifying glass and under "Filter Value" type "check".
c) you should then see 4 results, one being "entitlement_check". Long press on the "1" next to "entitlement_check". Click "Edit Field" and change the "1" to a "0".
d) Reboot and try running the stock "Hotspot" app, it should work now!
9) Run the Hotspot app and confirm it works properly and can connect clients.
10) After you have a working Hotspot and a work OpenVPN you can then start the iptables magic!!!
**This is fairly safe, no need to worry about bricking just reboot if you screw up!***
11) Download and install "Android Terminal Emulator" and run it.
12) at the prompt type in "su" to gain super user access
13) you should now be at a root shell ("#") NOT $
14) at the prompt(#) type this: iptables -S <-This shows you the entire iptables rules, as you can see it's crazy complicated!
15) Run OpenVPN and Hotspot and confirm both are connected and runnign before issuing rule changes in iptables. So run both applications now.
16) Confirm VPN is connected and Hotspot is runnign by issuing the command "busybox ifconfig". If your VPN is up you will have a "tun0" interface and if the Hotspot is up there should be a "wlan1" interface.
17) If both are up then all you need to do in order to give hotspot clients access to your VPN resources is this:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -i tun0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan1 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan1 -o tun0 -j ACCEPT
The first 10 commands flush your old iptables, and the last 3 commands masqarade your wlan1 interface to your tun0 interface, funneling your clients down the VPN. Keep in mind that you will have to allow this via your openvpn server.conf file. See HOWTO For OpenVPN.
Enjoy!!!

I am confused and would like to know why we want net on VPN if we have WiFi hack for a router
Could Could we link a com port on bochs emulated windows xp?
With the WiFi hack edit or tether for root user you can use this IP addr add like below to add router capabilities, or change wlan0 to your phone's 4g rmnet or tun0 to add router to any connection, can you tell us what we would use VPN for give an example
su
ip addr add 192.168.1.0/24 dev wlan0
http://www.filedropper.com/comgooglecodeandroidwifitether-1
I use this apk to wifi tether, same as wifi router, will probably need root to use it I am not sure, but you dont need to type: ip addr add 192168.1.0/24 dev wlan0, I do just because it helps make good connections for most wifi devices
This will make your WiFi capable of being used as a router, you still need root WiFi tether or the hotspot hack like you posted but this makes wlan0 a router

I mainly use this to share files that I have on my NAS at home with friends at work. First I create a hot spot, then I connect my VPN, then I masquerade the traffic. On the server side my openvpn configuration is set up so that it trusts a specific subnet coming from behind the openvpn host (IE my phone's hotspot subnet) This provides a nice and easy means of giving friends controlled access via your mobile hotspot without needing to generate RSA keys for each of your friends. Another thing I like to use it for is when I travel I just set it up in the corner and watch movies from home on my laptop over the VPN through the hotspot.
-Ed
DroidisLINUX said:
I am confused and would like to know why we want net on VPN if we have WiFi hack for a router
Could Could we link a com port on bochs emulated windows xp?
With the WiFi hack edit or tether for root user you can use this IP addr add like below to add router capabilities, or change wlan0 to your phone's 4g rmnet or tun0 to add router to any connection, can you tell us what we would use VPN for give an example
su
ip addr add 192.168.1.0/24 dev wlan0
http://www.filedropper.com/comgooglecodeandroidwifitether-1
I use this apk to wifi tether, same as wifi router, will probably need root to use it I am not sure, but you dont need to type: ip addr add 192168.1.0/24 dev wlan0, I do just because it helps make good connections for most wifi devices
This will make your WiFi capable of being used as a router, you still need root WiFi tether or the hotspot hack like you posted but this makes wlan0 a router
Click to expand...
Click to collapse

edw00rd said:
I mainly use this to share files that I have on my NAS at home with friends at work. First I create a hot spot, then I connect my VPN, then I masquerade the traffic. On the server side my openvpn configuration is set up so that it trusts a specific subnet coming from behind the openvpn host (IE my phone's hotspot subnet) This provides a nice and easy means of giving friends controlled access via your mobile hotspot without needing to generate RSA keys for each of your friends. Another thing I like to use it for is when I travel I just set it up in the corner and watch movies from home on my laptop over the VPN through the hotspot.
-Ed
Click to expand...
Click to collapse
Or you could get Qloud Media Server, and be able to assign access to different sets of folders in your home network using username/passwords. And it costs $3.00 or $0.00 if you have a getjar pass.

This is a really cool idea, thanks for sharing.
On a somewhat unrelated note, is the VirtualBox method still the preferred means of rooting a Bionic on 4.1.2 (98.72.22)? Trying to figure out how easily I can root a friend's phone but I can't really find any consolidated source of up-to-date information. =\

TweakerL said:
Or you could get Qloud Media Server, and be able to assign access to different sets of folders in your home network using username/passwords. And it costs $3.00 or $0.00 if you have a getjar pass.
Click to expand...
Click to collapse
I think you might be confusing folder access/authentication with network access/authentication. The VPN would give you access to your network remotely via 4g/3g and yes i suppose you could use the Qloud Media Server to provide access to folders. I'm not really sure what that is, never used it but it sounds like something that provides a service via 3rd party to get access to you remotely. The third party is avoided all together witht he VPN solution. You don't have to give any sort of ingress access to any third party app. You're phone will think it's part of your home network. Also someone asked about having network bridged when you have a wifi hack... it would be purely up to you weather or not you'd want your HTTP traffic to go through the VPN or not... that's different than what I'm providing here. This is strictly for using your phone as a WiFi hotspot router that forwards all of your traffic to your VPN connection (IE your house) so that connected wifi clients would be accessable via your home network and visa versa. You could also just make a VPN hotspot and generate RSA keys for each host connecting to the hotspot.... your choice. Mine works better in a way that I maintain constant view over every device including the phone that is acting as the VPN mifi hotspot.:silly:

how to undo this? i cant connect my hotspot.

Is MAC Filtering Supported?

I have a rooted Samsung Galaxy Exhibit II (SGH-T679) and I am attempting to do some MAC filtering, but opposite of what most people do.
I want to prevent my phone from accessing a specific router (I have the router BSSID). I downloaded "Android Terminal Emulator" and typed
Code:
su
and pressed enter. I enabled access to superuser. Then I typed
Code:
iptables -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP
(obviously substituting the mac address for the BSSID of the router). It just went to a new line (no message or anything). Then I typed
Code:
iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -j DROP
and pressed enter. Still the same thing (new line; no message). I opened another app to see if it would connect to the internet. I still had a internet connection. I want the connection to drop for that specific router.
What is going on? Does my phone even support MAC address filtering? Especially the way in which I'm trying to do it? I even tried downloading AFWall+, Android Firewall and DroidWall, and entered the iptables in them. Still won't block me off of the internet for that specific BSSID.
Is this even possible?
P.S. The reason why I am trying to do this is that I'm testing this on my own phone and router before I implement it for a friend. I have set up Tomato with Access Restrictions and OpenDNS on my friend's router, but his son has been using his neighbour's wifi in the middle of the night to get online. I have the BSSID of the neighbour's router (thanks to Tomato's Wireless Survey). Maybe someone has another idea of how I can prevent him from accessing the neighbour's router? (and no, we don't want to ask the neighbour to change the password, because the neighbour's son will likely just give the password to my friend's son again).

That command updates the firewall rules, which has nothing to do with whether the phone connects to a particular wifi connection.
Other than not trying to connect to begin with, I'm not sure there is a way to do that. But it may depend on the rom you have.
Sent from my SGH-T679 using xda app-developers app
---------- Post added at 03:32 PM ---------- Previous post was at 03:18 PM ----------
Found an app that does what you are looking for.
https://market.android.com/details?id=com.hogdex.WifiRuler
Haven't tried it myself, as I just don't connect automatically and don't manually connect very often outside of a few places.
Sent from my SGH-T679 using xda app-developers app

I figured things out. For one, after I added the iptable rule, I needed to REBOOT my phone for it to apply (which I wasn't doing). Secondly, I needed to use the LAN Mac Address (NOT the BSSID/Wireless MAC address) in order for the iptable rule to work.
Thirdly, I downloaded AFWall+. It allowed me to set it as administrator to prevent uninstallation. The only thing missing is that the developer needs to password protect removing the app as administrator.
Then I downloaded Android Terminal Emulator. In order to find the LAN MAC address for the connection that I am looking to block, I typed this into the emulator:
Code:
arp -n
Then I used the MAC address that was given in the terminal and put that into this rule here to be place in "custom scripts" in the firewall:
Code:
$IPTABLES -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP