#############################################################################################
#ipv6 is designed for IOT, and I don't need everything I use to be connected to the internet. 
#recommend to disable router's ipv6 or disable your android device's ipv6
#############################################################################################
#!/system/bin/sh
#--filename:ggblock--
#recommend manual static ip address for wifi,remove /etc/dhcpcd/
#iptables rules will always effect utill reboot or rebooted
#this script need rooted android phone
#I found the ipv6 can be disable temparily with [echo x > /proc/net/ipv6/conf/xxxx] after enable wifi,but when you reconnect wifi,it will enable automaitically
#running this script after enable wifi
ip link set wlan0 up
ip link set lo up
echo 1 > /proc/sys/net/ipv6/conf/wlan0/disable_ipv6
echo 0 > /proc/sys/net/ipv6/conf/wlan0/use_tempaddr
echo 1 > /proc/sys/net/ipv6/conf/lo/disable_ipv6
ip link set sit0 down
ip link set dummy0 down
ip link set rmnet0 down
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d 172.217.160.0/24 -j DROP
iptables -A OUTPUT -d 172.217.163.0/24 -j DROP
iptables -A OUTPUT -d 185.45.7.0/24 -j DROP 
iptables -A OUTPUT -d 59.24.3.0/24 -j DROP
iptables -A OUTPUT -d 31.13.94.0/24 -j DROP
iptables -A OUTPUT -d 8.7.198.0/24 -j DROP
iptables -A OUTPUT -d 142.251.43.0/24 -j DROP
iptables -A OUTPUT -d 142.251.42.0/24 -j DROP
iptables -A OUTPUT -d 157.240.2.0/24 -j DROP
iptables -A OUTPUT -d 172.236.182.0/24 -j DROP
iptables -A OUTPUT -d 80.87.199.0/24 -j DROP
iptables -A OUTPUT -d 104.244.45.0/24 -j DROP
iptables -A OUTPUT -d 162.125.32.0/24 -j DROP
iptables -A OUTPUT -d 203.208.41.0/24 -j DROP
iptables -A OUTPUT -d 203.208.40.0/24 -j DROP
iptables -A OUTPUT -d 173.252.88.0/24 -j DROP
iptables -A OUTPUT -d 72.167.249.0/24 -j DROP
iptables -A OUTPUT -d 179.60.193.0/24 -j DROP
iptables -A OUTPUT -d 69.63.178.0/24 -j DROP
iptables -A OUTPUT -d 180.163.150.0/24 -j DROP
iptables -A OUTPUT -d 108.160.161.0/24 -j DROP
iptables -A OUTPUT -d 128.121.243.0/24 -j DROP
iptables -A OUTPUT -d 128.242.240.0/24 -j DROP
iptables -A OUTPUT -d 35.172.124.0/24 -j DROP
iptables -A OUTPUT -d 162.125.2.0/24 -j DROP
iptables -A OUTPUT -d 180.163.151.0/24 -j DROP
iptables -A OUTPUT -d 69.63.186.0/24 -j DROP
iptables -A INPUT -s 192.168.0.0/16 -i wlan0 -j ACCEPT
iptables -A INPUT -s 172.16.0.0/16 -i wlan0 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -i wlan0 -j ACCEPT

-------------------------------------------------------------------------------------------------------------
#a script to block all traffic
#!/system/bin/sh
#--filename:blockall--
ip link set lo down
ip link set wlan0 down
ip link set sit0 down
ip link set dummy0 down
ip link set rmnet0 down
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP