iptables zerschossen --> Probleme mit Internetzugang

Hey Leute,

ich habe mir mit DroidWall und AFWall+ wohl meine iptables zerschossen.
Nachdem ich festgestellt habe, dass ich nach Nutzung dieser Apps Probleme beim Internetzugang hatte (auch wenn testweise alles erlaubt wurde) habe ich sie wieder entfernt (auch wenn ich sie gerne weitergenutzt hätte). Nun habe ich nach ein paar Wochen wieder die gleiche Problematik, obwohl ich nicht mehr dran herumgespielt habe.

Folgende Sympthome:
Messenger funktionieren tadellos, Internetseiten oder Apps mit Online Content zu 80% nicht. Meine Googlesuchen über die Startpage funktionieren wiederum tadellos. Zugriff auf meine Fritzbox ist auch nicht möglich (egal ob per Namenauflösung oder IP). Diese ist aber von jedem anderen Gerät einwandfrei zu erreichen.
Im mobilen Internet stellt sich die gleiche Problematik dar, es liegt also definitiv am Gerät.
Der eingetragene DNS-Server funktioniert auch.

Gehe ich ins Terminal und lösche mit "iptables -F" die iptables so funktioniert danach sofort alles wieder einwandfrei?!
Bis ich mein Nexus 5 wieder neustarte, dann schreibt er die Standard-Regeln wieder und es stellt sich die gleiche Problematik dar?!

Aus den iptables werde ich aber nicht schlau und mir fehlt auch die Erfahrung darin (wofür ich nun natürlich schon zuviel herumgepfuscht habe ). Ich weiß nur, dass das Problem irgendwie damit zusammenhängen muss und auch erst auftrat als ich damals die ersten Male DroidWall und AFWall+ im Einsatz hatte.
Diese sind komplett runter vom Phone, sodass ich mich wundere, dass nach jedem Neustart wieder irgendwas passiert, dass meine Internetverbindung nicht richtig funktioniert.
Wie gesagt, ein Löschen der iptables behebt dann wieder sofort alle Probleme...

Kann mir jemand weiterhelfen?

Im nächsten Post werde ich mal noch meine iptables nach dem Neustart auflisten, womit die Probleme dann wieder da sind.

Dankeschön!

Gruß Berzi

Ach noch als Zusatz:
Ich habe die iptables mit einem anderen Nexus 5 unter Marshmallow (welches keine Probleme aufweist) verglichen und komischerweise sehen die bis auf eine Chain genau gleich aus.
Die zusätzliche Chain lautet:
Chain bw_costly_rmnet0 (2 references)
target prot opt source destination
bw_penalty_box all -- anywhere anywhere
REJECT all -- anywhere anywhere ! quota rmnet0: 9223372036854775807 bytes reject-with icmp-port-unreachable

Diese wird dann noch in bw_INPUT und bw_OUTPUT integriert, das wars dann aber schon an Unterschied... Ich bin am Ende mit meinem Latein

Hier mal noch meine iptables nach "iptables -L" nach dem Neustart, womit die Probleme dann wieder da sind:

Chain INPUT (policy ACCEPT)
target prot opt source destination
bw_INPUT all -- anywhere anywhere
fw_INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
oem_fwd all -- anywhere anywhere
fw_FORWARD all -- anywhere anywhere
bw_FORWARD all -- anywhere anywhere
natctrl_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
oem_out all -- anywhere anywhere
fw_OUTPUT all -- anywhere anywhere
st_OUTPUT all -- anywhere anywhere
bw_OUTPUT all -- anywhere anywhere
Chain bw_FORWARD (1 references)
target prot opt source destination
Chain bw_INPUT (1 references)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
all -- anywhere anywhere owner socket exists
Chain bw_OUTPUT (1 references)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
all -- anywhere anywhere owner socket exists
Chain bw_costly_shared (0 references)
target prot opt source destination
bw_penalty_box all -- anywhere anywhere
Chain bw_happy_box (0 references)
target prot opt source destination
Chain bw_penalty_box (1 references)
target prot opt source destination
Chain fw_FORWARD (1 references)
target prot opt source destination
Chain fw_INPUT (1 references)
target prot opt source destination
fw_standby all -- anywhere anywhere
Chain fw_OUTPUT (1 references)
target prot opt source destination
fw_standby all -- anywhere anywhere
Chain fw_dozable (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere owner UID match 0-9999
DROP all -- anywhere anywhere
Chain fw_standby (2 references)
target prot opt source destination
DROP all -- anywhere anywhere owner UID match u0_a1
DROP all -- anywhere anywhere owner UID match u0_a3
DROP all -- anywhere anywhere owner UID match u0_a7
DROP all -- anywhere anywhere owner UID match u0_a11
DROP all -- anywhere anywhere owner UID match u0_a12
DROP all -- anywhere anywhere owner UID match u0_a13
DROP all -- anywhere anywhere owner UID match u0_a14
DROP all -- anywhere anywhere owner UID match u0_a15
DROP all -- anywhere anywhere owner UID match u0_a17
DROP all -- anywhere anywhere owner UID match u0_a18
DROP all -- anywhere anywhere owner UID match u0_a19
DROP all -- anywhere anywhere owner UID match u0_a21
DROP all -- anywhere anywhere owner UID match u0_a23
DROP all -- anywhere anywhere owner UID match u0_a24
DROP all -- anywhere anywhere owner UID match u0_a25
DROP all -- anywhere anywhere owner UID match u0_a26
DROP all -- anywhere anywhere owner UID match u0_a28
DROP all -- anywhere anywhere owner UID match u0_a29
DROP all -- anywhere anywhere owner UID match u0_a31
DROP all -- anywhere anywhere owner UID match u0_a33
DROP all -- anywhere anywhere owner UID match u0_a34
DROP all -- anywhere anywhere owner UID match u0_a36
DROP all -- anywhere anywhere owner UID match u0_a37
DROP all -- anywhere anywhere owner UID match u0_a38
DROP all -- anywhere anywhere owner UID match u0_a39
DROP all -- anywhere anywhere owner UID match u0_a40
DROP all -- anywhere anywhere owner UID match u0_a41
DROP all -- anywhere anywhere owner UID match u0_a42
DROP all -- anywhere anywhere owner UID match u0_a43
DROP all -- anywhere anywhere owner UID match u0_a44
DROP all -- anywhere anywhere owner UID match u0_a45
DROP all -- anywhere anywhere owner UID match u0_a46
DROP all -- anywhere anywhere owner UID match u0_a48
DROP all -- anywhere anywhere owner UID match u0_a50
DROP all -- anywhere anywhere owner UID match u0_a51
DROP all -- anywhere anywhere owner UID match u0_a52
DROP all -- anywhere anywhere owner UID match u0_a53
DROP all -- anywhere anywhere owner UID match u0_a54
DROP all -- anywhere anywhere owner UID match u0_a55
DROP all -- anywhere anywhere owner UID match u0_a57
DROP all -- anywhere anywhere owner UID match u0_a59
DROP all -- anywhere anywhere owner UID match u0_a60
DROP all -- anywhere anywhere owner UID match u0_a61
DROP all -- anywhere anywhere owner UID match u0_a62
DROP all -- anywhere anywhere owner UID match u0_a63
DROP all -- anywhere anywhere owner UID match u0_a64
DROP all -- anywhere anywhere owner UID match u0_a65
DROP all -- anywhere anywhere owner UID match u0_a66
DROP all -- anywhere anywhere owner UID match u0_a67
DROP all -- anywhere anywhere owner UID match u0_a68
DROP all -- anywhere anywhere owner UID match u0_a71
DROP all -- anywhere anywhere owner UID match u0_a72
DROP all -- anywhere anywhere owner UID match u0_a74
DROP all -- anywhere anywhere owner UID match u0_a75
DROP all -- anywhere anywhere owner UID match u0_a76
DROP all -- anywhere anywhere owner UID match u0_a77
DROP all -- anywhere anywhere owner UID match u0_a78
DROP all -- anywhere anywhere owner UID match u0_a79
DROP all -- anywhere anywhere owner UID match u0_a81
DROP all -- anywhere anywhere owner UID match u0_a82
DROP all -- anywhere anywhere owner UID match u0_a83
DROP all -- anywhere anywhere owner UID match u0_a84
DROP all -- anywhere anywhere owner UID match u0_a87
DROP all -- anywhere anywhere owner UID match u0_a88
DROP all -- anywhere anywhere owner UID match u0_a90
DROP all -- anywhere anywhere owner UID match u0_a91
DROP all -- anywhere anywhere owner UID match u0_a95
DROP all -- anywhere anywhere owner UID match u0_a101
DROP all -- anywhere anywhere owner UID match u0_a103
DROP all -- anywhere anywhere owner UID match u0_a105
DROP all -- anywhere anywhere owner UID match u0_a109
DROP all -- anywhere anywhere owner UID match u0_a111
DROP all -- anywhere anywhere owner UID match u0_a115
DROP all -- anywhere anywhere owner UID match u0_a116
DROP all -- anywhere anywhere owner UID match u0_a117
DROP all -- anywhere anywhere owner UID match u0_a118
DROP all -- anywhere anywhere owner UID match u0_a119
DROP all -- anywhere anywhere owner UID match u0_a121
DROP all -- anywhere anywhere owner UID match u0_a122
DROP all -- anywhere anywhere owner UID match u0_a123
DROP all -- anywhere anywhere owner UID match u0_a124
DROP all -- anywhere anywhere owner UID match u0_a125
DROP all -- anywhere anywhere owner UID match u0_a126
DROP all -- anywhere anywhere owner UID match u0_a128
DROP all -- anywhere anywhere owner UID match u0_a130
DROP all -- anywhere anywhere owner UID match u0_a132
DROP all -- anywhere anywhere owner UID match u0_a133
DROP all -- anywhere anywhere owner UID match u0_a134
DROP all -- anywhere anywhere owner UID match u0_a135
DROP all -- anywhere anywhere owner UID match u0_a136
DROP all -- anywhere anywhere owner UID match u0_a137
DROP all -- anywhere anywhere owner UID match u0_a139
DROP all -- anywhere anywhere owner UID match u0_a140
DROP all -- anywhere anywhere owner UID match u0_a142
DROP all -- anywhere anywhere owner UID match u0_a143
DROP all -- anywhere anywhere owner UID match u0_a144
DROP all -- anywhere anywhere owner UID match u0_a145
DROP all -- anywhere anywhere owner UID match u0_a146
DROP all -- anywhere anywhere owner UID match u0_a148
DROP all -- anywhere anywhere owner UID match u0_a149
DROP all -- anywhere anywhere owner UID match u0_a150
DROP all -- anywhere anywhere owner UID match u0_a152
DROP all -- anywhere anywhere owner UID match u0_a153
DROP all -- anywhere anywhere owner UID match u0_a155
DROP all -- anywhere anywhere owner UID match u0_a156
DROP all -- anywhere anywhere owner UID match u0_a158
DROP all -- anywhere anywhere owner UID match u0_a160
DROP all -- anywhere anywhere owner UID match u0_a161
DROP all -- anywhere anywhere owner UID match u0_a162
DROP all -- anywhere anywhere owner UID match u0_a163
DROP all -- anywhere anywhere owner UID match u0_a164
DROP all -- anywhere anywhere owner UID match u0_a167
DROP all -- anywhere anywhere owner UID match u0_a168
DROP all -- anywhere anywhere owner UID match u0_a169
DROP all -- anywhere anywhere owner UID match u0_a170
DROP all -- anywhere anywhere owner UID match u0_a172
DROP all -- anywhere anywhere owner UID match u0_a173
Chain natctrl_FORWARD (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain natctrl_tether_counters (0 references)
target prot opt source destination
Chain oem_fwd (1 references)
target prot opt source destination
Chain oem_out (1 references)
target prot opt source destination
Chain st_OUTPUT (1 references)
target prot opt source destination
Chain st_clear_caught (2 references)
target prot opt source destination
Chain st_clear_detect (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
CONNMARK tcp -- anywhere anywhere u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x4&0xff0000=0x10000" CONNMARK or 0x1000000
CONNMARK udp -- anywhere anywhere u32 "0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000" CONNMARK or 0x1000000
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
st_clear_caught tcp -- anywhere anywhere state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0"
st_clear_caught udp -- anywhere anywhere
Chain st_penalty_log (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK or 0x1000000
NFLOG all -- anywhere anywhere
Chain st_penalty_reject (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK or 0x2000000
NFLOG all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable