FrancYescO
commented
2 years ago Maybe i'm wrong but i think this only work (or at least the modal is made) for inbound traffic
Open knightian opened 2 years ago
FrancYescO
commented
2 years ago Maybe i'm wrong but i think this only work (or at least the modal is made) for inbound traffic
knightian
commented
2 years ago Maybe i'm wrong but i think this only work (or at least the modal is made) for inbound traffic
Surely not? How can you have a destination of 8.8.8.8 for something that is incoming the rule would be invalid in that case right? You would be restricting the destination IP to ones that were on the lan if that were true.
FrancYescO
commented
2 years ago if you don't wont to follow RFCs you are free to use also 8.8.8.8 as a LAN ip so nothing wrong if it was the case ;) but more researches on this should be done, you can check the /etc/config/firewall file to better understand what rules are created, lot of function of this GUI are just taken from the official technicolor GUI, and we don't know for what they have designed
knightian
commented
2 years ago if you don't wont to follow RFCs you are free to use also 8.8.8.8 as a LAN ip so nothing wrong if it was the case ;) but more researches on this should be done, you can check the /etc/config/firewall file to better understand what rules are created, lot of function of this GUI are just taken from the official technicolor GUI, and we don't know for what they have designed
From what I can see, the content in /etc/config/firewall makes its way into the iptables chains. Hopwever it looks like the rules entered by the user in the gui, whilst they are wrote to /etc/config/firewall, they are not being put in the iptables chains.
FrancYescO
commented
2 years ago have you tried if it work after a restart?
knightian
commented
2 years ago have you tried if it work after a restart?
Yep I tried that, because I notice my port forwarding only works after a restart so I tried after making those rules as well, didn't work :(
FrancYescO
commented
2 years ago so maybe something with 16.3 fw that is pretty old.
you can try to stole the /etc/init.d/firewall from a newer firmware (if you find something different) https://github.com/FrancYescO/tch_firmware_extracted/blob/AGTHP_2.3.2_CLOSED/etc/init.d/firewall
FrancYescO
commented
2 years ago also take a look at the logs when restarting.
NB: Before submitting an issue, check if there is one already open that suits the problem you are having!
Device Model/Firmware: TG789MYRvac/16.3.7190-2761005-20161004084353 GUI Version: 9.6.90-d57fe377
Description of problem, HOW TO REPRODUCE, Media/Photos:
I set the Firewall into user mode and I create some rules to block traffic out to Google DNS:
It does not block traffic to those IP addresses. Even if I restart the modem, it still doesn't block traffic to those IP addresses defined in my rules: