Closed PWJW closed 5 months ago
Hmm, it looks like "ipset" is not installed on my openwrt (custom build).
$ ipset
ipset: not found
and dnsmasq was built without ipset/nfset support:
$ dnsmasq -v
Dnsmasq version 2.90 Copyright (c) 2000-2024 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
What openwrt package(s) should be added to support ipset and domain whitelists, whist retaining default openwrt support for firewall4 and nft?
Thanks
uspot does not use ipset but nftsets (although the uci terminology is the same). Please try your configuration on a standard OpenWrt build before reporting a problem: if it works then the issue is with your custom build. Standard build dnsmasq supports nftsets by default since 23.05. Thanks
I'm following the documentation in order to allow certain domains to be allowed before authentication (walled garden), but no matter what I put in the list, I cannot access these sites.
Am I missing something, or some other script? How does it match against the domains to allow traffic through the firewall (with them not being IP's)...
/etc/config/firewall
/etc/config/dhcp
Connecting to the SSID, opening a browser and trying to visit any of those 3 domains in the whitelist do not work ad it just gives me the usual cannot connect error like trying to visit any non-whitelisted domain.
Meanwhile. I can ccess the 35.201 IP I've set in the
config ipset
rule in the firewall.$ nft list sets
Thoughts?
Thanks.