Open Some1OnLine opened 3 years ago
k-szuster
commented
3 years ago Do you mean, that you've got some rule on top. And that rule acceptr a packet without further filtering? AFAIK it shouldn/t happen in typical openwrt configuration. Do you have other modifications to the firewall's configuration?
Regards, Krzysztof
Some1OnLine
commented
3 years ago Yes., There where allow rules at the top of the Rules of the list that im guessing OpenWRT put there by default. Im using stock OpenWRT 19.07.04. I have a handfull of Ports fordwarded from WAN to LAN but other than that I think thats about it. To be honest im not an expert by any means with iptables. Not a big issue just thought I would ask. The below screen shot is the rules that are now at the bottom but where at the top.
~SOL
k-szuster
commented
3 years ago I cannot see any rules, which would conflict with access-control ones. The standard rules, you quoted, concern incoming traffic for standard services, such as DHCP, DNS, ping etc.. Access-control rules suppress selected outgoing packets. In firewall, there is no generic rule allowing output traffic, that would override our rules. 19.07 is pretty new. I don't have it on my network, only older releases. May be it matters...
dongshimou
commented
3 years ago same question. device: r7800 version: OpenWrt 19.07.5 r11257-5090152ae3 configure the Client Rules. but it's not work.
I have noticed that when adding a new rule via this package it adds it to the firewall rule list at the bottom of the list and as such does not block the device. if I manually move the firewall rule to the top and save/apply the setting it blocks the device. Is there a way I can have it add to the top of the firewall rule list automatically or is this expected to happen this way?
Many Thanks,
~SOL