Open PolynomialDivision opened 2 years ago
Firewall 3 is not intalling the correct ip6tables-legacy variant, see:
root@openwrt~# opkg list | grep iptables
iptables-mod-ipopt - 1.8.7-7
iptables-zz-legacy - 1.8.7-7
root@openwrt:~# opkg list | grep ip6tables
ip6tables-nft - 1.8.7-7
kmod-ip6tables - 5.10.127-1
Ping @champtar
What step did you follow to get in this situation ? Are you sure ip6tables-nft was not already selected/installed?
You can compile an image using
git clone https://github.com/freifunk-berlin/bbb-configs
and then
ansible-playbook play.yml --limit ak36-core --tags image
Short story, I compile an image with imagebuilder using -firewall4
and firewall
. Interesting olsr seems to depend on ip6tables-nft:
opkg remove ip6tables-nft
No packages removed.
Collected errors:
* print_dependents_warning: Package ip6tables-nft is depended upon by packages:
* print_dependents_warning: olsrd
* print_dependents_warning: These might cease to work if package ip6tables-nft is removed.
olsrd need to depend on ip6tables again (now that my hack is merged), and in your images conf you need to explicitly depend on iptables-legacy / ip6tables-legacy
I'm not sure you need custom rules just for mss clamping btw
olsrd need to depend on ip6tables again (now that my hack is merged)
It already does? https://github.com/openwrt/routing/blob/9abed610185f60c7e2054f5466e0ba2c225154e7/olsrd/Makefile#L37
and in your images conf you need to explicitly depend on iptables-legacy / ip6tables-legacy
Shouldn't firewall3 automatically use ip(6)tables-legacy? Why is that needed?
I'm not sure you need custom rules just for mss clamping btw
Can you give me an example how to do it without custom rule?
Include custom rules in
/etc/firewall.user
:Now the ip6tables will fail with following on a restart of the firewall:
The normal iptables work flawlessly. To fix it, install ip6ables-legacy and use
ping @jow-