Hi all.
I have a very basic follow firewall configuration:
root@OpenWrt:/# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].custom_chains='1'
firewall.@defaults[0].drop_invalid='1'
firewall.@defaults[0].synflood_protect='1'
firewall.@defaults[0].synflood_rate='25/s'
firewall.@defaults[0].synflood_burst='50'
firewall.@defaults[0].tcp_ecn='1'
firewall.@defaults[0].tcp_syncookies='1'
firewall.@defaults[0].tcp_window_scaling='1'
After commit, typing command reload command:
fw4 reload
an issue occur (fw4 script equipted with set -x):
root@OpenWrt:/# fw4 reload
+ set -o pipefail
+ MAIN=/usr/share/firewall4/main.uc
+ LOCK=/var/run/fw4.lock
+ STATE=/var/run/fw4.state
+ VERBOSE=
+ '[' -e /dev/stdin ]
+ STDIN=/dev/stdin
+ '[' -t 2 ]
+ export 'TTY=1'
+ '[' -n reload ]
+ break
+ start reload
+ flock -x 1000
+ '[' '!' -f /var/run/fw4.state ]
+ rm -f /var/run/fw4.state
+ nft -f /dev/stdin
+ ACTION=start utpl -S /usr/share/firewall4/main.uc
Section @defaults[0] option 'custom_chains' is not supported by fw4
/dev/stdin:21:8-12: Error: Could not process rule: Not supported
chain input {
^^^^^
/dev/stdin:31:8-14: Error: Could not process rule: Not supported
chain forward {
^^^^^^^
/dev/stdin:39:8-13: Error: Could not process rule: Not supported
chain output {
^^^^^^
/dev/stdin:48:8-17: Error: Could not process rule: Not supported
chain prerouting {
^^^^^^^^^^
/dev/stdin:67:8-13: Error: Could not process rule: Not supported
chain dstnat {
^^^^^^
/dev/stdin:71:8-13: Error: Could not process rule: Not supported
chain srcnat {
^^^^^^
/dev/stdin:80:8-21: Error: Could not process rule: Not supported
chain raw_prerouting {
^^^^^^^^^^^^^^
/dev/stdin:84:8-17: Error: Could not process rule: Not supported
chain raw_output {
^^^^^^^^^^
/dev/stdin:93:8-24: Error: Could not process rule: Not supported
chain mangle_prerouting {
^^^^^^^^^^^^^^^^^
/dev/stdin:97:8-25: Error: Could not process rule: Not supported
chain mangle_postrouting {
^^^^^^^^^^^^^^^^^^
/dev/stdin:101:8-19: Error: Could not process rule: Not supported
chain mangle_input {
^^^^^^^^^^^^
/dev/stdin:105:8-20: Error: Could not process rule: Not supported
chain mangle_output {
^^^^^^^^^^^^^
/dev/stdin:109:8-21: Error: Could not process rule: Not supported
chain mangle_forward {
^^^^^^^^^^^^^^
/dev/stdin:21:8-12: Error: Could not process rule: No such file or directory
chain input {
^^^^^
/dev/stdin:21:8-12: Error: Could not process rule: No such file or directory
chain input {
^^^^^
/dev/stdin:21:8-12: Error: Could not process rule: No such file or directory
chain input {
^^^^^
/dev/stdin:21:8-12: Error: Could not process rule: No such file or directory
chain input {
^^^^^
/dev/stdin:31:8-14: Error: Could not process rule: No such file or directory
chain forward {
^^^^^^^
/dev/stdin:31:8-14: Error: Could not process rule: No such file or directory
chain forward {
^^^^^^^
/dev/stdin:31:8-14: Error: Could not process rule: No such file or directory
chain forward {
^^^^^^^
/dev/stdin:39:8-13: Error: Could not process rule: No such file or directory
chain output {
^^^^^^
/dev/stdin:39:8-13: Error: Could not process rule: No such file or directory
chain output {
^^^^^^
/dev/stdin:39:8-13: Error: Could not process rule: No such file or directory
chain output {
^^^^^^
/dev/stdin:53:20-25: Error: Could not process rule: No such file or directory
meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
^^^^^^
/dev/stdin:54:3-8: Error: Could not process rule: No such file or directory
reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
^^^^^^
+ ACTION=includes utpl -S /usr/share/firewall4/main.uc
Thanks in advance for support.
Fabrizio.