[22.03] Translate extra/raw firewall rules

This can't exist on boot...but...I made the rule...

root@OpenWrt:~# /etc/init.d/firewall reload
Unable to load file '/tmp/test.list' for set 'test_set': No such file or directory

Although... :partying_face:

root@OpenWrt:~# nft list set inet fw4 test_set
table inet fw4 {
        set test_set {
                type ipv4_addr

It created a blank set!


root@OpenWrt:~# wget "https://www.example.com/list.txt" -O ->> /tmp/test.list
root@OpenWrt:~# ls -l /tmp/test.list 
-rw-r--r--    1 root     root        203862 Oct  3 18:52 /tmp/test.list
root@OpenWrt:~# /etc/init.d/firewall reload
##there was a few seconds pause


rm /tmp/test.list
root@OpenWrt:~# wget "https://www0.example.com/list.txt" -O ->> /tmp/test.list && wget "https://www1.example.com/list.txt" -O ->> /tmp/test.list && wget "https://www2.example.com/list.txt" -O ->> /tmp/test.list && wget "https://www3.example.com/list.txt" -O ->> /tmp/test.list && wget "https://www0.example.com/list.txt" -O ->> /tmp/test.list
root@OpenWrt:~# ls -l /tmp/test.list 
-rw-r--r--    1 root     root       2581855 Oct  3 19:05 /tmp/test.list
root@OpenWrt:~#  /etc/init.d/firewall reload


It took 13 seconds!

  • Now the script must reload the whole firewall and not just the set in question...with about a ~15-20 second freeze
    • (I wonder if someone could show a link to this code???)
  • The files containing the loaded sets must remain present in /tmp in case the firewall is reloaded (taking memory)

These 2 dynamic scripts just load the file into /tmp/*.txt and does't delete it, and the radio route set still uses the nft loop in another call script...so...

netlink: Error: Could not process rule: No buffer space available



root@OpenWrt:/etc/config# ls -l /tmp/*.txt
-rw-r--r--    1 root     root       2581747 Oct  3 19:42 /tmp/block_list.txt
-rw-r--r--    1 root     root         11077 Oct  3 19:42 /tmp/geo_list.txt