I am new to OpenWRT. I can't find any installation or configuration documentation for bcp38. Please can you point me in the right direction?
If I remember correctly, there is a package called bcp38 or similar...
I have installed bcp38 and also luci-app-bcp38 through luci. However, I can't find any bcp38 interface!
Or, a simple rule:
I like your idea, but it's probably better to update the post to rely entirely on the firewall config:
I previous had to load 400+ firewall rules/subnets. Needless to say, I had to migrate them to ipset instead.
But yes, this is a small list of subnets and iptables could be used.
It looks like you misunderstood me.
I am not against IP sets and their use is perfectly justified for the current task.
What I mean is that it is best to define the IP set for BCP38 in the same firewall configuration using the UCI syntax.
Sorry for the silly question, but I can't find a straightforward answer.
The bcp38 should be configured on
the lan, the bridge-lan, the wan?
By logic I'd say on the wan interface but...
Can anybody clarify this point a bit?
BCP38 is meant to filter out packets on WAN with an IP address that can only be used in a LAN. You should configure it on a WAN interface with a public IP address, and never on a LAN interface with a private IP address.
Does your network topology justify the use of bcp38?
The usual home scenario with NAT of private IPs doesn't need it.
In that case, in which scenario it should be used?
where you route ( not NAT ) public prefixes...
it's like the mailman putting letters in your mailbox for 'darkman'... you wouldn't open it... with NAT... you wont open anything(forward/accept) that wasn't first requested... and it's highly unlikely your router would have knowledge/ability to forward to unknown public prefixes ( darkman lives in granny flat out the back )
96% chance your providers bgp edges already operate such features anyway...