I used to use this tutorial to block a certain ip range from accessing WAN : https://forum.archive.openwrt.org/viewtopic.php?id=64562
after upgrading to FW4, I can't as above method uses iptables.
Anyone who can help me with above tutorial into fw4?
There is a package that will translate old rules. You just have to run the syntax thru it.
Can you share package name?
I think it should be possible to work it out from here:
Seems like a close example is given:
I imagine you can ditch the source MAC and destination IP.
Actually probably just a rule in LuCi can be added:
For entering range I think this may be the only way:
Nftables support intervals by default.
I don't think you can create the rule using LuCI, but the UCI syntax should look like this:
config rule
option name 'Test'
option src 'lan'
option dest 'wan'
option target 'REJECT'
list src_ip '192.168.1.135-192.168.1.150'
list proto 'all'
option start_time '23:55:00'
option stop_time '07:30:00'
Verify that the rule was created correctly:
root@OpenWrt:~# nft list chain inet fw4 forward_lan
table inet fw4 {
chain forward_lan {
ip saddr 192.168.1.135-192.168.1.150 meta hour "23:55"-"07:30" counter packets 0 bytes 0 jump reject_to_wan comment "!fw4: Test"
jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
ct status dnat accept comment "!fw4: Accept port forwards"
jump accept_to_lan
}
}
You would need a new validator function to allow non-CIDR input, then update the firewall application. At least that’s how I think it would need to be changed.
Excellent. Really seems like this should be there in 22.03. I mean facilitating setting up IP range seems like a good idea.
iptables-translate
(Available on desktop distros.)
But it seems your issue is with the syntax.
Hats off to You brother, You really saved my day.
Thanks to everyone who replied here.
IPtables is not supported in FW4.
I know that. That's why you translate.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.