Is it possible to create a custom chain using UCI commands?
Currently, I add a chain (and its contents) using command in /etc/firewall.user, e.g.:
iptables -t filter -N limited_input && ...
And after that some my scripts "on the fly" add/modify rules using this chain by UCI, e.g. :
uci set firewall.some_rul=rule &&\
uci set firewall.some_rul.src="wan" &&\
uci set firewall.some_rul.dest_port="$PORT" &&\
uci set firewall.some_rul.proto="$PROTO" &&\
uci set firewall.some_rul.extra="-j limited_input"
But in case of firewall restarting (/etc/init.d/firewall restart) all rules that uses the limited_input chain cannot be (re)created, because file /etc/firewall.user is processed last of all and my chain doesn't exist yet.
I am interested in a specific question: is it possible to add new chains using UCI or not?
The Wiki says
firewall.user is the proper location. In addition, there's a setting
custom_chains to use chains in
Wouldn't it work to add the chain specific rules in the firewall.user file too, rather than the main firewall config?
As I said earlier, rules that use the "
limited_input" chain are added/modified/deleted by scripts during operation, these rules are not permanently stored in
/etc/config/firewall or in
/etc/firewall.user. And it’s very convenient to manipulate these rules through UCI commands (
uci revert firewall.some_rul, uci set firewall.some_rul.dest_port=...).
No, this is not possible.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.