list dest_ip '220.127.116.11'
option name '1drv.ms'
option dest 'wan'
list src_mac 'XX:XX:XX:XX:XX:XX'
list src_mac 'XX:XX:XX:XX:XX:XX' # mine
option target 'REJECT'
list proto 'all'
option src 'lan'
Why is this rule not blocking requests from
root@router:~# /etc/init.d/firewall status
active with no instances
EDIT 1: For some reason it's blocking now I swear it wasn't blocking... I'll test it further
After restarting router, firewall is working, requests are blocked. Why is a blocking rule requires restarting the router?
They don't - but they do require reloading of the firewall.
root@router:~# /etc/init.d/firewall reload and firewall rule is still not working
/etc/init.d/firewall restart firewall starts working with a bit delay (30s-1min)
But If I remove my MAC address from the firewall rule and save, firewall allows my MAC immediately,
/etc/init.d/firewall restart is not required.
I have a time restricted firewall rule.
What's the point of having a time restricted firewall rule if firewall is applied on new connections?
Wouldn't someone be able to connect to internet forever as long as they use the same connection?
So a client eventually(after TCP or UDP timeout) will be blocked when time restriction firewall rule begins?
(My bad, I thought that part was already explained/understood.)
BTW, it doesn't matter that it's a time rule - it seems the observation you're experiencing is because of your noting existing Established/Related connections during your test.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.