Firewall is not blocking

config rule
        list dest_ip ''
        option name ''
        option dest 'wan'
        list src_mac 'XX:XX:XX:XX:XX:XX'
        list src_mac 'XX:XX:XX:XX:XX:XX'  # mine
        option target 'REJECT'
        list proto 'all'
        option src 'lan'

Why is this rule not blocking requests from XX:XX:XX:XX:XX:XX to ?

root@router:~# /etc/init.d/firewall status
active with no instances

EDIT 1: For some reason it's blocking now :face_with_raised_eyebrow: I swear it wasn't blocking... I'll test it further

After restarting router, firewall is working, requests are blocked. Why is a blocking rule requires restarting the router?

They don't - but they do require reloading of the firewall. :wink:

1 Like

issued root@router:~# /etc/init.d/firewall reload and firewall rule is still not working :wink:

  • What about /etc/init.d/firewall restart?
  • Also, is this active/current traffic you're monitoring; or new traffic after applying?
1 Like

After /etc/init.d/firewall restart firewall starts working with a bit delay (30s-1min)

But If I remove my MAC address from the firewall rule and save, firewall allows my MAC immediately, /etc/init.d/firewall restart is not required.

1 Like

I have a time restricted firewall rule.
What's the point of having a time restricted firewall rule if firewall is applied on new connections?
Wouldn't someone be able to connect to internet forever as long as they use the same connection?

  • (TCP and UDP connections have a timeout timer.)
  • Also note - There is a concept of Established and Related connections in the firewall :bulb: - so a current connection at restart of the firewall would already be Established and hence, allowed :wink:
1 Like

So a client eventually(after TCP or UDP timeout) will be blocked when time restriction firewall rule begins?


(My bad, I thought that part was already explained/understood.)

BTW, it doesn't matter that it's a time rule - it seems the observation you're experiencing is because of your noting existing Established/Related connections during your test.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.