Hello!
I have a TP-Link TL-WDR4300 v1 and OpenWrt 19.07.7 r11306-c4a6851c72.
I configure it with luci.

In past i used it as simple AP, but now i want to use it as FW Router.
So i tried a simple test, to disable the default "Allow-Ping" Rule on the WAN side.
I clicked save and apply, but the ping does not stop.
Only when i restart the router, the ping stops.
But when i enable the rule again and click save and apply, the rule works in 2 seconds without a reboot and the ping come back.
Also when i activate it and change from allow to reject, it needs a reboot.

So it seems allow rules are working instantly and block rules only with a reboot.
Is this a normal behaviour?
In past i configured different firewalls but on every system rules need no reboot.

Thanks for help and sorry for my bad english!

That could be related to connection tracking.
There are rules that specifically allow RELATED, ESTABLISHED and DNAT connection states:
https://ipset.netfilter.org/iptables-extensions.man.html#:~:text=States%20for%20--ctstate:
You may want to restart the firewall service to reset the conntrack data.

Thanks, this was the solution!

This works:

service firewall restart

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.