Firewall rule not applied without reboot

Hello!
I have a TP-Link TL-WDR4300 v1 and OpenWrt 19.07.7 r11306-c4a6851c72.
I configure it with luci.

In past i used it as simple AP, but now i want to use it as FW Router.
So i tried a simple test, to disable the default "Allow-Ping" Rule on the WAN side.
I clicked save and apply, but the ping does not stop.
Only when i restart the router, the ping stops.
But when i enable the rule again and click save and apply, the rule works in 2 seconds without a reboot and the ping come back.
Also when i activate it and change from allow to reject, it needs a reboot.

So it seems allow rules are working instantly and block rules only with a reboot.
Is this a normal behaviour?
In past i configured different firewalls but on every system rules need no reboot.

Thanks for help and sorry for my bad english!
:slight_smile:

1 Like

That could be related to connection tracking.
There are rules that specifically allow RELATED, ESTABLISHED and DNAT connection states:
https://ipset.netfilter.org/iptables-extensions.man.html#:~:text=States%20for%20--ctstate:
You may want to restart the firewall service to reset the conntrack data.

2 Likes

Thanks, this was the solution!

This works:

service firewall restart
1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.