I'm using now v22.03.0 on Archer C6 V2 US. However, I remember this issue also happened with v19.
I want to create some rules to restrict some traffic at specific times of day. I created my rules on LuCi Firewall - Traffic Rules. Problem is, firewall applies this config:
chain forward {
type filter hook forward priority filter; policy drop;
ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
iifname "eth0.2" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
jump handle_reject
}
This means, established and related connections are allowed BEFORE jumping to my forward_lan rules. Then, if someone is watching a YouTube video, as the connection is already established, it keeps connected until the end of the video.
In old v19 I used to use the manual firewall rules to override my rules on a chain before. What is the proper way to put my rules before now?
Thanks @jow, I've been able to create the file, and it works great now, rules are applied before the established,related rule, so now YouTube video stops as expected.
One more question: Is it possible to use in the file the same rules created from LuCi interface? Let me explain: I would like to have the convenience of management using LuCi web interface, as there is a small check there to turn specific rules on/off. Even someone else could just login to LuCi and check/uncheck the rules needed. However, with the nft file method, I would need to SSH to the router, then vi 90-rules.nft and then #comment the specific line, which is a bit more complex.