Firewall.user is not applied

After upgrade to one of the latest snapshots(I don't know exactly when it happened, but it was on 2022) my firewall.user script stopped to work.
If I run this script manually, it works.
In firewall config I have:

config include
	option path '/etc/firewall.user'
	option reload '1'

This is my firewall.user:


What is wrong? Why firewall.user does not start automatically?

You'll find a more detailed explanation via the forum search, but in short. firewall.user was supported by the iptables based fw3, but isn't by the nftables based fw4, which became the default in master recently. Basically because existing iptables calls wouldn't work with nftables to begin with, but also because those calls wouldn't hook into the right rule sets (different layering), fw4 allows slightly different means to add custom rules - so similar functionality remains, but you have to use it differently.

Thanks, @slh !

In my user script I have several such commands:

iptables -t nat -A REDSOCKS -p tcp -d -j REDIRECT --to-port 2005

How can I make it working with fw4?

I made nft-file in /etc/nftables.d

chain user_prerouting {
    type nat hook prerouting priority -100;
    ip protocol tcp ip daddr xx.xx.xx.xx redirect to :2005

And it works.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.