Firewall4 with custom transparent nft setup

terryding77 · February 17, 2023, 5:58pm

I use an prebuilt openwrt 22.03.3 image which installed firewall4 by default.
after I read document of site. I put below code into /etc/firewall.nft

table inet mytable {
        .......some other chain
        chain divert {
                type filter hook prerouting priority mangle; policy accept;
                meta l4proto tcp socket transparent 1 meta mark set 0x00000001 accept
        }
}

with restart of firewall by command "service firewall restart", I got this error

/etc/firewall.nft:24:34-51: Error: Could not process rule: No such file or directory
                meta l4proto tcp socket transparent 1 meta mark set 0x00000001 accept
                                 ^^^^^^^^^^^^^^^^^^
The rendered ruleset contains errors, not doing firewall restart.

I am not familiar with nft, Is there any opkg package should manual install?

pavelgl · February 17, 2023, 7:01pm

opkg update; opkg install kmod-nf-socket kmod-nft-socket

terryding77 · February 18, 2023, 3:35pm

thanks~ it works!

system · February 28, 2023, 3:36pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.