Fw4 problems since upgrade from release 21 to 22

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello, I tried to upgrade vom 21 to release 22.03.3 but I have several problems with the new firewall. I thought all rulues would be "translated" by itself, but that was wrong...

  1. problem

my custom rules don't work anymore, how can I translate them and store them into a file. I already tried

iptables-restore-translate -f rules.iptables > rules.nft

but it fails with:

iptables-translate-restore: line 1 failed

my rules are:

iptables -t nat -A PREROUTING -i br-lan.90 -p tcp --dport 9050 -j REDIRECT --to-ports 9050
iptables -t nat -A PREROUTING -i br-lan.90 -p udp --dport 53 -j REDIRECT --to-ports 9053
iptables -t nat -A PREROUTING -i br-lan.90 -p tcp --syn -j REDIRECT --to-ports 9040
  1. problem

when restarting the firewall it brings two messages:

Section @include[0] is not marked as compatible with fw4, ignoring section
Section @include[0] requires 'option fw4_compatible 1' to be considered compatible

what can I do about it?
thx in advance!

so long

1 Like
2

The easiest way is to translate/reduce to UCI syntax and add to /etc/config/firewall

This can be easily done on the web GUI without needing to learn the syntax (here: https://openwrt.org/docs/guide-user/firewall/firewall_configuration).

This is because the custom file was used in fw3.

1 Like
3

thx for your answer, but I don't know how to set that 3 rules to /etc/config/firewall neither by using UCI? Can you help? Did you check my 3 "special" rules? :wink:

so long

4

It looks like Tor redirects, here's a working example:
https://openwrt.org/docs/guide-user/services/tor/client

You can customize the source zone name and destination port numbers in the web interface after creating the redirects.

2 Likes
5

@vgaetera thx a lot! you are the best :smiley:

2 Likes
6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.