how do i whitelist in IPSET? instead of blocking cidr ranges it whitelists then?
i am using netgear nighthawk x10 r9000 and the version of my openwrt is 6.6.47
how do i whitelist in IPSET? instead of blocking cidr ranges it whitelists then?
i am using netgear nighthawk x10 r9000 and the version of my openwrt is 6.6.47
Please explain what you want to achieve or which problem you are trying to solve.
Same way as blocking, instead of dropping the traffic you permit it, but the default lan->wan rule should reject or drop, not accept.
hello if i do that i would lose the access to my gateway. im so noob could you please help me?
An ipset does not block or allow traffic, it just groups a set of addresses. You can create a firewall rule that blocks all the addresses in the ipset, or you can create a rule that blocks everything except the addresses in the ipset.
would you be able to guide me? im so sorry
Unless it's in your allowed ipset...
yes my ipsets do contain a lot of isp's ip so i would also allow it right?
192.168.1.0/24 i mean i will add this ip
i really dont wanna mess this again and go on to failsafe mode as i am losing the access to the gateway and resetting everything back
this is what i need to achieve!!
If you don't know how to do it yourself, install the banip package.
can i ask is this doable in the LUCI interface?
i prefer to do this in the LUCI interface i would like to ask if this is possible?
Banip have a luci interface.
there is no interface for banip it wouldnt install now
im sorry im a newbie with this and i need help
If its possible i would only like to use the LUCI interface my version is (24.243.35685~648a099)
please help me ive been struggling to do this since i came from a traditional router which is GPON ONU that has simple firewall configurations
You mean the router itself should accept connections from specific IPs, right?
Make sure the default input policy for the wan zone is set to reject
or drop
.
Set the Packet Field Match
for the ipset to src_net
.
Create a traffic rule like this.
thank you for your answer but still the open port checker still sees the webserver as visible the ip addresses that are in the whitelist.txt are only the philippines ISP cloudflare and google,