But now if user adds files and bad tables are added in firewall restart then deletes files, firewall restart won't go back to how things were.
hi daniel
can you add the start and stop script with init.d
if i want use vethdown ? with nftables
`if [ $USEVETHDOWN = "yes" ] ; then
ip link show lanveth || ip link add lanveth type veth peer name lanbrport
LAN=lanveth
ip link set lanveth up
ip link set lanbrport up
ip link set lanbrport master $LANBR
ip route flush table 100
ip route add default dev $LAN table 100
ip -6 route add default dev $LAN table 100
ip rule add iif $WAN priority 100 table 100
ip -6 rule add iif $WAN priority 100 table 100
fi
`
my interface is wan is wan and my br-lan is br-lan
i will put what here ?
`LINKTYPE="ethernet"
USEVETHDOWN=yes
LANBR=br-lan ??
WAN=wan # change this to your WAN device name
UPRATE=12000 #change this to your kbps upload speed
LAN=br-lan # change to your LAN device if you don't use veth/bridge,
# leave it alone if you use veth, it will get set in the ??
# script below
`
thanks
It uses a hotplug because sometimes WAN can disappear and reappear (like with pppoe).
Hows the testing going?, still using mine all ok at the moment , how do we get get counters in the firewall? can this be added @dlakelan
As far as I know things work. No one has reported any bugs. You can add counters as you see fit using standard nftables syntax, just say "counter" in the outcome of the rule.
Device "lanveth" does not exist.
Error: ipv4: FIB table does not exist.
Flush terminated
hi daniel i has this error when i launch your script, is normal ?
i lauched the script but internet isn't working and firewall rulesets page is empty
and im using the nftables version
you use well 22.03 change interface two Time example wan in your 2 files
i did change wan interface to eth0.2 in both files
I tried this script and it broke something. Lost all internet access, I'm not savvy enough to figure out what went wrong so the only way I could get access back was factory resetting.
To avoid factory resetting in the future, any idea what could have went wrong? I did get an error when I ran the script but the internet worked fine afterwards. My connection during gaming was poor so I decided to reboot to reset my settings but couldn't gain access to the internet at all. The firewall (status > firewall) wouldn't load in luci as well.
I was an original tester of the first gaming script so I was a little familiar with it's config. I am using another router though which is probably where I went wrong with the config - it's a little different to my edgerouter. Looking at luci my LAN is br-lan and WAN is wan (I think on my edgerouter the LAN was eth0.1 and WAN eth0 or eth0.2)
The config I ran on this router below. Leaving LAN=eth0.1 wouldn't have broken things to the point a reboot wasn't fixing it right?
USEVETHDOWN=no
LANBR=br-lan
WAN=eth0 # change this to your WAN device name
UPRATE=18000 #change this to your kbps upload speed
LAN=eth0.1 # change to your LAN device if you don't use veth/bridge,
# leave it alone if you use veth, it will get set in the
# script below
You need to use veth if you have a bridge
you should be try veth but veth doen't wor at my home for this script i do'nt know why
Thank you both. I think I also had ip6table errors pop up when running the script but I don't see that listed in the required packages. Do we have a complete list of what is required before I try running it again?
So based of my screenshot above, is this the correct config?
USEVETHDOWN=yes
LANBR=br-lan
WAN=eth0 # change this to your WAN device name - or do I change this to "WAN"
UPRATE=18000 #change this to your kbps upload speed
LAN=eth0.1 # change to your LAN device if you don't use veth/bridge,
My default qdisc. Packets only show in eth0
root@OpenWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
Sent 3982773663 bytes 4093135 pkt (dropped 0, overlimits 0 requeues 9)
backlog 0b 0p requeues 9
maxpacket 1518 drop_overlimit 0 new_flow_count 11091 ecn_mark 0
new_flows_len 0 old_flows_len 0
qdisc noqueue 0: dev wan root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan1 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan2 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan3 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan4 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev br-lan root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
root@OpenWrt:~#
it depends on your network interface in wan what have you if it's eth0 then put eth0 if it's wan then put wan
If you're running a recent OpenWrt it uses nftables and you need the nftables version of the script, which is on the nftables branch at github:
also see the install instructions in the readme for that branch
This could be it but I did follow your instructions in the readme and they point to download the dscptag.sh not dscptag.nft unless I'm reading the incorrect instructions?
I will have a careful read after work, try the script again and report back. Thanks for your help
switch to nftables branch johnny not master
@dlakelan is possible to create a startup init.d to this script for restart and stop like you want ? thanks
Yes i was in the nftable branch but the instructions for the wget command point to downloading the master file
Anyway, I am stuck on the veth instructions
From the LUCI web interface:
- go to network > interfaces
- create an interface called "veth"
- under general setup > Protocol = unmanaged
under physical settings > interface = lanveth <-- I have no physical setting option anywhere? - under firewall settings > assign firewall-zone = LAN
In the screenshot below, I typed lanveth where I have highlighted yellow and after clicking ok etc. it created the "absent interface: "lanveth"
I now have this in interfaces
I haven't run the script yet but I have it configured like this based on what I see in the interfaces
USEVETHDOWN=yes
LANBR=br-lan
WAN=wan # change this to your WAN device name
UPRATE=15000 #change this to your kbps upload speed
LAN=eth0.1 # change to your LAN device if you don't use veth/bridge,
# leave it alone if you use veth, it will get set in the
# script below
i will test the script for you
please stay 3 min for install thanks
if you has a console ps5 or ps4 the script doesn't work
but work in pc for me
on my console the mess appair like this
"internet connexion is immposible the ps5 don't take a charge ipv6 select a network take ipv4
i think you should be remove package ip-full for work in console
the script doesnt like usually sorry johnny i can't help you
i lost connexion internet with this script