VxBox
1
Add the following rule information in /etc/config/firewall to generate the correct rules I want in the zone_wan_input chain of the Filter table.
config rule
option target 'ACCEPT'
option src 'wan'
option family 'ipv6'
option proto 'all'
option extra '-m conntrack --ctstate DNAT'
option name 'Allow-DNAT-Input'
But when you add a
option dest '*'
Such parameters generate incorrect rules in the zone_wan_forward chain of the Filter table.
So how do the rules defined in /etc/config/firewall correspond to the tables and chains of iptables?
mikma
2
Yes adding or deleting src
and dest
changes the chain.
In fw3, the src
and dest
are tied to the target:
- If
src
and dest
are given, the rule matches forwarded traffic
- If only
src
is given, the rule matches incoming traffic
- If only
dest
is given, the rule matches outgoing traffic
- If neither
src
nor dest
are given, the rule defaults to an outgoing traffic rule
3 Likes
VxBox
3
This definition still feels not very flexible and perfect
system
Closed
4
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.