How do i convert iptables rules to nftables rules?
1.iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
2.iptables -A OUTPUT -p icmp --icmp-type port-unreachable -j DROP
3.iptables -A OUTPUT -p icmp --icmp-type host-unreachable -j DROP
4.iptables -A OUTPUT -p tcp --tcp-flags ALL RST,ACK -j DROP
You know OpenWrt allows you to make rules in a config file, via CLI, or on the web GUI, correct?
There's no need to learn underlying iptables or nft.
Follow same pattern changing to output, and under advanced:
Ummm, you try this?
EDIT:
BTW
Ping - there's a default firewall rule in OpenWrt allowing this on WAN, you could simply disable it.
BTW - It's not really clear why you wanna Drop ICMP unreachable messages, unless you believe they're spoofed and fake. Otherwise, people tend do this because there's some other network issue they haven't troubleshooted or can't resolve. These messages instruct your client to stop attempting connection to an unreachable IP.- For the same reason, it's unclear why you need to make a specific rule for invalid packets - as they're not allowed anyways.
1 Like
Your method works, thank you very much for your help.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.