Hello community,
I try to block a 2 set of address : one with IPV4 and one with IPV6 so I went to this configuration :
config ipset
option name 'dropsqsIPV4'
option match 'src_net'
option storage 'hash'
option enabled '1'
option family 'ipv4'
option loadfile '/etc/dropsqsIPV4.txt'
config ipset
option name 'dropsqsIPV6'
option match 'src_net'
option storage 'hash'
option enabled '1'
option family 'ipv6'
option loadfile '/etc/dropsqsIPV6.txt'
config rule
option name 'drop_sqsIPV4'
option ipset 'dropsqsIPV4'
option src 'lan'
option proto 'tcp'
option dest 'wan'
option dest_port '443'
option target 'REJECT'
option enabled '1'
option family 'ipv4'
config rule
option name 'drop_sqsIPV4 2'
option ipset 'dropsqsIPV4'
option src 'wan'
option proto 'tcp'
option dest 'lan'
option src_port '443'
option target 'REJECT'
option enabled '1'
option family 'ipv4'
config rule
option name 'drop_sqsIPV6'
option ipset 'dropsqsIPV6'
option src 'lan'
option proto 'tcp'
option dest 'wan'
option dest_port '443'
option target 'REJECT'
option enabled '1'
option family 'ipv6'
config rule
option name 'drop_sqsIPV6 2'
option ipset 'dropsqsIPV6'
option src 'wan'
option proto 'tcp'
option dest 'lan'
option src_port '443'
option target 'REJECT'
option enabled '1'
option family 'ipv6'
So my files dropsqsIPV4.txt and dropsqsIPV6.txt are present in /etc
And here I got these errors : ipset v6.38: The set with the given name does not exist ; after this error : ipset v6.38: Syntax error: '25create' is invalid as number
root@OpenWrt:/etc/config# service firewall restart
Warning: Section @rule[22] (Alexis-Computer) does not specify a protocol, assuming TCP+UDP
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Deleting ipset dropsqsIPV4
* Deleting ipset dropsqsIPV6
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
* Flushing conntrack table ...
* Creating ipset dropsqsIPV4
* Loading file /etc/dropsqsIPV4.txt
* Creating ipset dropsqsIPV6
* Loading file /etc/dropsqsIPV6.txt
ipset v6.38: Syntax error: '25create' is invalid as number
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
ipset v6.38: The set with the given name does not exist
* Populating IPv4 filter table
* Rule 'drop_sqsIPV4'
* Rule 'drop_sqsIPV4 2'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'SSH'
* Rule 'SSH connection'
* Rule 'Alexis-Computer'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'drop_sqsIPV6'
! Skipping due to missing ipset 'dropsqsIPV6'
* Rule 'drop_sqsIPV6 2'
! Skipping due to missing ipset 'dropsqsIPV6'
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'SSH'
* Rule 'SSH connection'
* Rule 'Alexis-Computer'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
I can't figure out where it comes from 