I'm using OpenWRT with a TP-Link tiny device inet over pppoe.
On Client side i'm using a simple nft firewall.
Client nft rules:
table ip filter {
chain input {
type filter hook input priority 0; policy drop;
ct state established,related accept
iif "lo" accept
ct state invalid drop
log prefix "REJECT" reject
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
The client surfing the internet and got following logs from nftables:
Jun 12 14:26:40 localhost kernel: REJECT IN=eth0 OUT= MAC=X SRC=140.211.X.X DST=192.168.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=55 ID=50025 DF PROTO=TCP SPT=80 DPT=37830 WINDOW=22 RES=0x00 ACK URGP=0
I'm look the ip address up and it's a website i visited but why is it REJECTED?
I'm sync openwrt with ntpd from internet and client with openwrt as ntpd server.
My Openwrt firewall config:
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input DROP
option output ACCEPT
option forward DROP
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config include
option path /etc/firewall.user
config rule
option src wan
option proto ICMP
option target DROP