Let us use commas on firewall section

Regarding the firewall configuration, it would be advantageous to segregate the ports using commas. Presently, in order to facilitate TF2 gameplay, it is necessary to generate seven distinct rules instead of a singular rule to forward the following ports: 8080, 9012, 1234, 9001, 9002, and 23000-23999.

I think it will still require 7 rules in the underlying subsystem - and therein lies the issue.

There's a discussion somewhere on this - regarding rules in UCI matching the relevant underlying nft rule generated therefrom, and the obvious issues that arise from using stuntax that's not 1:1: analogous with the underlying rule(s) that's created.

Basically, this would have to be supported by nft itself.

1 Like

Does the game actually require to forward those ports?
This sounds like a misunderstanding.

Most likely, the instruction implies to not block LAN to WAN transit traffic to those ports.
OpenWrt allows this traffic by default for all ports.

It was an example but yea. Actual ports are>
TCP: 27015, 27036.
UDP: 27015, 27020, 27031-27036.
Peplink router have the comma thing to make thing faster and easier
Why not include it on openwrt?

nft -c add rule 'inet fw4 dstnat_wan ip protocol . th dport { tcp . 27015, tcp . 27
036, udp . 27015, udp . 27020, udp . 27031-27036 } dnat ip to 192.168.1.2'

It should be possible in native nftables to do it (Iā€™m not a gamer nor a port forwarder).

4 Likes