Luci firewall management?

let's said I want to deny a ip range of my lan from to to access internet
I add iptables rules in /etc/firewall.user and restart firewall to take effect.

but is there any other firewall managerment package in luci can do the same job ?

Why not use the normal uci firewall rules? IP ranges should be supported there.

1 Like

It's simpler to use IP ranges matching CIDR subnets:

Would you please show me some configuration example ?
I can't find any documents about how to add ip range in uci firewall rules.

the ip address is not in the continuous range , so can't seperate using CIDR.

uci add firewall rule
uci set firewall.@rule[-1].src='lan'
uci set firewall.@rule[-1].name='test'
uci set firewall.@rule[-1].extra='-m iprange --src-range'
uci set firewall.@rule[-1].family='ipv4'
uci set firewall.@rule[-1].target='REJECT'
uci set firewall.@rule[-1].dest='wan'
uci add_list firewall.@rule[-1].proto='all'
uci commit firewall
service firewall restart

You'll need iprange.

1 Like

so deinfe a extra parameter here ? interesting !
if that works , I won't need firewall.user !! thanks !

1 Like

The uci firewall should also understand IP ranges, e.g. option src_ip and translate it to -m iprange matches internally.


glad to know that , thanks !

Great, but looks like LuCI does not accept IP ranges in the input field.