As you can see in this screenshot, it's very complex for me to manage and master rules on my firewall... Is there a way to simplify firewall rules in OpenWRT? I have some questions to ask in order to decide which approach will suit best for me.
1/ Can i flush all zones and work only with default tables / chains (no zones)?
2/ Will I loose all the benefits of the GUI in Luci because it's working with zones?
3/ Do I have to clear rules in /etc/config/firewall too and only use iptables?
4/ Can I use nftables for firewalling AND keep iptables executable because some programs/scripts only work with iptables?
My definitive goal is to manage perfectly my router, especially the firewall part (I work in networking but I'm a newbie in OpenWRT and firewalling with Linux).
At the moment, i'm trying to route traffic from one of my computer to one of the two OpenVPN tunnels up on my router. For testing, I've created 2 distincts zones with masquerading (interfaces tun0 and tun1), I'v created a route table named "devpn" and typed these commands:
iptables -t mangle -A PREROUTING -s IP_COMPUTER -j MARK --set-mark 1234
ip rule add fwmark 1234 lookup devpn
ip route add default via 10.8.0.1 dev tun0 table devpn
Because it's not working from the computer, the problem may be filtering... I tried to put accept rules in few FORWARD tables but no success
Maybe it will be simpler to manage the router with only iptables rules and the default tables/chains... no zones.
Thanks Vgaetera, I was aware of this package but I dont want to use this, especially because my purpose can be achieve with 3 or 4 commands... and it serves my goal to understand and manage my router
Thank for your answers vgaetera, it helps me a lot!
I've managed to make it works with simple iptables rules (see below) but I think I'll move to nftables someday. For the moment, I'll stick with the default zones and rules and test my custom rules with iptables CLI and default tables / chains
These rules allow a lan computer to reach www.ip.me via the openvpn tunnel