I upgraded my openwrt to snapshot yesterday.
Found some issues with the firewall, I'm not sure if it's a problem with openwrt or my settings.
PS1: I don't know much about firewalls.
PS2: The previous iptables is gone, replaced with nft.
After connecting to openvpn, I can ssh the router normally, but I can't connect to the internet and other devices on the lan.
Can't open the ipv6 port.
This is the script I use to open the ipv6 port.
uid="$(uci add firewall rule)"
uci set firewall.${uid}.dest_port="8000"
uci set firewall.${uid}.src='wan'
uci set firewall.${uid}.name="open-rasp-8000-port-IPv6"
uci set firewall.${uid}.family='ipv6'
uci set firewall.${uid}.dest_ip="::ff32/::ffff:ffff:ffff:ffff"
uci set firewall.${uid}.target='ACCEPT'
uci set firewall.${uid}.dest='lan'
uci add_list firewall.${uid}.proto="tcp"
uci commit
/etc/init.d/firewall restart
Also, it works fine in older versions, but newer versions will cause the whole firewall to crash.
I've been using snapshots and haven't paid attention to the version, the last update was about 2 months ago.
Every time I upgrade, I don't keep the config file, all my configurations come from the script.
openvpn script
uid="$(uci add firewall zone)"
uci set firewall.${uid}.name='openvpn'
uci set firewall.${uid}.input='ACCEPT'
uci set firewall.${uid}.forward='ACCEPT'
uci add_list firewall.${uid}.device='tun+'
uci set firewall.${uid}.output='ACCEPT'
uid="$(uci add firewall forwarding)"
uci set firewall.${uid}.dest='lan'
uci set firewall.${uid}.src='openvpn'
uid="$(uci add firewall forwarding)"
uci set firewall.${uid}.dest='wan'
uci set firewall.${uid}.src='openvpn'
uci commit
/etc/init.d/firewall restart
Matching non-contiguous masks (::ff32/::ffff:ffff:ffff:ffff) is not yet supported. I am working on it but porting this feature to the nftables ruleset is complex.