I have a question about iptables and how what I enter into LuCI is translated but first...
In case it helps anyone I successfully migrated a TP-Link Archer A7 v5 from the a7v5_us-up-ver1-1-0-P1[20201120-rel50399] stock firmware to OpenWrt 19.07.6 using the instructions at https://openwrt.org/toh/tp-link/archer_a7_v5https://openwrt.org/toh/tp-link/archer_a7_v5 on Jan 24, 2021.
I loaded the "Firmware OpenWrt Install" via tftp as when I tried using the stock firmware upgrade function I would be an "Invalid File Type" error. The "Firmware OpenWrt Upgrade" loaded just fine using the LuCI upgrade function.
Firewalls and iptables...
I am trying to get my head around the firewall setup. I am using the LuCI firewall setup option. I have experience with firewalls but prior to yesterday I had no experience with iptables. I am not using iptables to configure the firewall but want to understand what I am configuring translates into.
The output below from iptables -L doesn't make sense to me and I want to make sure I am reading it right. The way I am reading it all packets destine for the system would be accepted by the first statement in the chain. If that is correct what use do the additional statements have.
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* !fw3 /
2 input_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom input rule chain /
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 /
4 syn_flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 / !fw3 /
5 zone_lan_input all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /
7 zone_guest_input all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /
8 zone_wan_input all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 */