New Install and iptable Question


I have a question about iptables and how what I enter into LuCI is translated but first...

In case it helps anyone I successfully migrated a TP-Link Archer A7 v5 from the a7v5_us-up-ver1-1-0-P1[20201120-rel50399] stock firmware to OpenWrt 19.07.6 using the instructions at on Jan 24, 2021.

I loaded the "Firmware OpenWrt Install" via tftp as when I tried using the stock firmware upgrade function I would be an "Invalid File Type" error. The "Firmware OpenWrt Upgrade" loaded just fine using the LuCI upgrade function.

Firewalls and iptables...

I am trying to get my head around the firewall setup. I am using the LuCI firewall setup option. I have experience with firewalls but prior to yesterday I had no experience with iptables. I am not using iptables to configure the firewall but want to understand what I am configuring translates into.

The output below from iptables -L doesn't make sense to me and I want to make sure I am reading it right. The way I am reading it all packets destine for the system would be accepted by the first statement in the chain. If that is correct what use do the additional statements have.

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- /* !fw3 /
2 input_rule all -- /
!fw3: Custom input rule chain /
!fw3 /
4 syn_flood tcp -- tcp flags:0x17/0x02 /
!fw3 /
5 zone_lan_input all -- /
!fw3 /
7 zone_guest_input all -- /
!fw3 /
8 zone_wan_input all -- /
!fw3 */



First try to learn iptables basics from the wiki:

It should be enough to interpret the output:


Simply read this as a script source code.

If you still have questions, check the manual:

Thanks for the pointers. I had reviewed them both but may have missing something. I will go over them again.

It was based on material on those sites as well as other that I came to the idea that the:

1 ACCEPT all -- /* !fw3 /

would result in all traffic being accepted and that the statements below would not have any impact.