I installed iptables-mod-ipopt on OpenWrt 22.03.2. Since nftables replaced iptables, are there implications or cause for concern? Should I take corrective action?
I wish to mod the TTL to 65 for all traffic leaving on the WAN.
Can this be accomplished with nftables. It seem the 'custom' rules tab has been removed from the Firewall screen during this transition.
Thanks in advance.
Yes
nft insert rule inet fw4 mangle_postrouting ip ttl set 65 comment “Fw4: setting ttl on all packets”
There was also a recent thread about TTL.
After searching for updated nftable rules for TTL, I came across these links:
1.) put this in /etc/config/firewall
config include
option path '/etc/firewall.user'
option fw4_compatible '1'
2.) create the file '/etc/firewall.user'
3.) put this line in it:
nft add rule inet fw4 mangle_forward oifname usb0 ip ttl set 65
4.) restart the firewall
/etc/init.d/firewall restart
Not much info is available yet on fw4 and I am still waiting for updates on the gl.inet x750 and opal to be up…
The replies were helpful understanding OpenWrt move to nftables in OpenWrt 22.03.2.
I did the following:
Reset OpenWrt to factory default.
Created a text files ending in .nft at /etc/nftables.d. Files in this directory ending in .nft are automatically load and persist between reboots.
Used command to create file: vi user-chains.nft
Then added the following text:
chain user_mangle_postrouting {
type filter hook postrouting priority mangle; policy accept;
oifname { "wan", "wlan1" } ip ttl set 65 comment "!fw4: Zone wan IPv4 egress TTL 65”
oifname { "wan", "wlan1" } ip6 hoplimit 65 comment "!fw4: Zone wan IPv6 egress TTL 65”
}
To save and exit vi text editor use command: press 'esc' key followed by :wq
This rule changes both ipv4 and ipv6 ttl value to 65. This at postrouting before leaving on the wan\wlan1