I've looked at the igmpproxy init script and came up with the following, but the firewall redirect doesn't seem to be added (I'm checking with iptables-save | grep PROCD).
It's been a while since I've tested this, so just tried again and apparently that PROCD firewall redirect definition works (and results in a zone_lan_prerouting rule). However I then edited the init script and added 3 more redirects in a similar fashion and stopped/started the service, however only the first rule would come up in the iptables-save | grep fake while ubus call service list had all 4 rules listed there. Was only helped by the reboot -- upon boot all 4 rules were found with iptables-save | grep fake. What's more troubling, after I stopped the service, same rules stayed:
Uhm, after firewall restart, everything is in order. How can I automatically restart firewall when my service is started/stopped? I assume it has to do with ucitrack? Should I do something like this there?
config fakeinternet
option init 'fakeinternet'
list affects 'firewall'
Finally, how do I convert these to the firewall-syntax rules?
iptables -A forwarding_rule -d $wwwIP -p tcp -j REJECT --reject-with tcp-reset
iptables -A forwarding_rule -d $wwwIP -j REJECT --reject-with icmp-host-unreachable
iptables -A output_rule -d $wwwIP -p tcp -j REJECT --reject-with tcp-reset
iptables -A output_rule -d $wwwIP -j REJECT --reject-with icmp-host-unreachable
PS. Just tried those ucitrack entries and they do not help. How can I get firewall to be reloaded automatically on my service start/stop?
Hopefully that would address my issue with reloading firewall. @jow, I'd still appreciate help converting iptables REJECT rules above to the firewall-compatible entries.