Relation between iptables and /etc/config/firewall

manywrt · October 29, 2021, 10:34am

What is the relation between firewall configurations in /etc/config/firewall and the firewall settings you do using the iptables command?

I am trying to ask a question analogous to that which one may ask about LuCI and /etc/config/firewall or any other config file. I came to see LuCI as a means of entering lines into config files. On this view, the config files are 'real,' and LuCI 'represents' them. But I may be wrong and should rather think both LuCI and the config files as a means for manipulating/representing a third substrate, which is 'real.'

Going back to the actual question of the post, is /etc/config/firewall a way to manipulate/represent the iptables settings? Or are they related in some other way?

I may not even have the right terminology to phrase the question, but hope something of it was conveyed.

krazeh · October 29, 2021, 10:44am

OpenWRT uses fw3 which converts the entries in /etc/config/firewall into appropriate iptables rules. LuCI writes entries that can be parsed by fw3.

You might want to take a look at [OpenWrt Wiki] Firewall overview for more details about how the firewall operates in a standard install.

Amitofo · October 29, 2021, 2:38pm

Hello,

agree with above. Essentially fw3 is an user interface to iptables, which itself is an interface to netfilter tables in the Linux kernel. You may view this as an hierarchy:

Luci Firewall Interface

fw3 (unique to Openwrt, "wrapper" to iptables)

iptables (general to Linux)

kernel's netfilter tables (general to Linux)

With Metta

system · November 8, 2021, 2:38pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.