[SOLVED] `ip rule` in /etc/firewall.user is flushed somewhere

Installing and Using OpenWrt Network and Wireless Configuration
1

I have some iptables configuration in my /etc/firewall.user and it works as expected.
Recently I have added some UDP rules in it. Now my firewall.user looks like:

ip route add local default dev lo table 100                                   
ip rule add fwmark 1 lookup 100                                               
iptables -t mangle -A BREAKWALL -p udp -j TPROXY --on-port 1080 --tproxy-mark 1/1
iptables -t mangle -A PREROUTING -p udp --dport 53 -j BREAKWALL                  
iptables -t mangle -A OUTPUT -p udp --dport 53 -j MARK --set-mark 1              
ip rule list

via logread, I could confirm that ip rule list prints the expected result (the fwmark line):

daemon.notice procd: /etc/rc.d/S19firewall: 0: from all lookup local                                                                                                  
daemon.notice procd: /etc/rc.d/S19firewall: 32765:     from all fwmark 0x1 lookup 100                                                                                
daemon.notice procd: /etc/rc.d/S19firewall: 32766:     from all lookup main                                                                                          
daemon.notice procd: /etc/rc.d/S19firewall: 32767:     from all lookup default

However when I run ip rule list in shell, the rule I added had gone:

# ip rule list
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

Did I put ip rule add in the wrong place?

2

Perhaps the reference to "/etc/firewall.use" is in the wrong place inside "/etc/config/firewall"?

1 Like
3

I place my ip rules in /etc/config/network

config rule
	option dest 'xxx.xxx.xxx.xxx/24'
	option priority '5'
	option lookup 'main'

See: https://openwrt.org/docs/guide-user/network/ip_rules

Before I found that Wiki, I used /etc/rc.local for rules (but could only delete manually or upon reboot if I used that location).

3 Likes
4

I'll try this later. Thanks!

1 Like
5

Thanks @lleachii, it works!

I tried to place this block into /etc/config/firewall and got no luck. Then I moved it to /etc/config/network. After rebooting my router, It works as expected :slight_smile:

1 Like
6

Glad you got it working. BTW, your routes can also be placed in /etc/config/network

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

7

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.