What is the difference between covered network and covered device?

During zone setting, i realize we can specify interface/adapter in both places. Anyone knows what is the difference ?

  • What does this mean?
  • Can you show an example for clarity?

I assume you mean in the firewall, because you mentioned "zone".


Yes, i was referring to firewall setting. Please see attached for clarity

2 Likes

OK, cool.

  • "Covered networks" are the OpenWrt-enumerated devices in Network > Interfaces (i.e. defined in the UCI file /etc/config/network)
  • The "Covered devices" under the Advanced Settings are used to do exactly what it says: " to classify zone traffic by raw, non- uci managed network devices."

Thanks for the reply.

So if i put devices let's say eth0 and eth1 under OpenWrt-enumerated name "mydevice" and specify in covered network vs put eth0 and eth1 directly under covered devices in firewall, it would have the same function right?

You can define/enroll any raw Ethernet interfaces into the UCI, so I'm not sure why you would use the advanced setting for this anyway. They can also be setup as 2 enumerations (e.g. "mydevice" and "mydevice2") added to the same zone as 2 covered networks.

...but yes, it should. I don't advise using the advanced config, though. It's not the Wiki-suggested setting for what you describe.

Also, you can define unmanaged devices in the UCI... :wink:

1 Like

Thank you. The reason is because I follow the openvpn configuration listed here https://openwrt.org/docs/guide-user/services/vpn/openvpn/basic. After running the script, the device is put into "covered devices" And i was wondering what the difference was.

I always follow the "mydevice" way (if you look at the openvpni at my screenshot) :slight_smile:

1 Like