What's the deal with input_wan_rule?

Marvin · February 3, 2021, 4:43am

Reviewing my router's default firewall settings, noticed the first rule in zone_wan_forward is input_wan_rule

272.00 B input_wan_rule all * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan input rule chain */

I am trying to understand what this rule actually does, but all iptables returns is:

Chain input_wan_rule (1 references)
target prot opt source destination

Any insight on what is this rule, where the rule definition is... and if the rule is indeed empty - why I am seeing small amount of traffic on it?

vgaetera · February 3, 2021, 9:02am

This is an empty chain preceding other zone-specific input rules.
It can be useful if you ever need to add custom rules with raw iptables command.
Since the chain is empty by default, it can be ignored and its traffic counters don't matter.

trendy · February 3, 2021, 11:19am

in zone_wan_input I guess you meant to write.

By default it is empty, but if you use banIP then you'll have this:
[127:7026] -A input_wan_rule -j banIP

Marvin · February 3, 2021, 5:20pm

Yes, typo on my part. Thanks!

Marvin · February 3, 2021, 5:21pm

This makes perfect sense. Thank you!

system · February 13, 2021, 5:22pm

This topic was automatically closed 0 minutes after the last reply. New replies are no longer allowed.