In the LuCI zone settings, I see that the default is lan -> wan accept forward, wan -> lan reject forward. However, TCP connections, as long as they are opened from the lan side, seem to work perfectly for both directions.
Where is the established, related forward accept rule defined? Can i change it?
efahl
December 28, 2024, 4:00pm
2
There's no setting to change forwards once the connection is established, you'd need to change the source in fw4:
{% fw4.includes('chain-append', 'input') %}
}
chain forward {
type filter hook forward priority filter; policy {{ fw4.forward_policy(true) }};
{% if (length(flowtable_devices) > 0): %}
meta l4proto { tcp, udp } flow offload @ft;
{% endif %}
{% fw4.includes('chain-prepend', 'forward') %}
ct state vmap { established : accept, related : accept{% if (fw4.default_option("drop_invalid")): %}, invalid : drop{% endif %} } comment "!fw4: Handle forwarded flows"
{% for (let rule in fw4.rules("forward")): %}
{%+ include("rule.uc", { fw4, zone: (rule.src?.zone?.log_limit ? rule.src.zone : rule.dest?.zone), rule }) %}
{% endfor %}
{% for (let zone in fw4.zones()): for (let rule in zone.match_rules): %}
{%+ include("zone-jump.uc", { fw4, zone, rule, direction: "forward" }) %}
{% endfor; endfor %}
{% fw4.includes('chain-append', 'forward') %}
{% if (fw4.forward_policy() == "reject"): %}
jump handle_reject
{% endif %}
1 Like
system
January 7, 2025, 4:01pm
3
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.