OpenWrt Forum Archive

Topic: firewall rules not work

The content of this topic has been archived on 28 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
bean_sky
5 Nov 2014, 08:27

config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
#       list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT


root@OpenWrt:/# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Forward 'lan' -> 'wan'
Warning: iptc_commit(): No chain/target/match by that name
* Populating IPv4 nat table
   * Zone 'lan'
   * Zone 'wan'
Warning: iptc_commit(): No chain/target/match by that name
* Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
Warning: iptc_commit(): No chain/target/match by that name
* Set tcp_ecn to off
* Set tcp_syncookies to on
   ! Unable to write value: No such file or directory
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
root@OpenWrt:/# iptables -L -nv
Chain INPUT (policy ACCEPT 9 packets, 897 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 10 packets, 2785 bytes)
pkts bytes target     prot opt in     out     source               destination

Post #2
dem
6 Nov 2014, 00:50

Hi Try 

opkg update
opkg install ipset

restart router and test

If it still doesn't work after that then please post more details
model of router      openwrt build and version

and a dump of the following
uci show 
lsmod
opkg list-installed

The more information you post about about your problem, the easier it will be for people to help you.

Post #3
diogo
22 Mar 2018, 01:37

Works without warning after installing ipset via opkg.

The discussion might have continued from here.