k-szuster/luci-access-control

Negear R7800

Opened this issue · 4 comments

I have noticed that when adding a new rule via this package it adds it to the firewall rule list at the bottom of the list and as such does not block the device. if I manually move the firewall rule to the top and save/apply the setting it blocks the device. Is there a way I can have it add to the top of the firewall rule list automatically or is this expected to happen this way?

Many Thanks,

~SOL

Do you mean, that you've got some rule on top. And that rule acceptr a packet without further filtering? AFAIK it shouldn/t happen in typical openwrt configuration. Do you have other modifications to the firewall's configuration?

Regards,
Krzysztof

Yes., There where allow rules at the top of the Rules of the list that im guessing OpenWRT put there by default. Im using stock OpenWRT 19.07.04. I have a handfull of Ports fordwarded from WAN to LAN but other than that I think thats about it. To be honest im not an expert by any means with iptables. Not a big issue just thought I would ask. The below screen shot is the rules that are now at the bottom but where at the top.

image

~SOL

I cannot see any rules, which would conflict with access-control ones. The standard rules, you quoted, concern incoming traffic for standard services, such as DHCP, DNS, ping etc..
Access-control rules suppress selected outgoing packets. In firewall, there is no generic rule allowing output traffic, that would override our rules.
19.07 is pretty new. I don't have it on my network, only older releases. May be it matters...

same question.
device: r7800
version: OpenWrt 19.07.5 r11257-5090152ae3
configure the Client Rules. but it's not work.