Changeset b68978d in freewrt for package/iptables/files

Timestamp:

Aug 17, 2025, 12:45:07 PM (4 months ago)

Author:

Waldemar Brodkorb <wbx@…>

Branches:

freewrt_2_0

Children:

f15c9543

Parents:

b07a1b5

git-author:

Waldemar Brodkorb <wbx@…> (08/17/25 12:44:26)

git-committer:

Waldemar Brodkorb <wbx@…> (08/17/25 12:45:07)

Message:

make the FreeWRT firewall script work, needs more cleanup

File:

• package/iptables/files/firewall.conf (modified) (4 diffs)

package/iptables/files/firewall.conf

@@ -4 +4 @@
 exit 1
 ### Interfaces
-WAN=ppp0
-LAN=br0
-WLAN=eth1
+WAN=eth0.1
+LAN=eth0.0
+WLAN=wlan0
 
 ######################################################################
@@ -26 +26 @@
 
 # base case
-iptables -A INPUT -m state --state INVALID -j DROP
-iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
+iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP
 
 # custom rules
@@ -46 +46 @@
 
 # base case
-iptables -A OUTPUT -m state --state INVALID -j DROP
-iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP
+iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
 ### FORWARD
@@ -53 +53 @@
 
 # base case
-iptables -A FORWARD -m state --state INVALID -j DROP
+iptables -A FORWARD -m conntrack --ctstate INVALID -j DROP
 iptables -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
 # custom rules