I have seen this happen and others working on the EFF router have experienced this somewhat rare but persistent problem of firewall rules not loading. I have seen mention of this problem on OpenWRT mailing lists as far back as 3 years ago. Looks like the problem is documented but has not been fixed. I am just going to add /etc/init.d/firewall restart in /etc/rc.local to act as a backup until this is properly resolved. Ranga On Jul 30, 2014, at 1:46 PM, Dave Taht wrote: > I usually kill off the firewall rules for an internal router almost > completely. Recently, I didn't do that, and didn't have the external > interface connected, so a new cerowrt-3.10.50-1 install automagically > meshed with another router over wifi. > > ...and didn't run the default firewall rules at all. > > I first noticed that /etc/firewall.user wasn't run (which is the lousy > place I'm using to export the /24 local network via babel), so I didn't > have connectivity to the next hop mesh... and then I > checked to see there were no iptables rules in place at all. So, some > > trigger for running the firewall "fw3 load" doesn't run unless there is an > external ethernet interface up in cerowrt. > > And arguably it should run pretty early. So somewhere there is a missing > trigger?? to load the fw... > > (and I hope this is a cerowrt specific bug and it did use to work) > > ... and I'd really rather run this out of /etc/config/network somehow > > ip route add unreachable my.subnet.add.ress/24 > > > -- > Dave Täht > > NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel