I usually kill off the firewall rules for an internal router almost
completely. Recently, I didn't do that, and didn't have the external
interface connected, so  a new cerowrt-3.10.50-1 install automagically
meshed with another router over wifi.

...and didn't run the default firewall rules at all.

I first noticed that /etc/firewall.user wasn't run (which is the lousy
place I'm using to export the /24 local network via babel), so I didn't
have connectivity to the next hop mesh... and then I
checked to see there were no iptables rules in place at all. So, some

trigger for running the firewall "fw3 load" doesn't run unless there is an
external ethernet interface up in cerowrt.

And arguably it should run pretty early. So somewhere there is a missing
trigger?? to load the fw...

(and I hope this is a cerowrt specific bug and it did use to work)

... and I'd really rather run this out of /etc/config/network somehow

ip route add unreachable my.subnet.add.ress/24


-- 
Dave Täht

NSFW:
https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article