From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ie0-f178.google.com (mail-ie0-f178.google.com [209.85.223.178]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 5C90A21F12A for ; Sun, 9 Dec 2012 23:59:03 -0800 (PST) Received: by mail-ie0-f178.google.com with SMTP id c12so7701267ieb.37 for ; Sun, 09 Dec 2012 23:59:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=mnMf5D20OhB6pi2zKIiOoBeARCpNIXhwPKWpkaJS064=; b=Qe6sHCXVYEiNPy6hDRBLHaNocQEvLyvIjNrGT55WUdXxffxjbSzVPZDE1kQZzqkBys HYdsWV/GyBBAgvqeP17zBWp1u+FXrvyXBOHx2mR144hDGswTKcr47/kHgQ+wUvxSboeW 3siO73oi3Uuq8JUoXpb++Ub0aH32wdeKV+izT+PN/3quI1BZX03GYUugE6XAoWsM/EY9 BK6MQqqI3MP6/AAbCaYe321UgXNG8ipzJneZI5cVT0fTXie54upqoYxCAL+0bjLc9Ue2 Oav2JFdLx1Xp021ENI4VdmI7/mjdykjccwoSw+UQoWehsoAH9Y9iDTau8GCm4cNLXbpx V4Bw== MIME-Version: 1.0 Received: by 10.50.161.232 with SMTP id xv8mr5926732igb.22.1355126342752; Sun, 09 Dec 2012 23:59:02 -0800 (PST) Received: by 10.64.135.39 with HTTP; Sun, 9 Dec 2012 23:59:02 -0800 (PST) In-Reply-To: <25754.1355094531@obiwan.sandelman.ca> References: <25754.1355094531@obiwan.sandelman.ca> Date: Mon, 10 Dec 2012 08:59:02 +0100 Message-ID: From: Dave Taht To: Michael Richardson Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-users Subject: Re: [Cerowrt-users] custom firewall rules X-BeenThere: cerowrt-users@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Support for user problems regarding cerowrt List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2012 07:59:04 -0000 /etc/init.d/firewall restart ? You can also put explicit iptables and ip6tables rules in /etc/firewall.use= r On Mon, Dec 10, 2012 at 12:08 AM, Michael Richardson wro= te: > > I don't seem to actually get any of my custom firewall rules acted on. > I expect things to go into the forwarding_rule CHAIN: > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source desti= nation > 233 19162 ACCEPT all * * ::/0 ::/0 = ctstate RELATED,ESTABLISHED > 1 72 DROP all * * ::/0 ::/0 = ctstate INVALID > 129 14745 forwarding_rule all * * ::/0 = ::/0 > 129 14745 forward all * * ::/0 ::/0 > 129 14745 reject all * * ::/0 ::/0 > > but, it always seems to be empty: > > Chain forwarding_rule (1 references) > pkts bytes target prot opt in out source desti= nation > > My rules look enabled, and I see them in /etc/config/firewall. > > (btw: I'm running CeroWrt Sugarland r33573, v3.3.8 ) > > -- > ] He who is tired of Weird Al is tired of life! | firewa= lls [ > ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net arch= itect[ > ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device d= river[ > Kyoto Plus: watch the video > then sign the petition. > _______________________________________________ > Cerowrt-users mailing list > Cerowrt-users@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-users --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html