[Cerowrt-devel] [Bug #445] doesn't load firewall rules under some circumstances
Ranga Krishnan
ranga at eff.org
Wed Jul 30 16:52:34 EDT 2014
I have seen this happen and others working on the EFF router have
experienced this somewhat rare but persistent problem of firewall
rules not loading.
I have seen mention of this problem on OpenWRT mailing lists
as far back as 3 years ago. Looks like the problem is documented
but has not been fixed.
I am just going to add
/etc/init.d/firewall restart
in /etc/rc.local to act as a backup until this is properly resolved.
Ranga
On Jul 30, 2014, at 1:46 PM, Dave Taht <dave.taht at gmail.com> wrote:
> I usually kill off the firewall rules for an internal router almost
> completely. Recently, I didn't do that, and didn't have the external
> interface connected, so a new cerowrt-3.10.50-1 install automagically
> meshed with another router over wifi.
>
> ...and didn't run the default firewall rules at all.
>
> I first noticed that /etc/firewall.user wasn't run (which is the lousy
> place I'm using to export the /24 local network via babel), so I didn't
> have connectivity to the next hop mesh... and then I
> checked to see there were no iptables rules in place at all. So, some
>
> trigger for running the firewall "fw3 load" doesn't run unless there is an
> external ethernet interface up in cerowrt.
>
> And arguably it should run pretty early. So somewhere there is a missing
> trigger?? to load the fw...
>
> (and I hope this is a cerowrt specific bug and it did use to work)
>
> ... and I'd really rather run this out of /etc/config/network somehow
>
> ip route add unreachable my.subnet.add.ress/24
>
>
> --
> Dave Täht
>
> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140730/1e19e64f/attachment-0002.html>
More information about the Cerowrt-devel
mailing list