[Cerowrt-devel] [Bug #445] doesn't load firewall rules under some circumstances
ranga at eff.org
Wed Jul 30 16:52:34 EDT 2014
I have seen this happen and others working on the EFF router have
experienced this somewhat rare but persistent problem of firewall
rules not loading.
I have seen mention of this problem on OpenWRT mailing lists
as far back as 3 years ago. Looks like the problem is documented
but has not been fixed.
I am just going to add
in /etc/rc.local to act as a backup until this is properly resolved.
On Jul 30, 2014, at 1:46 PM, Dave Taht <dave.taht at gmail.com> wrote:
> I usually kill off the firewall rules for an internal router almost
> completely. Recently, I didn't do that, and didn't have the external
> interface connected, so a new cerowrt-3.10.50-1 install automagically
> meshed with another router over wifi.
> ...and didn't run the default firewall rules at all.
> I first noticed that /etc/firewall.user wasn't run (which is the lousy
> place I'm using to export the /24 local network via babel), so I didn't
> have connectivity to the next hop mesh... and then I
> checked to see there were no iptables rules in place at all. So, some
> trigger for running the firewall "fw3 load" doesn't run unless there is an
> external ethernet interface up in cerowrt.
> And arguably it should run pretty early. So somewhere there is a missing
> trigger?? to load the fw...
> (and I hope this is a cerowrt specific bug and it did use to work)
> ... and I'd really rather run this out of /etc/config/network somehow
> ip route add unreachable my.subnet.add.ress/24
> Dave Täht
> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cerowrt-devel