<div dir="ltr"><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">I usually kill off the firewall rules for an internal router almost</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">completely. Recently, I didn't do that, and didn't have the external</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">interface connected, so  a new cerowrt-3.10.50-1 install automagically</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">meshed with another router over wifi.</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">...and didn't run the default firewall rules at all.</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">I first noticed that /etc/firewall.user wasn't run (which is the lousy</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">place I'm using to export the /24 local network via babel), so I didn't</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">have connectivity to the next hop mesh... and then I</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">checked to see there were no iptables rules in place at all. So, some</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">trigger for running the firewall "fw3 load" doesn't run unless there is an</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">external ethernet interface up in cerowrt.</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">And arguably it should run pretty early. So somewhere there is a missing</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">trigger?? to load the fw...</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">(and I hope this is a cerowrt specific bug and it did use to work)</span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">
<br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">... and I'd really rather run this out of /etc/config/network somehow</span><div>
<font color="#500050" face="arial, sans-serif"><br></font></div><div><span style="font-family:arial,sans-serif;font-size:13px">ip route add unreachable my.subnet.add.ress/24</span></div><div><font face="arial, sans-serif"><br clear="all">
</font><div><br></div>-- <br>Dave Täht<br><br>NSFW: <a href="https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article" target="_blank">https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article</a>
</div></div>