Unable to edit Firewall - Network Services Filter Table on RT-AX88U Pro (fw. 388.3)

[tdrbox]

Hello!
Unable to edit Firewall - Network Services Filter Table on RT-AX88U Pro (fw. 388.3).
Trying delete existing record inside Firewall - Network Services Filter Table, (when Apply buttons, after Applying Settings...) but nothing happen, deleted record still in the table. No error messages.
What wrong?

 

[L&LD]

Welcome to the forums @tdrbox.

After flashing RMerlin firmware onto the router, did you perform a full reset and then proceed to minimally and manually configure the router to secure it and connect it to your ISP? Without using a saved backup config file? And without using a USB drive that was previously used for amtm/scripts?

 

[tdrbox]

Hello L&LD!
Initial install RMerlin was made from scratch, firmware version 388.2_2. After month or two no problem was detected.
Right after firmware was upgraded to version 388.3 the Network Services Filter Table going to read only mode.
When rollback firmware to 388.2_2 the problem go away. It's look like this problem concern 388.3.

 

[L&LD]

If you really want to test this, I suggest following the link below. With that taken care of, flash 388.3 and perform a full reset and minimal and manual configuration once more. Do not use any saved backup config file. Do not insert any previously used USB drive that contains amtm/scripts. Also, reboot the PC you're testing from and also clear any browser cache files too, for good measure.

If the issue still persists, then it is more likely a bug. With the files you created in the link below, you'll be able to go back to your working setup in mere minutes.

Is it a good idea to keep up with Firmware updates?

I have had issues in the past when updating firmware and Internet speed, But it may have just been a fluke, Should I keep up with the updates? If so On all routers or the nodes as well? What about ones acting as access points? Thanks

www.snbforums.com

 

[Nas.CloudBusinessPortal]

is the problem still there with 388.4 ?

I have no issues here.

 

[Tech9]

is the problem still there with 388.4 ?

Release - Asuswrt-Merlin 3004.388.4 is now available

Dirty Flash to 3004_388.4_0 on AX88U Pro & AX3000 V1. Up for over 24 hours with no issues. TNX, RMerlin Same but on 2x AX86U, web UI seems super snappy too

www.snbforums.com

 

[tdrbox]

With 388.4 there is no such problem.

 

[RandomUser777]

With 388.4 there is no such problem.

Yes, there still is. I have a AX86U_Pro running 388.4, and cannot use the network services filter gui.

 

[bennor]

Yes, there still is. I have a AX86U_Pro running 388.4, and cannot use the network services filter gui.

Network Services Filter GUI Working for me on 388.4 on a RT-AX86U Pro. Didn't work when on 3.0.0.4.388_23285.

 

[RandomUser777]

Network Services Filter GUI Working for me on 388.4 on a RT-AX86U Pro. Didn't work when on 3.0.0.4.388_23285.
View attachment 53092

Interesting and encouraging. I'll factory reset and try a clean config.

 

[RandomUser777]

Network Services Filter GUI Working for me on 388.4 on a RT-AX86U Pro. Didn't work when on 3.0.0.4.388_23285.
View attachment 53092

Fresh config, 388.4.

I can filter a single IP, but cannot enter a subnet/block using CIDR notation, the webpage just refreshes with nothing changed.

ETA: just tested on my AX-86U (non-plus) aimesh node, same thing. I can filter a single IP but no-go for anything in CIDR.

Can someone else confirm this on their rig?

 

[bennor]

Can someone else confirm this on their rig?

Confirmed on my end. Using CIDR it doesn't save after hitting the apply button. Further it take my wireless offline for about a minute. Noticed this error in the logs around the time when saving the Network Services Filter.

kernel: CFG80211-ERROR) wl_dfs_cac_notify_status :

 

[RandomUser777]

Confirmed on my end. Using CIDR it doesn't save after hitting the apply button. Further it take my wireless offline for about a minute. Noticed this error in the logs around the time when saving the Network Services Filter.

kernel: CFG80211-ERROR) wl_dfs_cac_notify_status :

I see the same error in my logs, but do not think it's related.

Log level set to all/debug. I cleared the logs, tried to enter a CIDR range, and went right back to the logs.

This is all that appeared immediately after that could be even remotely related:

rc_service: httpd 2346:notify_rc restart_firewall
custom_script: Running /jffs/scripts/service-event (args: restart firewall)
custom_script: Running /jffs/scripts/firewall-start (args: eth0)

I am stumped

 

[RandomUser777]

Any ideas anyone?? @RMerlin ?

 

[dave14305]

Log level set to all/debug. I cleared the logs, tried to enter a CIDR range, and went right back to the logs.

Don’t bother with the router logs. Check your web browser F12 console window for errors as you go through the process.

You can also use 192.168.1.* instead of CIDR, depending on what you’re trying to accomplish.

 

[RandomUser777]

Don’t bother with the router logs. Check your web browser F12 console window for errors as you go through the process.

You can also use 192.168.1.* instead of CIDR, depending on what you’re trying to accomplish.

I can enter an asterisk, but that does not help me. I want to filter a specific segment of my subnets, which requires CIDR notation. Nothing strange appears in the console. I tried different chromium and mozilla browsers, and they all fail. The problem is in the firmware or gui.

Individual or asterisked values results in a % completion screen, refresh, and the values are in the table.

Anything CIDR just displays "Applying settings", then a pause, then a refresh but nothing has changed.

 

[dave14305]

Anything CIDR just displays "Applying settings", then a pause, then a refresh but nothing has changed.

The help text for the source/dest ip states:

For source or destination IP address, you can : (a) enter a specific IP address, such as "192.168.122.1"; (b) enter IP addresses within one subnet or within the same IP pool, such as "192.168.123.*", or "192.168.*.*"; or (c) enter all IP addresses as "*.*.*.*".

While they seem to validate CIDRs initially, they don’t mention them explicitly. I’m speculating that the slash somehow messes up the behind-the-scenes processing.

 

[RandomUser777]

I was able to test on an RT-AX88U_Pro.

On a completely reset RT-AX88U_Pro:
Merlin 388.2_2 accepts CIDR notation no problem.
Merlin 3004.388.4 does not accept CIDR notation (same issues as on the AX-86U_Pro)

I downgraded my production AX-86U_Pro to 388.2_2, and CIDR notation works fine. 3004.388.4 breaks CIDR.

So it looks like there is a bug somewhere after 388.2_2

 

[L&LD]

@RandomUser777, just to clarify, both router tests were on a fully reset unit after flashing the firmware tested, without using any saved backup config files, correct?

 

[RandomUser777]

@RandomUser777, just to clarify, both router tests were on a fully reset unit after flashing the firmware tested, without using any saved backup config files, correct?

Correct. Each router was fully reset between each test and flash. First thing I did after required minimum setup was test the Network Services Filter.

And once I put my production router back into service (manually, no config restore), upgrading to 388.4 breaks CIDR. Downgrading to 388.2_2 restores capability.