Adding extra firewall rules using jffs script

[Mistermoonlight]

I am using merlin latest 270 firmware now for asus rt-n66u and thank you.

I have seen on the merlin wiki how to add a script for wakeup on lan traffic. I have no problem dealing with these steps.

I am trying to add custom firewall rules to block traffic for specific protocol (DNS) for a range of destination ip address (for specific lan ip addr or all lan ip addresses). I didn't find a way to do this in the gui in the net filter protocol section, there is no way to use an ip address range. So it seems that this is only possible to do using a custom firewall addon rules. I have seen that there is a way to use a jffs script to add firewall rules, but didn't find any information anywhere on how to do this (tutorial), what is the rule format, etc

Can somebody help me on this (a small tutorial similar than the one Merlin added for wakeonlan would be sufficient to help).

Thanks

 

[joegreat]

I have seen on the merlin wiki how to add a script for wakeup on lan traffic. I have no problem dealing with these steps.

Hi,

Should as easy as this to add firewall rules by using the 'iptables' command and Merlin's user script 'firewall-start' - the two bold words are your search keys to get more information...

With kind regards
Joe

 

[netmik3]

Yeah I havent been able to get the following working on the latest merlin.

#!/bin/sh

touch /tmp/000firewall6start

#############
# Firewalling
#############
ip6tables -A INPUT -j DROP

ip6tables -I FORWARD 2 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allowed inbound rules here, such as this one:
#ip6tables -I FORWARD 2 -p tcp -m state --state NEW -i v6in4 -d 2001:123:44:555:6666:7777:8888:9999 --dport 3389 -j ACCEPT
ip6tables -A FORWARD -i v6in4 -o br0 -p all -j DROP
ip6tables -A FORWARD -i br0 -o any -p all -j ACCEPT
ip6tables -A FORWARD -i br0 -o v6in4 -p all -j ACCEPT
ip6tables -A FORWARD -i any -o br0 -p all -j ACCEPT
ip6tables -A FORWARD -j DROP

 

[Nerre]

What is not working? Is the script not running? Does the script run but the rules don't get inserted?

 

[Mistermoonlight]

Joegreat said:

Hi,

Should as easy as this to add firewall rules by using the 'iptables' command and Merlin's user script 'firewall-start' - the two bold words are your search keys to get more information...

Thank you, i am going to experiment with it...

 

[Mistermoonlight]

Using a jffs script (firewall-start) to add new rules in firewall.

Yes it is working perfectly well. Thanks Merlin for this nice customization option I would not have been able to do it with the stock firmware because of the bug between the parental control and the firewall rules in the gui menu.