Hello,
I've just migrated from openwrt to assus merlin.
First of all, I would like to say thanks for this custom firmware.
Unfortunately (even if I've managed to seamlessly make the transition) I still have a problem with ebtables.
I have a setup of more routers, that are connected thorught Openvpn TAP interface. That's because I want to have complete network transparency, allowing multicast and network advertising to work across the networks.
In order to filter out the cross-DHCP advertising, i've been using since years ebtables to filter out port 67 and 68.
Unfortuntely, on Assus Merlin, the ip6-proto argument is not recognized:
/usr/sbin/ebtables -I FORWARD -i tap12 -p IPv6 --ip6-proto udp --ip6-dport 67:68 -j DROP
/usr/sbin/ebtables -I FORWARD -o tap12 -p IPv6 --ip6-proto udp --ip6-dport 67:68 -j DROP
/usr/sbin/ebtables -I INPUT -i tap12 -p IPv6 --ip6-proto udp --ip6-dport 67:68 -j DROP
/usr/sbin/ebtables -I OUTPUT -o tap12 -p IPv6 --ip6-proto udp --ip6-dport 67:68 -j DROP
These commands generate the Unknown argument: '--ip6-proto' error message.
Is there a ko module that has to be inserted for EBTABLES to support IPV6?
Or a different syntax is needed on merlin ?
According to the man page this is correct, and on OpenWRT is was working.
Thanks in advance for the answers.
Note:
Please do not advice to use TUN instead of TAP. I have my reasons to use TAP, and no, the speed impact is not an issue, I have 1 Gbps fiber optics between the locations.
I've just migrated from openwrt to assus merlin.
First of all, I would like to say thanks for this custom firmware.
Unfortunately (even if I've managed to seamlessly make the transition) I still have a problem with ebtables.
I have a setup of more routers, that are connected thorught Openvpn TAP interface. That's because I want to have complete network transparency, allowing multicast and network advertising to work across the networks.
In order to filter out the cross-DHCP advertising, i've been using since years ebtables to filter out port 67 and 68.
Unfortuntely, on Assus Merlin, the ip6-proto argument is not recognized:
/usr/sbin/ebtables -I FORWARD -i tap12 -p IPv6 --ip6-proto udp --ip6-dport 67:68 -j DROP
/usr/sbin/ebtables -I FORWARD -o tap12 -p IPv6 --ip6-proto udp --ip6-dport 67:68 -j DROP
/usr/sbin/ebtables -I INPUT -i tap12 -p IPv6 --ip6-proto udp --ip6-dport 67:68 -j DROP
/usr/sbin/ebtables -I OUTPUT -o tap12 -p IPv6 --ip6-proto udp --ip6-dport 67:68 -j DROP
These commands generate the Unknown argument: '--ip6-proto' error message.
Is there a ko module that has to be inserted for EBTABLES to support IPV6?
Or a different syntax is needed on merlin ?
According to the man page this is correct, and on OpenWRT is was working.
Thanks in advance for the answers.
Note:
Please do not advice to use TUN instead of TAP. I have my reasons to use TAP, and no, the speed impact is not an issue, I have 1 Gbps fiber optics between the locations.
