What's new

Network service filter does not work

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I know there are some complexities related to VPN and firewall, not sure if iptables happens before or after the VPN. If iptables does work, in theory all you'd have to do is move up the NSFW rule to above the VPN rule but it may make more sense to configure your VPN firewall directly using the config file or custom options in the GUI.

In fact if you move NSFW above the yazfi and VPN rules, then it should take care of both issues, but you need to check the rules after it to make sure the guest (wl0.1 and/or the subnet associated) are accounted for in those, and that nothing in those will interfere (i.e. blocking DHCP, dns, etc).

Another way, at least for the guest network, is to change the default accept in the yazfi chain to RETURN. However again, you need to check the rules that come after that to make sure they all account for wl0.1 and/or the associated subnet.

You can also look at using EBTABLES to filter stuff as it comes into the bridge interfaces. That may actually be your easiest solution as you can just apply a new policy as the default chains are usually empty (permit any). However without having yazfi I'm not sure how they're assigning interfaces to bridges etc. Should be doable though.
EBTABLES, I will look into it. Thanks.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top