Solved R9000 iptables

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

BritinMA

Occasional Visitor
Hello,

I have installed mini_snmpd today, and could only get it to work on the router itself, and not from a local machine on the LAN side; Turns out that in the loc2fw chain, snmp is blocked:

Code:
iptables -L loc2fw --line-numbers
..
..
3    DROP       udp  --  anywhere             anywhere             state NEW multiport dports snmp,snmp-trap
..
..

So after deleting that line, it's working.

Code:
iptables -D loc2fw 3

After a reboot, it obviously is blocked again; I could write a script to check for, and if found, delete that rule, but I wonder what sets iptables at boot, and can it be manipulated so that a reboot will not set up the block?

Any pointers are welcome!

Thanks
 

HELLO_wORLD

Very Senior Member
Hello,

I have installed mini_snmpd today, and could only get it to work on the router itself, and not from a local machine on the LAN side; Turns out that in the loc2fw chain, snmp is blocked:

Code:
iptables -L loc2fw --line-numbers
..
..
3    DROP       udp  --  anywhere             anywhere             state NEW multiport dports snmp,snmp-trap
..
..

So after deleting that line, it's working.

Code:
iptables -D loc2fw 3

After a reboot, it obviously is blocked again; I could write a script to check for, and if found, delete that rule, but I wonder what sets iptables at boot, and can it be manipulated so that a reboot will not set up the block?

Any pointers are welcome!

Thanks

If you are using @Voxel firmware, you can simply add this line in /opt/scripts/firewall-start.sh (create the file if it does not exist):
Code:
iptables -D loc2fw 3

After each reboot, or internal firewall restart (and when the iptables are being reset to default NG conf), this script is ran.
 

BritinMA

Occasional Visitor
If you are using @Voxel firmware, you can simply add this line in /opt/scripts/firewall-start.sh (create the file if it does not exist):
Code:
iptables -D loc2fw 3

After each reboot, or internal firewall restart (and when the iptables are being reset to default NG conf), this script is ran.
Hello!

I am absolutely using Voxel's firmware; It was remiss of me to not state it!

I was not aware of the /opt/scripts/firewall-start.sh script - that was most helpful. Thank you!

This is the code I've written; It provides a modicum of logic before the command.

Code:
linedel=$(iptables -L loc2fw --line-numbers |grep snmp-trap |awk {'print $1'})
if [ ! -z "$linedel" ]; then
    iptables -D loc2fw $linedel
fi
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top