What's new

Solved R9000 iptables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BritinMA

Occasional Visitor
Hello,

I have installed mini_snmpd today, and could only get it to work on the router itself, and not from a local machine on the LAN side; Turns out that in the loc2fw chain, snmp is blocked:

Code:
iptables -L loc2fw --line-numbers
..
..
3    DROP       udp  --  anywhere             anywhere             state NEW multiport dports snmp,snmp-trap
..
..

So after deleting that line, it's working.

Code:
iptables -D loc2fw 3

After a reboot, it obviously is blocked again; I could write a script to check for, and if found, delete that rule, but I wonder what sets iptables at boot, and can it be manipulated so that a reboot will not set up the block?

Any pointers are welcome!

Thanks
 
Hello,

I have installed mini_snmpd today, and could only get it to work on the router itself, and not from a local machine on the LAN side; Turns out that in the loc2fw chain, snmp is blocked:

Code:
iptables -L loc2fw --line-numbers
..
..
3    DROP       udp  --  anywhere             anywhere             state NEW multiport dports snmp,snmp-trap
..
..

So after deleting that line, it's working.

Code:
iptables -D loc2fw 3

After a reboot, it obviously is blocked again; I could write a script to check for, and if found, delete that rule, but I wonder what sets iptables at boot, and can it be manipulated so that a reboot will not set up the block?

Any pointers are welcome!

Thanks

If you are using @Voxel firmware, you can simply add this line in /opt/scripts/firewall-start.sh (create the file if it does not exist):
Code:
iptables -D loc2fw 3

After each reboot, or internal firewall restart (and when the iptables are being reset to default NG conf), this script is ran.
 
If you are using @Voxel firmware, you can simply add this line in /opt/scripts/firewall-start.sh (create the file if it does not exist):
Code:
iptables -D loc2fw 3

After each reboot, or internal firewall restart (and when the iptables are being reset to default NG conf), this script is ran.
Hello!

I am absolutely using Voxel's firmware; It was remiss of me to not state it!

I was not aware of the /opt/scripts/firewall-start.sh script - that was most helpful. Thank you!

This is the code I've written; It provides a modicum of logic before the command.

Code:
linedel=$(iptables -L loc2fw --line-numbers |grep snmp-trap |awk {'print $1'})
if [ ! -z "$linedel" ]; then
    iptables -D loc2fw $linedel
fi
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top