RT-AC66U B1 - Unable to set permanent iptables rules

[coqypef]

So I telnet to my router and enter my iptables commands:

iptables -I FORWARD -o eth0 -m state --state NEW -j DROP
iptables -I FORWARD -o eth0 -d x.x.x.x/24 -m state --state NEW -j ACCEPT
iptables -A INPUT -s y.y.y.y -j DROP
iptables -A OUTPUT -d y.y.y.y -j DROP

Works fine, but those rules will disappear upon reboot of course.

So I do the following instead:

nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -o eth0 -m state --state NEW -j DROP
/usr/sbin/iptables -I FORWARD -o eth0 -d x.x.x.x/24 -m state --state NEW -j ACCEPT
/usr/sbin/iptables -A INPUT -s y.y.y.y -j DROP
/usr/sbin/iptables -A OUTPUT -d y.y.y.y -j DROP'
nvram commit
reboot

But when the router has booted, those rules have not been added to iptables. The output of nvram get rc_firewall seems fine though. What am I doing wrong?

Model: Asus RT-AC66U B1
fw 3.0.4.380_3983
BL version (CFE): 1.1.2.0

 

[RMerlin]

There's no rc_firewall nvram setting in the firmware, that value won't be used anywhere.

 

[coqypef]

There's no rc_firewall nvram setting in the firmware, that value won't be used anywhere.

Oh, ok. How do I set permanent iptables rules with this firmware then?

 

[RMerlin]

Oh, ok. How do I set permanent iptables rules with this firmware then?

You can't. You need a third party firmware with that capability to do that.