Hi, I think that a rule is missing in the default firewall configuration.
The default INPUT chain is the following: Chain INPUT (policy DROP) target prot opt source destination DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere SYN_FLOOD tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN input_rule all -- anywhere anywhere zone_lan all -- anywhere anywhere I think that the following rule is also needed: iptables -A INPUT -j zone_wan otherwise the hook provided for user defined rules doesn't work. In my configuration I'm using a wifi interface in client mode as wan interface. However for some reason when the firewall is started the wan interface is not reported as up and then the previous rule is not added to the INPUT chain. After the boot the file /tmp/state/network reports the wan interface as up. In fact if I restart the firewall manually everything works fine. Any ideas about why the wan is not reported as up at boot time? After all the firewall script is executed after the network script. _______________________________________________ openwrt-devel mailing list [email protected] http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
