Hi to all,
I need to use firewall rule, which applies to outgoing traffic generated
by device. I need this because I want to be sure that there is no
communication on unencrypted wan sourced by openwrt. But it seems that
rule which worked for me in previous release does not apply:
config 'zone'
option 'name' 'wan'
option 'input' 'REJECT'
option 'output' 'REJECT'
option 'forward' 'REJECT'
option 'network' 'wan'
option masq 1
config 'rule'
option 'target' 'ACCEPT'
option 'dest' 'wan'
option 'proto' 'udp'
option 'dest_port' '123'
option 'name' 'wan_ntp'
So I suspect that it should reject entire traffic except ntp
synchronization. But I cannot find any iptables rule in OUTPUT which
would do this.
Did I miss something? I think that this feature is usefull. Even if
documentation says, that src is required, maybe it is good to change it
to "src or dest is required". And if only dest is set, apply rule to
OUTPUT.
Thnk you very much,
Lukas Macura
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
