I want to write firewall rules that allow the router to send traffic to specific hosts in the lan zone. i.e. syslog to a syslog server.
I can't seem to figure out what the "src" value for such a rule would
be.
Looking at the current OUTPUT chain(s):
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
77 10780 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 output_rule all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output (1 references)
pkts bytes target prot opt in out source destination
0 0 zone_lan_DROP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 zone_wan_DROP all -- * * 0.0.0.0/0
0.0.0.0/0
I *think* the desired end result would be a rule in the output chain
above the two existing zone_*_DROP rules that looks like:
17 2939 ACCEPT udp -- * br-lan 0.0.0.0/0 10.75.22.3
udp dpt:514
Of course it's important that the output interface be included in
addition to the destination address/port to ensure that packets
are going to the correct network.
Any hints, examples, etc.?
Cheers,
b.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-users
