On Saturday, 2012-12-22 at 20:21:52 -0500, Brian J. Murrell wrote: > On 12-12-22 06:51 PM, Lupe Christoph wrote:
> > I guess for you, this might work: > > $IPTABLES -A OUTPUT -o br-lan -s 172.17.0.1 -d 172.17.0.0/24 -m state > > --state NEW -p udp -m udp --dport 514 -j ACCEPT > Of course. But I am looking to encode that rule into > /etc/config/firewall. But as Jow mentioned in the other message, > OpenWRT's firewall module is not (yet?) capable of such a rule. :-( That's the reason I do not use it, but create my own ruleset with fwbuilder. OpenWRT's beuilt in firewall is just too simplistic for advanced tasks. I don't blame it for that - it is useful for many things. It just means that you have to abandon it when its scope becomes too small. Putting customs rules into /etc/firewall.user manually becomes unmanageable after maybe half a dozen rules. I didn't even try, so I can't say if this file is useful. I just retargeted fwbuilder to OpenWRT when I replaced my FreeBSD machine. Lupe Christoph -- | It is a well-known fact in any organisation that, if you want a job | | done, you should give it to someone who is already very busy. | | Terry Pratchett, "Unseen Academicals" | _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-users
