[lr1993]

I have a security question regarding the use of the IPTABLES command on Startup (under Administration / Commands) to provide firewall protection on two routers running DD-WRT.

My two routers are programmed to perform a series of commands starting with

iptables -I FORWARD -m state --state NEW -s 0.0.0.0/0 -j logdrop

followed by specific logaccept overrides related to my WAN side subnets.

This works fine with what appears to be one HUGE exception that I just stumbled upon. Specifically, if I perform any router configuration adjustment (followed by SAVE and APPLY SETTINGS) and I don't also do a full reboot, the firewall protections provided by the iptables commands executed at startup appear to be disabled until I do a full reboot.

I am definitely not an expert so if this is something that has been well documented (or if my iptables commands are badly engineered), please just provide a link to a discussion that will help me to sort through this better.

Here are the specs for my two routers running DD-WRT:

Software: DD-WRT v3.0-r28112 std (11/10/15)
Hardware: Asus RT-AC3200

Thanks for any help you can offer.

[egc]

For security reason use the latest build, yours is old.

Firewall commands should be saved as firewall and not as startup

[lr1993]

[ian5142]

See the link in my signature on how to upgrade.

I would suggest 33772, but I do not own that particular router.