Observation: logreject in iptables only rejects tcp

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1447
Location: Appalachian mountains, USA
PostPosted: Mon Nov 26, 2018 17:28    Post subject: Observation: logreject in iptables only rejects tcp Reply with quote
I use iptables commands to get network isolation between subnets, and it turns out that using either a logreject target or logdrop target will create a WEBDROP system-log entry, but only logdrop will actually stop a ping across subnet IP-space boundaries. Looking at the logreject and logdrop chains in iptables shows why: logdrop drops everything, while logreject drops only tcp connections.

It's been a while since I experimented with REJECT and DROP, but my recollection is that they worked correctly, on icmp "ping" tests as with everything else.

I call it a bug, but maybe that's just me. (And if it is, I have no idea how to create a bug report.)
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum