Posted: Fri Dec 07, 2018 14:23 Post subject: Backup Configuration Include Firewall Rules?
I've a huge amount of configuration on my router and have recently been working with iptables to secure my security cameras, etc. During this process, I'm seeing all kinds of iptables rules I don't think should be there. I'd like to flash back to default, see what the default iptables rules are, slowly add back in settings, and keep an eye on how iptables rules change over time so I can better understand what should and should not be present.
All that said, if I use Administration > Backup Configuration and hard reset, will a restore of this file bring back everything or are there things it doesn't backup?
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Fri Dec 07, 2018 16:52 Post subject:
there are some default iptables rules even after restart, there is also a moment that those rules are created when you have a WAN access if you flash the router without a WAN they are not created until then...
in relation to isolate ip web cam to local use only there is a rule for it so they will not spam outside of your network...
iptables -I FORWARD -i br0 -o $(nvram get wan_iface) -p tcp -s ip of camera -j DROP _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Thanks for sharing the firewall rule, I'll have to try it later.
Since I have so many rules, I'm afraid about the sequence of them ... is there a way I can validate I have it right by looking in the logs or would I need to post the rules here and have a guru confirm?
Posted: Sat Dec 08, 2018 12:31 Post subject: Re: Backup Configuration Include Firewall Rules?
Bugsysiegals wrote:
...if I use Administration > Backup Configuration and hard reset, will a restore of this file bring back everything or are there things it doesn't backup?
A nvram backup thru the GUI should save/restore everything just as router was .....
..... BUT -- it will NOT restore a WAN MAC address if you use WAN MAC clone.
I’ve backed up NVRAM variables before and tried to restore them, same build, with no success ... I’m guessing since firewall rules aren’t stored in the variables but rather the /tmp/.ipt file.
I’ve also taken backups using the GUI but never tried to restore so only assume the firewall rules are backed up....
The information from Administration->Commands is stored in nvram and is backed up.... I am looking at some from a build right now. If you are doing that it should work, if you are manually adding them via command line then no.
You can always try to do a back up and then search the file, or from command line do a