SurprisedItWorks DD-WRT Guru
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
|
Posted: Fri Feb 03, 2023 21:44 Post subject: |
|
To say again what Save Firewall does, in different words...
Edit Firewall copies the Firewall window to the Command window for your editing pleasure. Save Firewall copies the Command window to the Firewall window, overwriting what was there before, and it also clears the Command window. Nothing bad happens if you start editing, change your mind, and never save it. The old Firewall window contents remains unchanged. The contents of the Firewall window live in an nvram variable rc_firewall, so they can survive a reboot.
And of course there is a long list of built-in firewall commands. Whenever the internal (SPI) firewall needs creating (on boot) or updating (Apply on many GUI pages), dd-wrt will zero out the firewall, reinitialize it with the built-in firewall commands, then run whatever commands it finds in rc_firewall, i.e. in the Firewall window. So the Firewall window is for your code to modify the standard firewall.
Those Firewall-window commands can actually be any shell commands even though most users only use iptables commands in particular, as those are the usual commands to manipulate the internal firewall. This entire firewall-creation process can run several times during the boot process - the last time I tested it my router ran it four times during boot. So anything you put in that Firewall window should be commands that are OK to run over and over.
I'm writing from an IPv4 point of view, as I'm frightfully ignorant about IPv6. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN. |
|