Posted: Sat Dec 09, 2017 14:58 Post subject: IPTABLES startup command disabled by APPLY SETTINGS?
I have a security question regarding the use of the IPTABLES command on Startup (under Administration / Commands) to provide firewall protection on two routers running DD-WRT.
My two routers are programmed to perform a series of commands starting with
iptables -I FORWARD -m state --state NEW -s 0.0.0.0/0 -j logdrop
followed by specific logaccept overrides related to my WAN side subnets.
This works fine with what appears to be one HUGE exception that I just stumbled upon. Specifically, if I perform any router configuration adjustment (followed by SAVE and APPLY SETTINGS) and I don't also do a full reboot, the firewall protections provided by the iptables commands executed at startup appear to be disabled until I do a full reboot.
I am definitely not an expert so if this is something that has been well documented (or if my iptables commands are badly engineered), please just provide a link to a discussion that will help me to sort through this better.
Here are the specs for my two routers running DD-WRT:
Software: DD-WRT v3.0-r28112 std (11/10/15)
Hardware: Asus RT-AC3200
For security reason use the latest build, yours is old.
Firewall commands should be saved as firewall and not as startup
Thanks very much; I had overlooked the "Save Firewall" option on the Administration / Commands page. When I am back in my office I will move my iptables commands from the Startup to the Firewall area. (I was confused at first by your explanation because the Firewall box which shows the Firewall instructions-- like the startup instructions-- is only created after the "Save Firewall" command has been executed.) Also, will deal with figuring out how to upgrade to latest build when I am back in my office.
Posted: Sun Dec 10, 2017 3:53 Post subject: Upgrade
See the link in my signature on how to upgrade.
I would suggest 33772, but I do not own that particular router. _________________ Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.
Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one, I am trying to update them.
TP-Link Archer C7 v2 x2 - WDS AP, WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - WDS Station
Linksys WRT400N - bricked
D-Link 615 C1 x 4 - not used
D-Link 615 E3 x 2 - not used
D-Link 825 B1 - WDS Station
D-Link 862L A1 x2 - WDS Station
Netgear WNDR3700v2 - WDS Station
TP-Link 1043nd v1, inactive, unstable hardware
UBNT loco M2 x2 - airOS
Asus N66U - backup Gateway
Netgear r6300 v1 - AP
Linksys E2500 - not used
Linksys EA2700 - not used
Linksys 160N v3 x2 - not used
Netgear WNDR3700v3 - not used
UBNT EdgeRouter X - Gateway, DHCP, QoS