Posted: Tue Jan 29, 2019 14:21 Post subject: iptables iprange challenges
Hello there,
I'm experimenting with some advanced setup that would include specific iptables rules that allow a specific source ip range to access a specific target ip range in a multiport setup.
That may sound difficult to read, so here's an example:
This is seemingly accepted, but when running an iptables -L test I see no entries:
Code:
# iptables -L test
Chain test (0 references)
target prot opt source destination
Using the binary package from entware (/opt/sbin/iptables in my setup) to add & review these looks like working just fine.
Built-in iptables shows:
Code:
iptables -L test
Chain test (0 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere destination IP range 0.0.0.0-0.0.0.0 udp dpt:dns
Entware iptables shows:
Code:
/opt/sbin/iptables -L test
Chain test (0 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere source IP range 192.168.5.2-192.168.5.10 multiport dports bootps:bootpc destination IP range 192.168.3.4-192.168.3.8
In that sense, my question would be: is it safe to ditch the built-in iptables bin and rely/depend on the one from entware?
This is Kong's build on an ASUS RT-AC88U: Linux blah 4.4.159 #3933 SMP Thu Oct 4 07:42:02 CEST 2018 armv7l DD-WRT
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Tue Jan 29, 2019 15:45 Post subject:
sadly DDWRT build in iptables are stripped and some variables/commands are missing, for example i do not have multiport running on all my routers...
if you can get full version trough Entware stick to it...
do notice next time when you ask questions tell us about router model and current build running, as guessing it could be too hard for those that want to help you... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Frankly I don’t anticipate any madness given iptables is kind of like a client app for the kernel magic - feels weird to say that out “loud”, but here goes
do notice next time when you ask questions tell us about router model and current build running, as guessing it could be too hard for those that want to help you...
I’ve had a weak attempt at that:
Quote:
This is Kong's build on an ASUS RT-AC88U: Linux blah 4.4.159 #3933 SMP Thu Oct 4 07:42:02 CEST 2018 armv7l DD-WRT