Coming from such an old build it is recommended to reset to defaults after upgrade and put settings in manually.
(You could opt not to and see how it goes )
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Mon Apr 25, 2022 8:59 Post subject:
i have a odd issue on my 1043v2 (now running 48646)
couple of build backswords i've found some of my rules regarding -m mac --mac-source are not listed under iptables -vnL
but, i can see those saved in nvram show....
iptables -I INPUT -i eth0 -m mac --mac-source xx:xx:xx:xx:xx:xx -j REJECT
in start up i also do have
insmod ipt_mac
insmod xt_mac
but, if i look at lsmod
ipt_mac modules are not there...i can see only xt_mac
the issue is very random, sometimes those load up and show off...but very rarely...it may takes mind boggling number of reboots...
I also did try to reset and manually rebuild with no avail...
i also tried to redesign firewall rules and start up commands and ect..but my set up was ok in the past and haven't moved away of it...ever since...
10x in advance ! _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
but the default 3.18.xxx on 1043v2 doesn't have xt_mac.ko
and i need it in order to gain contol of my router as i have rules rejecting GUI and only specific macs are permited to it...
and i add those rules manually vial SSh when i need those
if no xt_mac.ko - is installed i get:
iptables v1.8.5 (legacy): Couldn't find match `mac'
Try `iptables -h' or 'iptables --help' for more information.
and no fun...
the problem is those rules are working when module is installed, but iptables -vnL command doesnt alwasy shows the output of it...
and usialy i have a couple of bad devices connected to the router ahead, that constantly spam the eth0 (WAN) with trys...(topology is router bhnd router, Doble NAT) and second router is a VPN client...(with NAT)...and firewall rules...
the other odd bit is...
if i have xt_mac.ko installed via start up script and my rules are in the firewall
when boots badly, lsmod shows xt_mac with 0, iptables -vnL (rules missin)
but if i add those manually via SSh they start to apear in lsmod...as well iptables -vnL
weirdo is, it takes a mind boggling number of reboots to.... boot once (correctly) and shows lsmod info as well iptables -vnL output,
but most of the time it doesn't boot as it should....
may be i have to set sleep 10 or 20 on the top of the firewall script... ?
P.S.
all sorted sleep 5 did the trick...
it seams BS must've adjusted start up script to be executed later than the firewall for some reason...no clue why sometimes it does the opposite 1 out or 100 times and my rules ware shown...
now back to normal...bloody sleep 5 on the top of my firewall rules did the trick problem solved
now another annoying thing is if in GUI 'apply' button is pressed process restart also triggers shutdown script.... i hate that moment as i need to manually reboot some services.... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Mon Apr 25, 2022 12:18; edited 1 time in total