what exactly do you mean “does not work”?
is your ipset “turris-sn-dynfw-block” empty? (check via ssh).
do you have empty counters in iptables rules that use “match-set turris-sn-dynfw-block”?
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 zone_wan_src_DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set turris-sn-dynfw-block src ctstate NEW /* !sentinel: dynamic firewall block */
Chain zone_wan_input (1 references)
pkts bytes target prot opt in out source destination
348 15537 zone_wan_src_DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set turris-sn-dynfw-block src mark match ! 0x10/0x10 ctstate NEW /* !sentinel: dynamic firewall block */
if so, can you check if sentinel-dynfw-ipset and sentinel-dynfw-client are enabled in luci/system/startup?
I had to enable and start them manually in order for them to work.
I’d be glad if you could check and verify if it helps.