Tomov
February 8, 2021, 4:58pm
1
I have the default policy in the Network / Firewall / section set to DROP.
I changed to REJECT:
but Status / Firewall still shows DROP:
Via CLI: iptables -S
also shows -P INPUT DROP
CLI command: iptables -P INPUT REJECT
returns iptables: Bad policy name. Run
dmesg 'for more information`
iptables -P INPUT ACCEPT
iptables -P INPUT DROP
works correctly
Why only REJECT doesn’t work?
Firewall and TO reboots completed.
Tested on TO 5.1.9
1 Like
jose.d
February 9, 2021, 7:02pm
2
1 Like
Tomov
February 10, 2021, 2:11pm
3
Thanks for the clarification!
I thought my firewall was broken
But that means LUCI is misleading.
This is confusing and the REJECT option should not be visible in the settings
Tomov
February 10, 2021, 2:39pm
4
Can I still ask you for help, where is the best place to add my own rules to block incoming traffic from the Internet?
I would like to add for example:
-A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG
-A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
(or -j RETURN
)
Add to main chain INPUT or input_rule or input_wan_rule or to zone_wan_input ?
jose.d
February 11, 2021, 12:15pm
5
why not stay with the equivalent
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
system
Closed
February 14, 2021, 12:44pm
7
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.