firewall4
firewall4 copied to clipboard
openwrt
[MIRROR] OpenWrt nftables firewall
Let kernel heuristics take care of offloading decapsulation Packets may still enter flow engine one encapsulation below actual interface subject to heuristics, while exiting it on listed interfaces, in kernel...
firefox tries 300s keeplaive for udp stream gcp responds with 120s chromium uses 30s as a result firefox doesnt perform well like yt freezing, maps stuck etc against google at...
locate offload at the end of slowpath ... use builtin tcpudp filter in place of extra filter ... and directly yield to offload-add kworker drop invalid asap and avoid further...
Do not emit helper jump if no helper modules are present saving per-every-packet bytecode before ct: ``` inet fw4 prerouting [ meta load iifname => reg 1 ] [ cmp...
Given the following uci configuration: ``` add firewall rule set firewall.@rule[-1].name='Forward-auth-captive' set firewall.@rule[-1].src="captivezone" set firewall.@rule[-1].dest='wan' set firewall.@rule[-1].proto='any' set firewall.@rule[-1].target='ACCEPT' set firewall.@rule[-1].ipset='captive' add firewall ipset set firewall.@ipset[-1].name='captive' add_list firewall.@ipset[-1].match='src_mac' ``` firewall4...
I want to redirect all traffic from LAN to WAN IP1 (or an ipset) to WAN IP2. For now, this can be accomplished by the DNAT rule: ``` config redirect...
Dropping packets with no clear forward destination is nicer than rejecting them. Especially when some providers punish users for spoofing caused by their noisy infra. Fixes: https://github.com/openwrt/openwrt/issues/13340 Signed-Off-By: Andris PE
Symbolic ICMP types for MLD were added in commit e6e82a55206cf7017f26b92f7097f779161b5cac. This commit updates the config file to use them.
In my case , i want to remove connection tracking on DNS on my local network only . I added 2 rules extract of `/etc/config/firewall` ``` # rule A config...
When filtering by MAC address, it is usually necessary to filter both IPv4 and IPv6. If it is not allowed to set the family of ipset to any, it will...
