Ip6tables -I INPUT -m rt -rt-type 0 -j DROP # Filter all rh0 type headers (DROP before they could be accepted) # Allow traffic from local network to local host Ip6tables -A OUTPUT -o he-local-ipv6 -j ACCEPT #ip6tables -A OUTPUT -o he-ipv6 -j ACCEPT # First, flush and delete all tables and rules: Is there any way to place FWB on optware partition, instead JFFS or nvram? (my nvram has only 400b left available out of 32Kb total, thus whatever I can run from /opt partition, I put those scripts there, and not directly into nvram).Īlso, since I have simple ip6tables rules in place, is there any way to be able to import them into FWB from ip6tables? Currently, if I try to do so, FWB skips most of them.Įxport IP6TABLES_LIB_DIR=/opt/usr/lib/iptables I have managed to use ip6tables and placed them on optware space (USB HDD, not JFFS). I have been trying to use firewall builder for quite a while, however, I had some issues, especially, FWB placement on the router available space (also with object definitions-I need more practice). I am very pleased to see you joined this forum and offered your expertise. Oh, I forgot to mention - you can download the latest packages of fwbuilder for testing from here: Script generated by the latest build of fwbuilder (v4.1.3 build 3417 or later) will not try to find modprobe on the system since it does not need it. The current build has the dd-wrt-jffs.xml modified to use insmod and rmmod in place of modprobe but still errors out with missing modprobe file. Maybe this post has been cleared but clearly the above thread could of been a Fruitful Thread. Quite an old post but since I was over at sourceforge looking through the current tickets regarding FW-Builder 4.1.2 and DD-WRT (missing modprobe install error) - Anyways I see this ticket has 8 post and was rated or scaled as a 5# not sure what priority that is since the original ticket was posted in July 2010. Please let me know if I can help you guys. I can make changes in the installer to optimize it for DD-WRT.Īre there popular features available in DD-WRT that I can add support for ? May be our built-in installer should work differently for DD-WRT? It has to do things very differently for Sveasoft where iptables script is saved in nvram rather than as a file on the filesystem. This can be fixed in the script, if necessary. It may be that grep is not there, or sed or something else. Sometimes small footprint embedded Linux does not have some command line tools used by the script generated by fwbuilder. (Note that path is configurable already, I just suggest making special configuration choice for DD-WRT that "knowns" what it should be). May be default path to command line tools used by generated script is wrong and needs to be changed ? This is very easy to implement but it would make the tool generate configuration ready right away for use on DD-WRT. Which method is preferred for the DD-WRT community? May be format of the generated script should be different ? Fwbuilder can generate iptables script that either uses iptables-restore or invokes iptables command for each rule, this is controlled by an option. I am posting this message into "Broadcom based hardware" forum as the most active, and "General questions" as the one that seem to fit best in the "Development" section. I am looking for suggestions from both developers and users of DD-WRT. The latest version of fwbuilder has many improvements in the GUI and rule engine and adds support for ipv6. I thought I would offer my help in case there is anything I can change in fwbuilder to make it work better with DD-WRT. Judging by the posts in this forum, it looks like fair number of DD-WRT users use fwbuilder. I am the author and project lead for Firewall Builder, firewall configuration and management software ( ) Posted: Mon 1:25 Post subject: How can I improve Firewall Builder - DD-WRT integration ?
0 Comments
Leave a Reply. |