We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dave14305:
Device: bcm2711, r18639-f5865452ac
Firewall rule with a dscp match fails to process due to missing ip or ip6 family prepended to the dscp expression.
My rule: config rule option name 'WiFi Calling' list proto 'udp' option src '' option src_port '4500' option dest '' option dest_port '4500' option target 'DSCP' option set_dscp 'CS6' option dscp 'CS0' Invalid statements: chain mangle_forward { type filter hook forward priority mangle; policy accept; meta nfproto ipv4 udp sport 4500 udp dport 4500 dscp 0x0 counter ip dscp set 0x30 comment "!fw4: WiFi Calling" meta nfproto ipv6 udp sport 4500 udp dport 4500 dscp 0x0 counter ip6 dscp set 0x30 comment "!fw4: WiFi Calling" } Correct statements: chain mangle_forward { type filter hook forward priority mangle; policy accept; meta nfproto ipv4 udp sport 4500 udp dport 4500 ip dscp 0x0 counter ip dscp set 0x30 comment "!fw4: WiFi Calling" meta nfproto ipv6 udp sport 4500 udp dport 4500 ip6 dscp 0x0 counter ip6 dscp set 0x30 comment "!fw4: WiFi Calling" Old code: {%+ if (rule.dscp): -%} dscp{% if (rule.dscp.invert): %} !={% endif %} {{ fw4.hex(rule.dscp.dscp) }} {%+ endif -%} New code: {%+ if (rule.dscp): -%} {{ fw4.ipproto(rule.family) }} dscp{% if (rule.dscp.invert): %} !={% endif %} {{ fw4.hex(rule.dscp.dscp) }} {%+ endif -%}
config rule option name 'WiFi Calling' list proto 'udp' option src '' option src_port '4500' option dest '' option dest_port '4500' option target 'DSCP' option set_dscp 'CS6' option dscp 'CS0'
chain mangle_forward { type filter hook forward priority mangle; policy accept; meta nfproto ipv4 udp sport 4500 udp dport 4500 dscp 0x0 counter ip dscp set 0x30 comment "!fw4: WiFi Calling" meta nfproto ipv6 udp sport 4500 udp dport 4500 dscp 0x0 counter ip6 dscp set 0x30 comment "!fw4: WiFi Calling" }
chain mangle_forward { type filter hook forward priority mangle; policy accept; meta nfproto ipv4 udp sport 4500 udp dport 4500 ip dscp 0x0 counter ip dscp set 0x30 comment "!fw4: WiFi Calling" meta nfproto ipv6 udp sport 4500 udp dport 4500 ip6 dscp 0x0 counter ip6 dscp set 0x30 comment "!fw4: WiFi Calling"
{%+ if (rule.dscp): -%} dscp{% if (rule.dscp.invert): %} !={% endif %} {{ fw4.hex(rule.dscp.dscp) }} {%+ endif -%}
{%+ if (rule.dscp): -%} {{ fw4.ipproto(rule.family) }} dscp{% if (rule.dscp.invert): %} !={% endif %} {{ fw4.hex(rule.dscp.dscp) }} {%+ endif -%}
The text was updated successfully, but these errors were encountered:
jow-:
Fix pushed with accompanying regression test in https://git.openwrt.org/?p=project/firewall4.git;a=commitdiff;h=127dbc0558bc730cdeac37cc2ac70bbe2d7e4117;hp=101988d2ec1fee6d37f57e99e31d37554918447e
Sorry, something went wrong.
No branches or pull requests
dave14305:
Device: bcm2711, r18639-f5865452ac
Firewall rule with a dscp match fails to process due to missing ip or ip6 family prepended to the dscp expression.
My rule:
config rule
option name 'WiFi Calling'
list proto 'udp'
option src ''
option src_port '4500'
option dest ''
option dest_port '4500'
option target 'DSCP'
option set_dscp 'CS6'
option dscp 'CS0'
Invalid statements:
chain mangle_forward {
type filter hook forward priority mangle; policy accept;
meta nfproto ipv4 udp sport 4500 udp dport 4500 dscp 0x0 counter ip dscp set 0x30 comment "!fw4: WiFi Calling"
meta nfproto ipv6 udp sport 4500 udp dport 4500 dscp 0x0 counter ip6 dscp set 0x30 comment "!fw4: WiFi Calling"
}
Correct statements:
chain mangle_forward {
type filter hook forward priority mangle; policy accept;
meta nfproto ipv4 udp sport 4500 udp dport 4500 ip dscp 0x0 counter ip dscp set 0x30 comment "!fw4: WiFi Calling"
meta nfproto ipv6 udp sport 4500 udp dport 4500 ip6 dscp 0x0 counter ip6 dscp set 0x30 comment "!fw4: WiFi Calling"
Old code:
{%+ if (rule.dscp): -%}
dscp{% if (rule.dscp.invert): %} !={% endif %} {{ fw4.hex(rule.dscp.dscp) }} {%+ endif -%}
New code:
{%+ if (rule.dscp): -%}
{{ fw4.ipproto(rule.family) }} dscp{% if (rule.dscp.invert): %} !={% endif %} {{ fw4.hex(rule.dscp.dscp) }} {%+ endif -%}
The text was updated successfully, but these errors were encountered: