Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FS#811 - r4214 - iptables (?) not read properly /etc/config/firewall #5764

Closed
openwrt-bot opened this issue May 26, 2017 · 4 comments
Closed

FS#811 - r4214 - iptables (?) not read properly /etc/config/firewall #5764

openwrt-bot opened this issue May 26, 2017 · 4 comments
Labels
flyspray

Comments

@openwrt-bot
Copy link

build000:

root@WITI:~# cat /etc/config/firewall

config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option drop_invalid '1'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wwan'
option family 'ipv4'

config rule
option target 'ACCEPT'
option name 'wyjatek'
option src '*'
option dest 'lan'
option dest_ip '192.168.x.x'
option proto 'all'

config rule
option target 'ACCEPT'
option name 'wyjatek'
option src '*'
option dest 'lan'
option dest_ip '192.168.x.x'
option proto 'all'

config rule
option target 'ACCEPT'
option name 'wyjatek'
option src '*'
option dest 'lan'
option dest_ip '192.168.x.x'
option proto 'all'

config rule
option target 'ACCEPT'
option name 'wyjatek'
option src '*'
option dest 'lan'
option dest_ip '192.168.x.x'
option proto 'all'

config rule
option src '*'
option dest 'lan'
option target 'REJECT'
option extra '--kerneltz'
option weekdays 'Sun Mon Tue Wed Thu'
option start_time '22:00:00'
option stop_time '23:59:59'
option name 'harmonogram blokowania sieci od 22 do 00 w Nie,Pon,Wt,Sr,Czw'
option family 'ipv4'
option proto 'all'

config rule
option weekdays 'Mon Tue Wed Thu'
option start_time '00:00:00'
option target 'REJECT'
option extra '--kerneltz'
option src '*'
option dest 'lan'
option stop_time '17:59:59'
option name 'harmonogram blokowania sieci od 00 do 18 w Pon,Wt,Sr,Czw'
option family 'ipv4'
option proto 'all'

config rule
option src '*'
option target 'REJECT'
option weekdays 'Fri'
option start_time '00:00:00'
option stop_time '13:59:59'
option dest 'lan'
option extra '--kerneltz'
option name 'harmonogram blokowania sieci od 00 do 14 w Pt'
option family 'ipv4'
option proto 'all'

config include
option path '/etc/firewall.user'

root@WITI:~# /etc/init.d/firewall restart

  • Flushing IPv4 filter table
  • Flushing IPv4 nat table
  • Flushing IPv4 mangle table
  • Flushing IPv6 filter table
  • Flushing IPv6 mangle table
  • Flushing conntrack table ...
  • Populating IPv4 filter table
    • Zone 'lan'
    • Rule 'wyjatek'
    • Rule 'wyjatek'
    • Rule 'wyjatek'
    • Rule 'wyjatek'
    • Rule 'harmonogram blokowania sieci od 22 do 00 w Nie,Pon,Wt,Sr,Czw'
      (null) v4: time: option "--kerneltz" can only be used once.

root@WITI:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
@openwrt-bot
Copy link
Author

build000:

Prior to this revision/version (or earlier - just now I noticed) it worked well (--kerneltz option).

@openwrt-bot
Copy link
Author

build000:

ok - hehe - remove "--kerneltz" option and new working fain - probably latest fixed firewall in repo LEDE project fixed this old bug from firewall to OpenWRT/LEDE....or pleas comment if not.
Time working to my in Warsaw/Europe - when remove "--kerneltz" option firewall working is to my local time (not UTC).
Generaly problem fixed = remove "--kernltz" option <=> firewall working to local time if not use "utc" option.

@openwrt-bot
Copy link
Author

lleachii:

Reported in Task 548

https://bugs.lede-project.org/index.php?do=details&task_id=548

@openwrt-bot
Copy link
Author

build000:

Thank you @lleachii for the link and at the same time for confirming my guesses - in that case my problem/ambiguity of the situation is/are solved ... for the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
flyspray
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@openwrt-bot