[FS#806] Does not equal iptables rule not working

LEDE Bugs lede-bugs at lists.infradead.org
Fri May 26 10:01:57 PDT 2017


The following task has a new comment added:

FS#806 - Does not equal iptables rule not working
User who did this - Jo-Philipp Wich (jow-)

----------
There's two issues preventing your rule to work with the current firewall implementation.

1) "option extra" has no support for "-i", "-o", "-s" or "-d".

So far, only match specific options were allowed in "option extra" which causes your
rule to get rejected with "Bad argument" during parsing.

A workaround is to use "option dest wan" instead.

Support for "-i", "-o", "-s" and "-d" has now been added to upstream firewall3.git with http://git.lede-project.org/0e5dd73


2) "option src_ip" must have no space between the "!" and the IP address.

Since "option src_ip" is parsed as space separated list for "config rule" sections,
your "option src_ip '! 192.168.1.0/24'" is interpreted as list src_ip '!'
list src_ip '192.168.1.0/24' which leads to an error like Warning: Option @rule[0].src_ip has invalid value '!'

A workaround is to remove the space between the exclamation mark and the address.

A fix for this parsing behavior has been added to upstream firewall3.git with http://git.lede-project.org/3d2c18a
----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=806#comment2675



More information about the lede-bugs mailing list