[FS#806] Does not equal iptables rule not working
LEDE Bugs
lede-bugs at lists.infradead.org
Fri May 26 10:01:57 PDT 2017
The following task has a new comment added:
FS#806 - Does not equal iptables rule not working
User who did this - Jo-Philipp Wich (jow-)
----------
There's two issues preventing your rule to work with the current firewall implementation.
1) "option extra" has no support for "-i", "-o", "-s" or "-d".
So far, only match specific options were allowed in "option extra" which causes your
rule to get rejected with "Bad argument" during parsing.
A workaround is to use "option dest wan" instead.
Support for "-i", "-o", "-s" and "-d" has now been added to upstream firewall3.git with http://git.lede-project.org/0e5dd73
2) "option src_ip" must have no space between the "!" and the IP address.
Since "option src_ip" is parsed as space separated list for "config rule" sections,
your "option src_ip '! 192.168.1.0/24'" is interpreted as list src_ip '!'
list src_ip '192.168.1.0/24' which leads to an error like Warning: Option @rule[0].src_ip has invalid value '!'
A workaround is to remove the space between the exclamation mark and the address.
A fix for this parsing behavior has been added to upstream firewall3.git with http://git.lede-project.org/3d2c18a
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=806#comment2675
More information about the lede-bugs
mailing list