[LEDE-DEV] Adding firewall extensions for xt_geoip usage
Philip Prindeville
philipp_subx at redfish-solutions.com
Sun Dec 10 11:33:55 PST 2017
> On Dec 9, 2017, at 1:33 AM, Arjen de Korte <arjen+lede at de-korte.org> wrote:
>
> Citeren Philip Prindeville <philipp_subx at redfish-solutions.com>:
>
>> Jo and others:
>>
>> Is there an easy way to extend firewall rules? I’d like to add support to blocking on a per-country basis, possibly with qualified exceptions.
>
> Take a look at /etc/firewall.user. Most stuff you want to add fits nicely in there. The comments in that file make the use pretty self explanatory.
>
Problem is that only people such as ourselves who are comfortable hacking with iptables (and optionally ipset and tc, if we’re doing sophisticated rate-limiting, etc) could do this.
I’m trying to make it a little easier for the unsophisticated user.
-Philip
More information about the Lede-dev
mailing list