[OpenWrt-Devel] Firewall Documentation
Dave Turvene - Work
dturvene at dahetral.com
Thu Aug 9 10:55:47 EDT 2018
> On 06/08/2018 22:07, Dave Turvene - Work wrote:
> > Greetings -
> >
> > I cleaned up the documentation in
> >
> > https://openwrt.org/docs/guide-user/base-system/log.essentials
> >
> > as a prelude to adding a section on iptable logging rules. The wiki
> > source just has the following snippet:
> > "pagequery>@:docs:guide-user:firewall:netfilter-iptables *"
> >
> > How do I go about adding a page under (git directory?)
> > netfilter-iptables so I can document my iptable logging chains/rules?
> >
> > Thanks,
> >
> > David Turvene
>
> you can create the new page by writing the link to it in the browser and
> then editing the page you land in.
>
> For example this is a link to a page called "asdadasd"
> https://openwrt.org/docs/guide-user/services/automation/asdasdasd
> Which does not exist yet. Click on the pencil button on the right to
> edit/create it.
>
> You can write the link however you like and it will land in the same
> "there is no page yet" page and you will be able to create a page there.
>
https://openwrt.org/docs/guide-user/services/automation/domoticz_another_page
>
> The page made with that link will then appear automatically in the
> "automation" category in other pages that show all pages from a specific
> category, like here
> https://openwrt.org/docs/guide-user/services/automation/start
>
> We actually discussed wiki plugins to let people add new pages with a
more intuitive way here
> https://forum.openwrt.org/t/lede-openwrt-wiki-merge/10861/108 but I
didn't yet find the time to do that.
>
> -Alberto
Thanks, I added a page to the firewall configuration section:
https://openwrt.org/docs/guide-user/firewall/iptables-log-forwarded-packets
and then I looked at other pages in the firewall section. Many, if not
most, are very old and no longer a good way to set up the firewall.
I started adding a warning to those pages I KNOW are inaccurate but that
became tedious - especially considering some of the pages are still
valid but there is a better/less-difficult mechanism. One repeated
issue I see is the openwrt firewall3 (fw3) user-space executable has
replaced the need for still-referenced but un-supported executables used
to generate iptable chains/rules (fwBuilder, Essence, Shorewall).
Many of the iptable shell scripts are suspicious, confusing, or specific
to a device configuration - and appear to be from the freifunk effort.
There are several references to ebtables and nftables - one appears to
be deprecated and one not integrated. All the netfilter kernel modules
and openwrt packages are concisely documented for the 2.6.32 kernel.
So there is a good amount of work to clean up the firewall section -
which is central to the purpose of openwrt. I'm willing to clean it up
but not through-the-web. I would use emacs to edit multiple markup
pages quickly.
Maybe it's better to leave this section alone for historical purposes
and with a deprecation warning like the old wiki.openwrt.org pages?
David Turvene
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list