Groups | Search | Server Info | Login | Register

Groups > comp.misc > #26257

Re: Firewalls: Rant

From Sylvia Else <sylvia@email.invalid>
Newsgroups comp.misc
Subject Re: Firewalls: Rant
Date 2024-12-08 13:35 +0800
Message-ID <lrkph9F1cilU1@mid.individual.net> (permalink)
References <lrigkhFkmi4U1@mid.individual.net> <6754bad3@news.ausics.net>

Show all headers | View raw

On 08-Dec-24 5:14 am, Computer Nerd Kev wrote:
> Sylvia Else <sylvia@email.invalid> wrote:
>> Now apparently, that's not good enough, so I have to get my head around
>> nftables.
>>
>> On, but wait, this is OpenWrt, which has yet another layer added - fw4.
>>
>> And all I wanted to do was upgrade the OS to get rid of a long-standing
>> and very annoying race condition that would kill the WiFi at
>> unpredictable moments.
>>
>> Yes, I know I'm using this router in a rather different way from the
>> usual, but sometimes people do things like that.
> 
> I guess it depends how different your usage is, but if you're using
> OpenWrt's fw4 firewall configuration, it's supposed to accept the
> same configuration syntax as fw3, so the switch to nftables
> shouldn't be causing problems if you were using that
> (/etc/config/firewall).
> 
> Mind you the increased bloat of current OpenWrt (or its included
> software, including the Linux kernel, which have been getting
> bigger with each version) has caused me problems. Including,
> as it happens, issues with it killing the WiFi when it ran out of
> RAM. Oh for a maintained software environment that doesn't have an
> obesity problem...
> 

I was just iptables directly, since I know how to configure it. I need 
to reverse the trust relationship, trusting wan, and not trusting lan. 
In the end I've just gone through the luci stuff, replacing lan with wan 
and vice versa. Now I just need to figure out the best way of blocking 
access from lan to some wan subnets. Probably not difficult, though it 
would help if I could find a defined syntax, rather than just examples. 
Maybe I'm just looking in the wrong place.

Sylvia.

Back to comp.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Firewalls: Rant Sylvia Else <sylvia@email.invalid> - 2024-12-07 16:51 +0800
  Re: Firewalls: Rant not@telling.you.invalid (Computer Nerd Kev) - 2024-12-08 07:14 +1000
    Re: Firewalls: Rant Sylvia Else <sylvia@email.invalid> - 2024-12-08 13:35 +0800
      Re: Firewalls: Rant Computer Nerd Kev <not@telling.you.invalid> - 2024-12-08 16:24 +1000
        Re: Firewalls: Rant Sylvia Else <sylvia@email.invalid> - 2024-12-08 18:52 +0800
  Re: Firewalls: Rant Salvador Mirzo <smirzo@example.com> - 2024-12-11 20:39 -0300
    Re: Firewalls: Rant Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-12-12 01:12 +0000

csiph-web