The content of this topic has been archived on 11 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
So, I know I can use the following command to drop pings to my box:
iptables -I INPUT 3 -p icmp --icmp-type echo-request -j DROP
But what format would this be put in the firewall.user file?
Also, does anyone have a link to a tutorial that more fully explains the OpenWRT implementation of IPTables? I am confused with the prerouting_rule and forwarding_rule syntax.
thanks
First up, here is the syntax you would use in the firewall.user file:
iptables -I input_rule -p icmp --icmp --icmp-type echo-request -j DROP
I'm not sure why you're using "-I" though as compared to "-A"?
As for IPtables, it's not "customised for OpenWRT" in any way. The whole firewall.user thing is just a script file used on OpenWRT for your own entries because the startup script is on the read-only partition. The reason for this, is that the basic firewall configuration sets up iptables to work with a single external address, block all inbound connections but allow all outbound connections (much like when you use the stock firmware). You have every right to change this default behaviour but it tends to fit most of our needs.
The firewall.user file allows extra rules to be defined to allow traffic inbound. Anyway, my recommendation to you for iptables is to read the iptables tutorial, available everywhere, but here's one mirror for you: http://www.faqs.org/docs/iptables/
Everything I know about iptables, I learned from this document in the space of about a day.
Kaldek
(Last edited by kaldek on 4 Jan 2006, 02:03)
The discussion might have continued from here.