OpenWrt Forum Archive

Topic: Q: Firewall rule doesn't work

The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
LinuksGuru
29 Aug 2017, 15:03

Hi,

I wrote this rule in firewall, and for whatever reason I can get access from Guest zone to these port in LAN.

config rule
    option src 'guest_zone'
    option dest 'lan'
    option name 'Guest2LanBlock'_NotWorking
    option proto 'tcp'
    option target 'DROP'
    option dest_port '777 10000'

However, this rule working:
    option src 'guest_zone'
    option dest *
    option name 'Guest2LanBlock_OK'
    option proto 'tcp'
    option target 'DROP'
    option dest_port '777 10000'

This rule, which in theory should completely prevent access from guest zone to LAN don't have any effect:
config rule
    option src 'guest_zone'
    option dest 'lan'
    option name 'Guest2LANdis'
    option target 'DROP'

How to solve this problem?
Thanks in advance for any suggestion(s).

(Last edited by LinuksGuru on 29 Aug 2017, 15:03)

Post #2
ulmwind
29 Aug 2017, 16:43

You should configure FORWARD chain, not regular rules. Change config rule to config forwarding.

The discussion might have continued from here.