OpenWrt Forum Archive

Topic: Disable firewall in firmware

The content of this topic has been archived on 14 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
redd_llining
20 Jan 2018, 15:52

I want to create my own firmware for Tp-Link TL-WR740N V2 and i have the config files saved from the router. The only part i am unsure about is how to disable firewall within the firmware itself. My configuration depends on disabling firewall so if i dont disable the firewall i cant connect to the remote router. Is there any way to disable the firewall so when i flash the firmware it doesn't start on the boot? I know about the "init.d firewall disable" but how can i execute it when the router boots up after the firmware flash. Thank you.

Post #2
nozombian
23 Jan 2018, 09:12

Hi, I have not testeded this, but this could work:

git clone openwrt (or git pull, if you already have it cloned)
./scrpits/feeds/update -a and install -a
Either 1. you can compile without firewall package (uncheck firewall in menuconfig) in case you won't need firewall at all (dumb ap),
or 2. you can edit the default firewall:
vi package/network/config/firewall/files/firewall.config
where I'd uncomment

# port redirect of remapped ssh port (22001) on wan
config redirect
       option src              wan
       option src_dport        22001
       option dest             lan
       option dest_port        22
       option proto            tcp

Then make menuconfig, make, flash into router and login to ssh on port 22001 (on wan port), and do whatever you want to do (pscp your config files, disable firewall, etc).

Be sure to check if your changes are still there each time you do git pull or scripts feeds update & install, they can be overwritten.

(Last edited by nozombian on 23 Jan 2018, 12:43)

Post #3
cvmiller
24 Jan 2018, 00:12

An easier solution is to just put the command(s) you want to run at boot up time in /etc/rc.local

Post #4
nozombian
24 Jan 2018, 08:32
cvmiller wrote:

An easier solution is to just put the command(s) you want to run at boot up time in /etc/rc.local

He claimed he is doing custom firmware, so I reckon he will compile that ;-) It's better to flash firmware with a backdoor, especially when you are doing this remotely, because you will not lose your router and it saves you the trip. You can even flash router with factory firmware this way. Also config compiled to firmware will survive reset to defaults (firstboot).

rc.local approach is also possible, it is located in package/base-files/files/etc/rc.local (add /etc/init.d/firewall stop), but it does not make much sense to let firewall start by default and stop it right away.

Post #5
cvmiller
26 Jan 2018, 20:10

I don't disagree that it isn't efficient to stop the firewall, right after it starts, but in the larger scheme of things, it isn't a big thing (unless you are rebooting your router every 5 minutes).

The discussion might have continued from here.