Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:bridge [2023/09/17 16:02] – [Testing] vgaetera | docs:guide-user:firewall:fw3_configurations:bridge [2023/10/14 05:41] – use service invocation vgaetera | ||
|---|---|---|---|
| Line 11: | Line 11: | ||
| ===== Command-line instructions ===== | ===== Command-line instructions ===== | ||
| + | Assuming a setup with bridged LAN and WAN interfaces. | ||
| Install the required packages. | Install the required packages. | ||
| - | Enable bridge firewall intercepting DNS queries. | + | Enable bridge firewall intercepting DNS queries |
| <code bash> | <code bash> | ||
| Line 29: | Line 30: | ||
| nft add table bridge filter | nft add table bridge filter | ||
| nft flush table bridge filter | nft flush table bridge filter | ||
| + | nft add chain bridge filter prerouting \ | ||
| + | { type filter hook prerouting priority dstnat\; } | ||
| + | nft add rule bridge filter prerouting meta \ | ||
| + | l4proto { tcp, udp } th dport 53 pkttype set host \ | ||
| + | ether daddr set " | ||
| nft add chain bridge filter forward \ | nft add chain bridge filter forward \ | ||
| - | { type filter hook prerouting | + | { type filter hook forward |
| - | nft add rule bridge filter forward | + | nft add rule bridge filter forward |
| - | meta pkttype set host ether daddr set "${NET_MAC}" | + | oifname |
| - | nft add rule bridge filter forward udp dport 53 \ | + | |
| - | meta pkttype set host ether daddr set "${NET_MAC}" | + | |
| EOF | EOF | ||
| uci -q delete firewall.bridge | uci -q delete firewall.bridge | ||
| Line 40: | Line 44: | ||
| uci set firewall.bridge.path="/ | uci set firewall.bridge.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| - | ===== Testing ===== | ||
| Set up [[docs: | Set up [[docs: | ||
| - | Use [[man> | + | |
| + | ===== Testing ===== | ||
| + | Use [[man> | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| Line 52: | Line 57: | ||
| <code bash> | <code bash> | ||
| # Log and status | # Log and status | ||
| - | / | + | service |
| # Runtime configuration | # Runtime configuration | ||
| lsmod | grep -e bridge | lsmod | grep -e bridge | ||
| - | nft list table bridge filter | + | nft list ruleset |
| # Persistent configuration | # Persistent configuration | ||
| uci show firewall | uci show firewall | ||
| </ | </ | ||
| + | |||
| + | ===== Extras ===== | ||
| + | ==== References ==== | ||
| + | * [[https:// | ||
| + | * [[https:// | ||