Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:bridge [2023/09/17 18:49] – [Command-line instructions] vgaetera | docs:guide-user:firewall:fw3_configurations:bridge [2023/10/14 05:41] – use service invocation vgaetera | ||
|---|---|---|---|
| Line 11: | Line 11: | ||
| ===== Command-line instructions ===== | ===== Command-line instructions ===== | ||
| + | Assuming a setup with bridged LAN and WAN interfaces. | ||
| Install the required packages. | Install the required packages. | ||
| Enable bridge firewall intercepting DNS queries and filtering transit traffic from '' | Enable bridge firewall intercepting DNS queries and filtering transit traffic from '' | ||
| Line 30: | Line 31: | ||
| nft flush table bridge filter | nft flush table bridge filter | ||
| nft add chain bridge filter prerouting \ | nft add chain bridge filter prerouting \ | ||
| - | { type filter hook prerouting priority | + | { type filter hook prerouting priority |
| - | nft add rule bridge filter prerouting | + | nft add rule bridge filter prerouting meta \ |
| - | set host ether daddr set "${NET_MAC}" comment " | + | l4proto |
| - | nft add rule bridge filter prerouting udp dport 53 meta pkttype \ | + | ether daddr set " |
| - | set host ether daddr set " | + | |
| nft add chain bridge filter forward \ | nft add chain bridge filter forward \ | ||
| - | { type filter hook forward priority | + | { type filter hook forward priority |
| - | nft add rule bridge filter forward | + | nft add rule bridge filter forward iifname " |
| - | iifname " | + | oifname " |
| EOF | EOF | ||
| uci -q delete firewall.bridge | uci -q delete firewall.bridge | ||
| Line 44: | Line 44: | ||
| uci set firewall.bridge.path="/ | uci set firewall.bridge.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 57: | Line 57: | ||
| <code bash> | <code bash> | ||
| # Log and status | # Log and status | ||
| - | / | + | service |
| # Runtime configuration | # Runtime configuration | ||
| Line 66: | Line 66: | ||
| uci show firewall | uci show firewall | ||
| </ | </ | ||
| + | |||
| + | ===== Extras ===== | ||
| + | ==== References ==== | ||
| + | * [[https:// | ||
| + | * [[https:// | ||