Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:dns_ipset [2023/03/30 20:20] – [Troubleshooting] vgaetera | docs:guide-user:firewall:fw3_configurations:dns_ipset [2023/10/15 06:58] – update vgaetera | ||
|---|---|---|---|
| Line 31: | Line 31: | ||
| for IPV in 4 6 | for IPV in 4 6 | ||
| do | do | ||
| - | uci -q delete firewall.filter${IPV%4}_fwd | + | uci -q delete firewall.fwd_filter${IPV%4} |
| - | uci set firewall.filter${IPV%4}_fwd=" | + | uci set firewall.fwd_filter${IPV%4}=" |
| - | uci set firewall.filter${IPV%4}_fwd.name=" | + | uci set firewall.fwd_filter${IPV%4}.name=" |
| - | uci set firewall.filter${IPV%4}_fwd.src=" | + | uci set firewall.fwd_filter${IPV%4}.src=" |
| - | uci set firewall.filter${IPV%4}_fwd.dest=" | + | uci set firewall.fwd_filter${IPV%4}.dest=" |
| - | uci set firewall.filter${IPV%4}_fwd.proto=" | + | uci set firewall.fwd_filter${IPV%4}.proto=" |
| - | uci set firewall.filter${IPV%4}_fwd.family=" | + | uci set firewall.fwd_filter${IPV%4}.family=" |
| - | uci set firewall.filter${IPV%4}_fwd.ipset=" | + | uci set firewall.fwd_filter${IPV%4}.ipset=" |
| - | uci set firewall.filter${IPV%4}_fwd.target=" | + | uci set firewall.fwd_filter${IPV%4}.target=" |
| done | done | ||
| uci commit firewall | uci commit firewall | ||
| Line 56: | Line 56: | ||
| <code bash> | <code bash> | ||
| # Restart services | # Restart services | ||
| - | / | + | service |
| # Runtime configuration | # Runtime configuration | ||
| Line 70: | Line 70: | ||
| * Navigate to **LuCI -> Network -> Firewall -> Traffic Rules -> Filter-IPset-DNS-Forward** to manage firewall rules. | * Navigate to **LuCI -> Network -> Firewall -> Traffic Rules -> Filter-IPset-DNS-Forward** to manage firewall rules. | ||
| * Navigate to **LuCI -> Network -> DHCP and DNS -> IP sets** to manage domains. | * Navigate to **LuCI -> Network -> DHCP and DNS -> IP sets** to manage domains. | ||
| + | Reboot the router to apply the changes. | ||
| ==== Manage domains ==== | ==== Manage domains ==== | ||
| Line 85: | Line 86: | ||
| # Save and apply | # Save and apply | ||
| uci commit dhcp | uci commit dhcp | ||
| - | ipset reset | + | ipset setup |
| </ | </ | ||
| Line 95: | Line 96: | ||
| for IPV in 4 6 | for IPV in 4 6 | ||
| do | do | ||
| - | uci add_list firewall.filter${IPV%4}_fwd.src_mac=" | + | uci add_list firewall.fwd_filter${IPV%4}.src_mac=" |
| - | uci add_list firewall.filter${IPV%4}_fwd.src_mac=" | + | uci add_list firewall.fwd_filter${IPV%4}.src_mac=" |
| done | done | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 110: | Line 111: | ||
| for IPV in 4 6 | for IPV in 4 6 | ||
| do | do | ||
| - | uci set firewall.filter${IPV%4}_fwd.start_time=" | + | uci set firewall.fwd_filter${IPV%4}.start_time=" |
| - | uci set firewall.filter${IPV%4}_fwd.stop_time=" | + | uci set firewall.fwd_filter${IPV%4}.stop_time=" |
| - | uci set firewall.filter${IPV%4}_fwd.weekdays=" | + | uci set firewall.fwd_filter${IPV%4}.weekdays=" |
| done | done | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| Line 124: | Line 125: | ||
| # Reorder firewall rules | # Reorder firewall rules | ||
| cat << " | cat << " | ||
| - | nft list chain inet fw4 forward \ | + | ER_RULE=" |
| - | | sed -e "/ | + | | sed -n -e "/ |
| - | / | + | RJ_RULE=" |
| - | i $(nft list chain inet fw4 forward \ | + | | sed -n -e "/\shandle_reject\s/p")" |
| - | | sed -n -e "/\sestablished, | + | nft delete rule inet fw4 forward |
| - | 1i flush chain inet fw4 forward" \ | + | nft insert rule inet fw4 forward position ${RJ_RULE## |
| - | | nft -f - | + | |
| EOF | EOF | ||
| uci -q delete firewall.estab | uci -q delete firewall.estab | ||
| Line 136: | Line 136: | ||
| uci set firewall.estab.path="/ | uci set firewall.estab.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||