Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:firewall:overview [2019/05/31 02:21] – [fw3 process control] changed communication to packets, removed reference to procd subsystem (fw3 is a separate binary no?) opensomewrtcandocs:guide-user:firewall:overview [2020/10/27 16:16] – [fw3 process control] devnrand
Line 53: Line 53:
   * ''stop'': flush configuration rules from the kernel modules (they will not be unloaded)   * ''stop'': flush configuration rules from the kernel modules (they will not be unloaded)
   * ''restart'', ''reload'': read the netfilter rules from the kernel, replace using the configuration files, and write back to the netfilter kernel modules.   * ''restart'', ''reload'': read the netfilter rules from the kernel, replace using the configuration files, and write back to the netfilter kernel modules.
 +  * ''flush'': (dangerous) delete all rules, delete non-default chains, and reset default policies to ''ACCEPT''.
  
 Behind the scenes, ''/etc/init.d/firewall'' then calls fw3, passing the argument to the binary. In some cases, the argument will be accompanied by additional flags to suppress log messages, or calls to internal functions as described above to verify the configuration files. Behind the scenes, ''/etc/init.d/firewall'' then calls fw3, passing the argument to the binary. In some cases, the argument will be accompanied by additional flags to suppress log messages, or calls to internal functions as described above to verify the configuration files.
  
 :!: When invoking ''stop'', **only** the rules in the configuration files will be flushed. :!: When invoking ''stop'', **only** the rules in the configuration files will be flushed.
-Those rules automatically generated by ''fw3'' will be retained.  If **all** the rules are flushed+Those rules automatically generated by ''fw3'' will be retained.   
-and the default policy is set to ''DROP'' then all packets to, and forwarded by the router, would be dropped. Converselyif the default policy is ''ACCEPT'', then the router would pass all packets to, or forward on, to the destination network, providing no security.+ 
 +:!: If **all** the rules are flushed by invoking ''flush'', the default policy is set to ''ACCEPT'' and the router will pass all packets to, or forward on, to the destination network, providing **no security**
  
 In cases where the router becomes inaccessible due to ''DROP'' set as the default policy, access can be restored through one of two methods: In cases where the router becomes inaccessible due to ''DROP'' set as the default policy, access can be restored through one of two methods:
Line 65: Line 67:
   * Performing a [[docs:guide-user:troubleshooting:failsafe_and_factory_reset|Factory Reset]]   * Performing a [[docs:guide-user:troubleshooting:failsafe_and_factory_reset|Factory Reset]]
  
 +===== fw3 references ===== 
 +Source Code on GitHub: [[https://github.com/gigibox/fw3/]]
  • Last modified: 2023/10/14 06:04
  • by vgaetera