| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| docs:guide-user:firewall:overview [2019/05/31 02:21] – [fw3 process control] changed communication to packets, removed reference to procd subsystem (fw3 is a separate binary no?) opensomewrtcan | docs:guide-user:firewall:overview [2020/10/27 16:16] – [fw3 process control] devnrand |
|---|
| * ''stop'': flush configuration rules from the kernel modules (they will not be unloaded) | * ''stop'': flush configuration rules from the kernel modules (they will not be unloaded) |
| * ''restart'', ''reload'': read the netfilter rules from the kernel, replace using the configuration files, and write back to the netfilter kernel modules. | * ''restart'', ''reload'': read the netfilter rules from the kernel, replace using the configuration files, and write back to the netfilter kernel modules. |
| | * ''flush'': (dangerous) delete all rules, delete non-default chains, and reset default policies to ''ACCEPT''. |
| |
| Behind the scenes, ''/etc/init.d/firewall'' then calls fw3, passing the argument to the binary. In some cases, the argument will be accompanied by additional flags to suppress log messages, or calls to internal functions as described above to verify the configuration files. | Behind the scenes, ''/etc/init.d/firewall'' then calls fw3, passing the argument to the binary. In some cases, the argument will be accompanied by additional flags to suppress log messages, or calls to internal functions as described above to verify the configuration files. |
| |
| :!: When invoking ''stop'', **only** the rules in the configuration files will be flushed. | :!: When invoking ''stop'', **only** the rules in the configuration files will be flushed. |
| Those rules automatically generated by ''fw3'' will be retained. If **all** the rules are flushed, | Those rules automatically generated by ''fw3'' will be retained. |
| and the default policy is set to ''DROP'' then all packets to, and forwarded by the router, would be dropped. Conversely, if the default policy is ''ACCEPT'', then the router would pass all packets to, or forward on, to the destination network, providing no security. | |
| | :!: If **all** the rules are flushed by invoking ''flush'', the default policy is set to ''ACCEPT'' and the router will pass all packets to, or forward on, to the destination network, providing **no security**. |
| |
| In cases where the router becomes inaccessible due to ''DROP'' set as the default policy, access can be restored through one of two methods: | In cases where the router becomes inaccessible due to ''DROP'' set as the default policy, access can be restored through one of two methods: |
| * Performing a [[docs:guide-user:troubleshooting:failsafe_and_factory_reset|Factory Reset]] | * Performing a [[docs:guide-user:troubleshooting:failsafe_and_factory_reset|Factory Reset]] |
| |
| | ===== fw3 references ===== |
| | Source Code on GitHub: [[https://github.com/gigibox/fw3/]] |