All,
This is the updated dynamic firewall script for OpenWrt 22.03 >= 22.03. This script
will not reload firewall counters upon processing new endpoints into the set.
Please be advised - a firewall bug on the release version will not recognize empty or
missing files - and hence keeps this from working without an upgrade of the firewall. The
script posted in the original email (attached below), contains the script that will work
without the patch.
You may run the following to patch OpenWrt and use this:
opkg update; opkg upgrade firewall4reboot
Reference:
https://forum.openwrt.org/t/re-22-03-translate-extra-raw-firewall-rules/140…
--
73,
-LynwoodKB3VWG--
#########################!/bin/sh# load encap.txt into ipipfilter list
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
cd /tmp || exit 1
###########################
rm /tmp/ipip_filter.txt echo 169.228.34.84 >> /tmp/ipip_filter.txt
grep addprivate /var/lib/ampr-ripd/encap.txt | sed -e 's/.*encap //' | sort -u |
while read ipdo echo $ip >> /tmp/ipip_filter.txtdone
fw4 reload-sets
exit 0
######################3
-------- Original message --------From: lleachii(a)aol.com Date: 10/4/22 19:15 (GMT-05:00)
To: AMPRNet Working Group <44net(a)mailman.ampr.org> Subject: Re: [44net] Re: [FYI]
OpenWrt Nodes - 22.03.0 with dynamic firewall
Old comments removed:
#!/bin/sh# load encap.txt into ipipfilter list
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
cd /var/lib/ampr-ripd || exit 1
nft flush set inet fw4 ipipfilter
nft add element inet fw4 ipipfilter { 169.228.34.84 }
grep addprivate encap.txt | sed -e 's/.*encap //' | sort -u | while read ipdo
nft add element inet fw4 ipipfilter { $ip }done