All, This is the updated dynamic firewall script for OpenWrt 22.03 >= 22.03. This script will not reload firewall counters upon processing new endpoints into the set. Please be advised - a firewall bug on the release version will not recognize empty or missing files - and hence keeps this from working without an upgrade of the firewall. The script posted in the original email (attached below), contains the script that will work without the patch. You may run the following to patch OpenWrt and use this:
opkg update; opkg upgrade firewall4reboot
Reference: https://forum.openwrt.org/t/re-22-03-translate-extra-raw-firewall-rules/1406...
-- 73, -LynwoodKB3VWG-- #########################!/bin/sh# load encap.txt into ipipfilter list PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" cd /tmp || exit 1 ########################### rm /tmp/ipip_filter.txt echo 169.228.34.84 >> /tmp/ipip_filter.txt grep addprivate /var/lib/ampr-ripd/encap.txt | sed -e 's/.*encap //' | sort -u | while read ipdo echo $ip >> /tmp/ipip_filter.txtdone fw4 reload-sets exit 0 ######################3 -------- Original message --------From: lleachii@aol.com Date: 10/4/22 19:15 (GMT-05:00) To: AMPRNet Working Group 44net@mailman.ampr.org Subject: Re: [44net] Re: [FYI] OpenWrt Nodes - 22.03.0 with dynamic firewall Old comments removed:
#!/bin/sh# load encap.txt into ipipfilter list PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" cd /var/lib/ampr-ripd || exit 1 nft flush set inet fw4 ipipfilter nft add element inet fw4 ipipfilter { 169.228.34.84 } grep addprivate encap.txt | sed -e 's/.*encap //' | sort -u | while read ipdo nft add element inet fw4 ipipfilter { $ip }done