3 Oct
2022
3 Oct
'22
12:39 p.m.
All,
FYI if you upgrade an OpenWrt node to 22.03.0 with a dynamic firewall script. The script
will need to be updates to nftables.
In addition, I am running on x86_64, but those who use consumer hardware may experience
loads when iptables rules were in the Wiki versus "ipset" (which is an iptables
feature). See the archives about that issue.
On larger sets of IPs, the load times are slower. I'm not sure if that's due to
our routing table already being in a "least-specific" notation. Nonetheless, if
anyone wishes to try, feel free to have me as a resource during your upgrade. If anyone
want to test installing the additional needed packages to continue using, let me know too
for documenting to the Wiki. I can test on consumer software too - and you can forward the
routes to it using the setting in ampr-ripd.
--
73,
- Lynwood
KB3VWG
4 Oct
4 Oct
6:13 p.m.
All,
Here is a test script - updated for OpenWrt 22.03.0. Thanks to all on the 44list who
previously worked on the iptables/ipset version in the Wiki now. Feel free to ask me any
questions, provide feedback, etc. Any OpenWrt operators, please let me know the
performance of this script, so I can update the Wiki. No additional packages should be
needed (except the the C/C++ library already required to run ampr-ripd).
#!/bin/sh# load encap.txt into ipipfilter list
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
cd /var/lib/ampr-ripd || exit 1
#ipset -N ipipfilter hash:ip 2>/dev/null#ipset flush ipipfilter#ipset -A ipipfilter
169.228.34.84
nft flush set inet fw4 ipipfilternft add element inet fw4 ipipfilter { 169.228.34.84 }
grep addprivate encap.txt | sed -e 's/.*encap //' | sort -u | while read ipdo
nft add element inet fw4 ipipfilter { $ip }done
--
73,
- Lynwood
KB3VWG
6:15 p.m.
Old comments removed:
#!/bin/sh# load encap.txt into ipipfilter list
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
cd /var/lib/ampr-ripd || exit 1
nft flush set inet fw4 ipipfilter
nft add element inet fw4 ipipfilter { 169.228.34.84 }
grep addprivate encap.txt | sed -e 's/.*encap //' | sort -u | while read ipdo
nft add element inet fw4 ipipfilter { $ip }done
781
days inactive
782
days old
2 comments
1 participants
participants (1)
-
lleachii@aol.com