![]() I hope someone can help me with this problem In addition "limit", fwbuilder also supports module "hashlimit" which can be used to build even more complex throttling rules.Posted: Sun 19:57 Post subject: DD-WRT Firewall, Emule failing to connect These rules can be generated almost exactly by using corresponding options in the rule options dialog (double click in the column "Options" in the Policy rule set view to open the dialog). Rules described on use iptables module "limit" which is already supported in fwbuilder. If interface address is determined dynamically at the run time using nvram, then compiler can't use right chains and in general will generate iptables script of lower quality. ![]() Compiler needs to know ip addresses and netmasks of interfaces to properly identify rules that control access to the firewall and for other reasons. Anyway, I can add some automatic rules specific to DD-WRT but I need to know which exactly.Īs for taking ip address of interface from nvram, it is possible but at the price of loss of some intelligence in the fwbuilder policy compiler. Another important automatically generated rule in fwbuilder to permit ssh access from the management workstation. What are the "default "dd-wrt rules ? fwbuilder adds some automatic rules but not that many and these rules are very generic in nature, such as to match packets in states RELATED and ESTABLISHED or using TCPMSS target to fix MSS. ![]() I just started using dd-wrt and also fwbuilder, so might be seeing things the wrong way. Could that automatically be done by postprocessing the compiled rule set? This would aid in keeping the firewall rules consistent with nvram entries. I'm configuring my router for the first time, and have at the moment to do some research to check that the firewall i'm generating doesn't conflict with the settings set by the dd-wrt GUI.Īlso, instead of hardcoding IP, etc, maybe nvram entries might be used (if possible): e.g. What I think might be handy is if fwbuilder would add iptables rules such that the "defualt" dd-wrt rules are overriden in a sane way, that is without breaking the system, if that is possible. The programs which are availble might not have all the usual options (e.g. However, I think some of the programs are missing in the micro version. Please let me know if I can help you guysĪs far as I can tell most programs, like grep, are available on dd-wrt (mostly as links to busybox, at least in the version i'm using (mini)). I can make changes in the installer to optimize it for DD-WRT.Īre there popular features available in DD-WRT that I can add support for ? May be our built-in installer should work differently for DD-WRT? It has to do things very differently for Sveasoft where iptables script is saved in nvram rather than as a file on the filesystem. This can be fixed in the script, if necessary. It may be that grep is not there, or sed or something else. Sometimes small footprint embedded Linux does not have some command line tools used by the script generated by fwbuilder. (Note that path is configurable already, I just suggest making special configuration choice for DD-WRT that "knowns" what it should be). May be default path to command line tools used by generated script is wrong and needs to be changed ? This is very easy to implement but it would make the tool generate configuration ready right away for use on DD-WRT. Which method is preferred for the DD-WRT community? May be format of the generated script should be different ? Fwbuilder can generate iptables script that either uses iptables-restore or invokes iptables command for each rule, this is controlled by an option. I am posting this message into "Broadcom based hardware" forum as the most active, and "General questions" as the one that seem to fit best in the "Development" section. I am looking for suggestions from both developers and users of DD-WRT. The latest version of fwbuilder has many improvements in the GUI and rule engine and adds support for ipv6. I thought I would offer my help in case there is anything I can change in fwbuilder to make it work better with DD-WRT. ![]() Judging by the posts in this forum, it looks like fair number of DD-WRT users use fwbuilder. I am the author and project lead for Firewall Builder, firewall configuration and management software ( ) Posted: Mon 1:26 Post subject: How can I improve Firewall Builder - DD-WRT integration ?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |