2

I have a tp-link router with openwrt. I have 2 iptables rules to block P2P connections. The blockings working fine, but now I need a rule to allow traffic to/from a specific IP.

my blocking rules:

iptables -I FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP
iptables -I FORWARD -m string --string ".torrent" --algo bm -j DROP

I add this rule:

iptables -I FORWARD -s 192.168.64.XX -j ACCEPT
iptables -I FORWARD -d 192.168.64.XX -j ACCEPT

but doesn't work.

I tried with little modifications:

iptables -A FORWARD -s 192.168.64.XX -j ACCEPT
iptables -A FORWARD -d 192.168.64.XX -j ACCEPT

Still doesn't work. I restarted the router after every rule change.

Now I can't see my modifications in the firewall, I only see this:

Chain FORWARD (Policy: DROP, Packets: 0, Traffic: 0.00 B)
Rule #  Pkts.   Traffic Target  Prot.   Flags   In  Out Source  Destination Options
1   0   0.00 B  DROP    all --  *   *   0.0.0.0/0   0.0.0.0/0   STRING match ".torrent" ALGO name bm TO 65535
2   96  10.39 KB    DROP    all --  *   *   0.0.0.0/0   0.0.0.0/0   STRING match "BitTorrent protocol" ALGO name bm TO 65535

What did I do wrong?

Rohit Gupta
  • 356
  • 2
  • 4
  • 14
Amand Hoffmann
  • 21
  • 1
  • 2

1 Answers1

0

Rules added by hand with iptables do not survive a reboot, unless the init system takes care of saving and restoring them between boots. I don't think openwrt does that in its default configuration.

Look for another place to add custom firewall rules. Maybe /etc/config/firewall ?

Details on the configuration format are here: https://wiki.openwrt.org/doc/uci/firewall

b0fh
  • 3,313
  • 1
  • 21
  • 32
  • Lol, my bad, i type the rule command with L, but that's an I :D Now i restarted the firewall with /etc/init.d/firewall restart and working fine ;) – Amand Hoffmann Sep 12 '17 at 10:43