-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FW4 forward chains jump to wrong chain by default #43
Comments
This rule is meant to control traffic among interfaces in the same zone. This jump determines if traffic from an interface in the zone is allowed to go back out to any other interface in the zone. In my opinion, the naming is correct. |
Hi. Thank you for your replies. Id like to know if I am misunderstanding something here. If I create following rule (in LuCI):
it shows up in nft rules like this:
My understanding is that lan and wan in this case are different zones, so chain forward_lan is not controlling only traffic among interfaces in the same zone. I have set forwarding lan to wan to reject. |
If you had a LAN to WAN forward, there would be a |
in "/usr/share/firewall4/templates/ruleset.uc" line 252 creates wrong last rule for all forward chains. For example forward_lan chain jumps to reject_to_lan or accept_to_lan. As this traffic is coming from lan, these rules are wrong.
Expected behaviour:
jump to chain handling traffic coming from zone
Current behaviour:
jump to chain handling traffic going to zone
Possible solution:
-jump {{ zone.forward }}to{{ zone.name }}
+jump {{ zone.forward }}from{{ zone.name }}
Noticed and tested on OpenWrt 24.10.0-rc5
firewall4/root/usr/share/firewall4/templates/ruleset.uc
Line 252 in 18fc0ea
The text was updated successfully, but these errors were encountered: