Author Topic: Firewall Rules Under Status-> Firewall, how to change on web interface (Read 6424 times)

rhys100 · « **on:** September 05, 2015, 05:31:50 am »

Hi Guys, Under status-> firewall I can see heaps of rules. I was wondering how these cna be changed in the web interface. I thought they would be under Network-->firewall--> Traffic Rules - But they are not.

In particular I am trying to disable the Chain Reject rule below.

2 12 945.00 B REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

rhys100 · « **Reply #1 on:** September 09, 2015, 06:33:48 pm »

Rahaman · « **Reply #2 on:** September 10, 2015, 03:20:33 am »

Quote from: rhys100 on September 05, 2015, 05:31:50 am

In particular I am trying to disable the Chain Reject rule below.
2 12 945.00 B REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Hey ..!!!
You can't change from Web Interface, but there is a way to delete this rule by using A+ console.
--> For Temporary purpose - just use bellow command (After reboot the rules will come again )
iptables --table filter -D reject --jump REJECT --reject-with port-unreach
--> For Permanent - Put that same command in /etc/rc.local file.(check the picture for reference)
To do that, get your A+ console and open the file using VI editor like vi /etc/rc.local
append that command into that file save it and reboot your A+. It will delete that rules from firewall rules

rhys100 · « **Reply #3 on:** September 10, 2015, 04:26:22 am »

Hi, I have done that, saved and rebooted, but still can't seem to ping the router from external source. Any other ideas?

Rahaman · « **Reply #4 on:** September 10, 2015, 06:19:42 am »

Quote from: rhys100 on September 10, 2015, 04:26:22 am

Hi, I have done that, saved and rebooted, but still can't seem to ping the router from external source. Any other ideas?

ok...!!!
Make sure that rule got deleted.
And tell me about your issue in detail I will try to solve.

rhys100 · « **Reply #5 on:** October 06, 2015, 08:18:52 am »

We worked out a solution, if anyone else if trying to do this here is the answer.

How to implement a permanent fix that does not remove ICMP ping every restart.
Please edit your RC.local file to include
iptables --table filter -D reject --jump REJECT --reject-with port-unreach
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1024 -s 0.0.0.0 -j DROP
iptables -A INPUT -i eth0 -p udp --destination-port 1:1024 -s 0.0.0.0 -j DROP
My rc.local file now looks like this.

/etc/init.d/d2 stop
/etc/d2/d2.remove
/etc/init.d/mrd6 stop
/etc/init.d/pppoe-server stop
iptables --table filter -D reject --jump REJECT --reject-with port-unreach
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1024 -s 0.0.0.0 -j DROP
iptables -A INPUT -i eth0 -p udp --destination-port 1:1024 -s 0.0.0.0 -j DROP

Please let us know if you find any error or security problem with this. Thanks!

Author Topic: Firewall Rules Under Status-> Firewall, how to change on web interface (Read 6424 times)

rhys100

Firewall Rules Under Status-> Firewall, how to change on web interface

rhys100

Re: Firewall Rules Under Status-> Firewall, how to change on web interface

Rahaman

Re: Firewall Rules Under Status-> Firewall, how to change on web interface

rhys100

Re: Firewall Rules Under Status-> Firewall, how to change on web interface

Rahaman

Re: Firewall Rules Under Status-> Firewall, how to change on web interface

rhys100

Re: Firewall Rules Under Status-> Firewall, how to change on web interface