Securifi Community Forum
Securifi Products => Almond+ => Topic started by: Automate on November 16, 2015, 11:35:43 pm
-
What needs to be done to allow internet devices to ping the public (WAN) IP address of the Almond+?
-
Quick fix, won't last after a reboot
root@OpenWrt:~# uci add firewall rule
root@OpenWrt:~# uci set firewall.@rule[-1]._name=ping
root@OpenWrt:~# uci set firewall.@rule[-1].src=wan
root@OpenWrt:~# uci set firewall.@rule[-1].target=ACCEPT
root@OpenWrt:~# uci set firewall.@rule[-1].proto=ICMP
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# /etc/init.d/firewall restart
For it to work after a reboot, something along these lines.
https://forum.openwrt.org/viewtopic.php?id=19162
Hi Guys, we successfully (I + Almond + Staff member Saidur) implement a permanent fix for this that does not remove ICMP ping every restart.
Please edit your RC.local file to include
iptables --table filter -D reject --jump REJECT --reject-with port-unreach
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1024 -s 0.0.0.0 -j DROP
iptables -A INPUT -i eth0 -p udp --destination-port 1:1024 -s 0.0.0.0 -j DROP
My rc.local file now looks like this.
/etc/init.d/d2 stop
/etc/d2/d2.remove
/etc/init.d/mrd6 stop
/etc/init.d/pppoe-server stop
iptables --table filter -D reject --jump REJECT --reject-with port-unreach
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1024 -s 0.0.0.0 -j DROP
iptables -A INPUT -i eth0 -p udp --destination-port 1:1024 -s 0.0.0.0 -j DROP
-
@SecureComp Thanks, the RC.local file changes worked. I assume I'll have to do it again if I upgrade the firmware or do a factory reset.
-
@SecureComp Thanks, the RC.local file changes worked. I assume I'll have to do it again if I upgrade the firmware or do a factory reset.
Yes!!! you have to do it again.