共计 1222 个字符,预计需要花费 4 分钟才能阅读完成。
在 menuconfig 里,似乎已经没有 iptables 能选了,openwrt 的 nftable 不知道是版本精简还是我自己语法问题..
root@openwrt:~# nft add table trouter
root@openwrt:~#
root@openwrt:~#
root@openwrt:~#
root@openwrt:~# nft add chain trouter icmp_filter {type filter hook input priority 0 ;}
root@openwrt:~# nft add rule trouter icmp_filter iifname "eth0" icmp type echo-request drop
root@openwrt:~#
root@openwrt:~#
root@openwrt:~# nft add rule trouter icmp_filter iifname "br-lan" icmp type echo-request drop
root@openwrt:~#
root@openwrt:~#
root@openwrt:~# nft add rule trouter input iifname {"eth0", "br-lan"} icmp type echo-request counter jump icmp_filter
Error: Could not process rule: No such file or directory
add rule trouter input iifname {eth0, br-lan} icmp type echo-request counter jump icmp_filter
^^^^^
root@openwrt:~#
root@openwrt:~# nft add rule trouter input iifname eth0,br-lan icmp type echo-request counter jump icmp_filter
Error: Basetype of type network interface name is not bitmask
add rule trouter input iifname eth0,br-lan icmp type echo-request counter jump icmp_filter
^^^^
root@openwrt:~#
root@openwrt:~# nft add rule trouter input iifname {eth0, br-lan} icmp type echo-request counter jump icmp_filter
Error: Could not process rule: No such file or directory
add rule trouter input iifname {eth0, br-lan} icmp type echo-request counter jump icmp_filter
^^^^^
root@openwrt:~#
root@openwrt:~#
要是 iptables,这事情早结束了。。。。
正文完
