If I add a rule without specifying a protocol, instead of one rule with protocol=all, two rules end up getting added to iptables. One for udp, and one for tcp. Icmp packets aren’t affected.
I tried to add a rule to block all traffic from br-lan_2 (VLAN 2) being forwarded to LAN zone.
I see with uci show:
firewall.@rule[11].name='isolate guest'
firewall.@rule[11].target='REJECT'
firewall.@rule[11].device='br-lan_2'
firewall.@rule[11].direction='in'
firewall.@rule[11].src='lan'
firewall.@rule[11].dest='lan'
I see with iptables -vL:
2 180 zone_lan_dest_REJECT tcp -- br-lan_2 any anywhere anywhere /* !fw3: isolate guest */
0 0 zone_lan_dest_REJECT udp -- br-lan_2 any anywhere anywhere /* !fw3: isolate guest */
If I do: uci set firewall.@rule[11].proto=‘all’
and restart the firewall, I see instead:
0 0 zone_lan_dest_REJECT all -- br-lan_2 any anywhere anywhere /* !fw3: isolate guest */
Am I correct this a bug?