Use post-firewall, there is no other way. In the post-firewall script you could completely flush exsisting rules and then add your own.
My Prob:
WAN-Cable ist unplugged, I create my own iptables ruleset
-> drop everything on WAN (eth1)
I plug in the WAN cable -> a script is started installing the default rules made by asus(?)
-> my WAN gets opened (policy to ACCEPT), although I changed FW-Rules to drop->and i can receive my IP and other stuff (I want to block)
how can I disable that script or create my own ruleset to getting loaded
(no post-firewall but instead firewall!)
in the gateway/rc dir there is a firewall_ex.c containing some data...but I dont know how to edit it
WL-500g, FW 1.9.2.7-3b
Use post-firewall, there is no other way. In the post-firewall script you could completely flush exsisting rules and then add your own.
It seems the default rules are somehow hardcoded to the file
rc/firewall_ex.c
If it's the case: would it be possible to add somewhere something
i.e.: if there is an existing rc/myfirewall.sh file containing my prefered ruleset, it will be compiled instead of the hardcoded one?