Hi i insert a rule in iptables output but when i reboot router, that rule vanish. How can i save forever that rule ...

example:
iptables -A OUTPUT -p tcp --sport 515 -j DROP

onother question is ... when i portscan +icmp router it grabs 82 udp ports how can i denny that without compromising DCHP and other request from my ISP ? ICMP 0 8 ?

thanx,
Sérgio Machado

Originally posted by Kronos
Hi i insert a rule in iptables output but when i reboot router, that rule vanish. How can i save forever that rule ...

example:
iptables -A OUTPUT -p tcp --sport 515 -j DROP

onother question is ... when i portscan +icmp router it grabs 82 udp ports how can i denny that without compromising DCHP and other request from my ISP ? ICMP 0 8 ?

thanx,
Sérgio Machado

please use the search function first,
also supply us with more information we can not just know which firmware version you are using..
and how do you perform the portscan ? from GRC.COM with shieldsup ?

1.7.5.6rc2 my firmware

i use superscan4 with the scan option tcp syn and udp + ICMP request

use the nvram thing (yes use the search) to perform bootup command's

how do you portscan.. from your local network or from a friends house or something like that?

if from internal network it is not relevant what it shows..

if i spoof internal adress it's relevant ;).

It's shows internaly ...

by the way this rc2 is nice the asus "stable" release still got too many bugs.

Thanx,
Sérgio Machado

nvram set echo >> iptables -A OUTPUT -p tcp --sport 515 -j DROP
-sh: cannot create iptables: Permission denied

whell here is the problem i change permission on /dev/nvram but still the sabe error ...

Once again how can i save "forever" for exmaple one iptable rule ...

Originally posted by Kronos
nvram set echo >> iptables -A OUTPUT -p tcp --sport 515 -j DROP
-sh: cannot create iptables: Permission denied

whell here is the problem i change permission on /dev/nvram but still the sabe error ...

Once again how can i save "forever" for exmaple one iptable rule ...

use the ....ing search

http://wl500g.info/showthread.php?s=&threadid=113



This firmware has also an ability to execute arbitrary commands during the boot. You just need to put such a commands (all prefixed with bootCmd) to the nvram. Something like this:

nvram set bootCmd0="/usr/sbin/wl -i eth2 txpwr 50"
nvram set bootCmd1="/mnt/usbfs/init"

Also you need to commit this using

nvram commit

Then just reboot your wl500g, and check /tmp/bootCmd.log for the output messages if any.

Thanx Antiloop, well i was a litle bit blind ...

one more question, i have to increment cmd ?

ex: nvram set bootCmd0="/usr/sbin/iptables -I OUTPUT -p tcp --sport 515 -j DROP"

nvram set bootCmd1="/usr/sbin/iptables...

reboot
then if i want another command ...

nvram set bootCmd3="/usr/sbin/wl -i eth2 txpwr 50"

i have always to increment cmd or is once per session ?

Thanx for the help :)

correct you always have to increment, ofcourse they are executed in order from 0 till 9 (or 10..)

so if you want change it, you should overwrite it.. etc.

also be sure to do always 'nvram commit' after changing/adding thing in the nvram