iptables

📌 Skynet v8 - Router Firewall & Security Enhancements The largest upgrade in Skynet’s 11-year history Built exclusively for ASUSWRT-Merlin, Skynet v8 delivers a fully modernised codebase with major performance, reliability, and maintainability improvements - while keeping the familiar...

I have the following configuration / setup on my router: Setup 1x OpenVPN client via user Merlin user interface Setup 5x Wireguard VPN clients via the Merlin user interface Router setup as an exit node for Tailscale (via tailmon) Use VPN director to route Tailscale IPv4s into VPN tunnels with...

Hello everyone, I am experiencing a security issue with the Asus RT-BE88U router (firmware 3006.102.4) when using the built-in WireGuard VPN client. The native Kill Switch seems ineffective: It blocks DNS requests, But the WAN IP address remains exposed as soon as the VPN tunnel drops...

UPDATE: Inter-VLAN connectivity is possible by introducing new iptables rules. This was quite simple and has been working well. However, the new rules aren't persistent, they get wiped and have to be added again every time the router reboots or is turned off. Including the refresh it does after...

hi, I have GT-AXE16000 with Merlin's 3004.388.8_2 FW, and recently I figured out that Netflix app on my LG smart TV doesnt want to use my Adguard DNS and sends DNS requests directly to 8.8.8.8. Somehow DNS Director works bad with my setup, so I blocked 8.8.8.8 using Network Services Filter...

Hello At the moment I occasionally have the problem with the Asus RT-AC 86U (Merlin 386.14) that although the ovpn connection is running in the router, the ISP IP is displayed on the PC (Linux Mint 21.3) during the IP check (https://www.dein-ip-check.de). If I then restart the connection in the...

While testing out an AdGuard Home instance on a Docker container, it failed to reach upstream TLS servers. Upon closer inspection, I traced the packets back to the AX86U router IPTables. There is a chain called "DNSFILTER_DOT" that is blocking any packet on port 853 that is not destined for...

to expand on the title, I keep making rules however when I go to check them they arent there. Are they being overwritten by AMTM scripts? I can list what I have installed if this is a possibility

I have a wgclient-start (and its wgclient-stop counterpart) with some iptables rules to modify a nat. It works as expected when enabling/disabling wg client. However, after router (RT-AX86U with 388.2_2) reboot, all iptables rules set by the script are missing though the script has been...

This might just be an iptables thing, but I can't figure it out. Short version: I'm trying to forward packets from a VPS to the router over wireguard (router is client) and forward them to the correct device on the LAN. I have a setup that I'm trying to carry over from my old DD-WRT router...

Due to my ISP forcing me to use their router if I want to use their bundled VOIP service, since upgrading to FTTP I now have to have my ASUS sitting behind my ISP's router. Annoyingly they don't allow their router to run in a bridged mode. As much as I can I have tried to make it a native...

Hi all, on my 2 RT-AC86U whenever I face a connectivity re-connect (also done from the scmerlin add-on Internet Connection restart action) or a VPN change (e.g., updating and saving the IPSec VPN Server config) restart the firewall then every service on the router is properly working (Unbound...

Hi folks! Trying to set a rule on iptables for nat permanently but no luck ? iptables -t nat -A POSTROUTING -s 10.2.0.0/24 -o br0 -j MASQUERADE I tried using iptables-save -t nat or just iptables-save but still no success and every changes will disappear after restarting ?? any ideas how I...

Hi! I’m allowing access to my OpenVPN server only for predefined ipset via rewriting existing iptables rules using openvpn-event user script. What I’m currently doing: in openvpn-event I’m rewriting standard openvpn rule like: if iptables -C INPUT -p $proto -m $proto --dport $server_port -j...

I’ve been having all sorts of issues with SkyNet lately — not sure what’s going on. Can someone assist me with the above error message? Please & thank you.

It looks like it's been this way forever, but why does DNSFilter use the mangle table to drop IPv6 traffic? Generally, the mangle table is only for mangling packet headers, not dropping them. Seems this would be better suited for the filter table. Probably a moot point with newer routers...

Hi, I have an Asus RT-AX58U with Merlin. Thanks to another post in this forum, I managed to create a new bridge (br100), and isolate it from my LAN (br0). I managed to allow only specific traffic from br0 to br100. It works fine. But, yesterday, I realized that while I'm connected through VPN...

Hi! I'm new here, I just installed Asuswrt-merlin on my RT-AX58U. I've configured OpenVPN and everything is working fine, I created multiple users and assigned static IPs using this guide. Now, I would like to configure some rules using iptables to achieve this: - Only two users can access the...

Hi everyone, playing a bit with log management / analysis and potential feedback loop to live firewall rules. Call it a poor man tinkerer IDS/IPS :D I have a fairly simple setup with RT-AC88U (with Skynet) using port forwarding rules on ports 80 and 443, redirecting to a Docker-ised rPi4...

Hi, so this came up in my other thread, but I wanted to start a new one since it's a separate issue and I like separation of concerns :) . I want to make it so that, for one of my guest networks, the 2.4GHz segment (.14 subnet) can talk to the 5GHz segment (.15 subnet) and vice-versa, without...