Works normally for me. Can you describe your WAN configuration (what connection type, whether you use Dual WAN or not, etc...)
Also, see if running the following command over SSH generates any error message after Respond to ping is enabled:
Also, see if running the following command over SSH generates any error message after Respond to ping is enabled:
Code:
iptables-restore --verbose /tmp/filter_rules
lqh280
New Around Here
I used Dual WAN mode. WAN and WAN1 (via lan1) used PPPoE Connect to ISP.
Just test again, and compared the file /tmp/filter_rules, the difference is as follows(MARK RED COLOR):
Option NO
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FUPNP - [0:0]
:SECURITY - [0:0]
Controls - [0:0]:NSFW - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
:SECURITY_PROTECT - [0:0]
-A INPUT -i ppp1 -p icmp --icmp-type 8 -j DROP
-A INPUT -p tcp -m multiport --dport 22 -j SECURITY_PROTECT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -p udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -m conntrack --ctstate DNAT -p tcp -m tcp -d 192.168.100.1 --dport 8443 -j ACCEPT
-A INPUT -m conntrack --ctstate DNAT -p tcp -m tcp -d 192.168.100.1 --dport 80 -j ACCEPT
-A INPUT -i ppp1 -p tcp --dport 22 -j ACCEPT
-A INPUT -p icmp ! --icmp-type 8 -j ACCEPT
........The following is the same as omitted........
Option YES
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FUPNP - [0:0]
:SECURITY - [0:0]
Controls - [0:0]:NSFW - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
:SECURITY_PROTECT - [0:0]
-A INPUT -p tcp -m multiport --dport 22 -j SECURITY_PROTECT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -p udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -m conntrack --ctstate DNAT -p tcp -m tcp -d 192.168.100.1 --dport 8443 -j ACCEPT
-A INPUT -m conntrack --ctstate DNAT -p tcp -m tcp -d 192.168.100.1 --dport 80 -j ACCEPT
-A INPUT -i test 5. cmd2=%s.
-p tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
........The following is the same as omitted........
Thanks. The issue might be specific to either ppp or Dual WAN.
I do see a garbled rule in your filter, sounds like a corrupted buffer in the code. I'll try to track it down. The weird thing is this specific string comes from the USB handling code, not the firewall code.
lqh280
New Around Here
Thanks for your hard work, hope to be able to repair in the next version.
Already fixed.
lqh280
New Around Here
Thank you, and How should I fix it? or wait for 380.66_5 Update?
380.67 release. 380.66_ only gets updates for major issues, such as security fixes.
In the meantime, disabling SSH Brute Force Protection will prevent the issue.
lqh280
New Around Here
Thanks, wait for 380.67 release.
Similar threads
Similar threads
Similar threads
-
Asus AX88u slow on 2.4ghz wifi on certain devices
- Started by Zacharybinx34
- Replies: 9
-
-
-
-
-
-
Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware
- Started by psimaker
- Replies: 9
-
802.1q VLAN tagging menu missing for WAN interface (Asus RT-AX86U Pro)
- Started by Michael Levi Hillel
- Replies: 4
-
WiFi issues with latest version 388.8_2 on ASUS RT-AX88U
- Started by nimlaor
- Replies: 7
-
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
- Started by B0GDAN
- Replies: 1