On an AC87R with the latest public firmware (3.0.0.4.378_9460) and a AC68U on older firmware (3.0.0.4.380_1031) my firewall-start scripts no longer automatically run.
I can clear the syslog, reboot the router, and see that the logger line is not added and also that the /tmp file is not created. If I execute the script from the command line the log and the file both appear, and ebtables-L shows that the 'real' parts of the script still execute as they used to.
The file is owned by root and the firmware update process didn't reset execution flags...
And my script for reference...
And through the UI I have verified that the Firewall page still has the firewall enabled. I even toggled it off (and hit 'apply') then toggled it back on and still the log (and an ebtables -L) doesn't show my script getting executed.
I can clear the syslog, reboot the router, and see that the logger line is not added and also that the /tmp file is not created. If I execute the script from the command line the log and the file both appear, and ebtables-L shows that the 'real' parts of the script still execute as they used to.
The file is owned by root and the firmware update process didn't reset execution flags...
Code:
admin@(none):/jffs/scripts# ls -lag
drwxrwxrwx 2 root 0 Mar 2 20:50 .
drwxr-xr-x 7 root 0 Mar 2 21:00 ..
-rwxrwxrwx 1 root 592 Mar 2 20:54 firewall-start
And my script for reference...
Code:
#!/bin/sh
DIR=/tmp
DATE=$(date +"%Y-%m-%d-%H%M%S")
NAME=`basename $0`
mkdir -p $DIR
touch $DIR/$DATE-$NAME
logger -t "FIREWALL-START" "adding openvpn dhcp rules"
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
And through the UI I have verified that the Firewall page still has the firewall enabled. I even toggled it off (and hit 'apply') then toggled it back on and still the log (and an ebtables -L) doesn't show my script getting executed.