firewall-start not running

[DPattee]

On an AC87R with the latest public firmware (3.0.0.4.378_9460) and a AC68U on older firmware (3.0.0.4.380_1031) my firewall-start scripts no longer automatically run.

I can clear the syslog, reboot the router, and see that the logger line is not added and also that the /tmp file is not created. If I execute the script from the command line the log and the file both appear, and ebtables-L shows that the 'real' parts of the script still execute as they used to.

The file is owned by root and the firmware update process didn't reset execution flags...

admin@(none):/jffs/scripts# ls -lag
drwxrwxrwx    2 root             0 Mar  2 20:50 .
drwxr-xr-x    7 root             0 Mar  2 21:00 ..
-rwxrwxrwx    1 root           592 Mar  2 20:54 firewall-start

And my script for reference...

#!/bin/sh

DIR=/tmp
DATE=$(date +"%Y-%m-%d-%H%M%S")
NAME=`basename $0`
mkdir -p $DIR
touch $DIR/$DATE-$NAME

logger -t "FIREWALL-START" "adding openvpn dhcp rules"
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

And through the UI I have verified that the Firewall page still has the firewall enabled. I even toggled it off (and hit 'apply') then toggled it back on and still the log (and an ebtables -L) doesn't show my script getting executed.

 

[RMerlin]

Asuswrt does not support any custom scripts - you need Asuswrt-Merlin for that...

 

[DPattee]

Oh for pete's sake! I've switched between so many "wrt's" that I don't remember which features worked on which ones, ha

Thanks!