Menu
What's new
By:
Filters Better Search

New RT-AC86U online, need advice on setting up SSHD

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OK. So in the Yandex example any DNS query that isn't destined for Yandex's IPv6 DNS servers is dropped, presumably making the client retry using IPv4 and intercepted by those rules.

So we want it to do the same thing for all IPv6 DNS queries, not just Yandex. But it doesn't seem to be creating the rules properly.

So after setting the Global Filter Mode to Router you need to add the missing rules:

Code: 
ip6tables -t mangle -N DNSFILTERF
ip6tables -t mangle -N DNSFILTERI
ip6tables -t mangle -A INPUT -i br0 -p udp -m udp --dport 53 -j DNSFILTERI
ip6tables -t mangle -A INPUT -i br0 -p tcp -m tcp --dport 53 -j DNSFILTERI
ip6tables -t mangle -A FORWARD -i br0 -p udp -m udp --dport 53 -j DNSFILTERF
ip6tables -t mangle -A FORWARD -i br0 -p tcp -m tcp --dport 53 -j DNSFILTERF
ip6tables -t mangle -A DNSFILTERI -j DROP
ip6tables -t mangle -A DNSFILTERF -j DROP

Try putting that in firewall-start and seeing what the end result looks like.

EDIT: We might end up with some duplicated rules in certain circumstances but hopefully that won't cause a problem.
 
Last edited:
We have achieved success. It is now working exactly as I had hoped. Thank you for the solution.
 
Tekneek said:
We have achieved success. It is now working exactly as I had hoped. Thank you for the solution.
Click to expand...
That's good news. You might want to test various combinations, like adding exceptions to the Global Filter Mode in case the order the rules are added causes problems.

At the end of the day it's a nasty hack that shouldn't be necessary. From what you posted it looks like there are some rules being created but they're not being applied properly. It looks like a bug IMHO that @RMerlin needs to cast his eye over.

:)
 
Last edited:
Thanks @ColinTaylor and @RMerlin for the assistance. I've expanded the rules to handle port 853 as well, now.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
M AC86U - SSH Disabled few seconds after boot - 386.14. Asuswrt-Merlin 0
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
C Need info on bringing AC86U back to life as AIMesh unit Asuswrt-Merlin 3
D VPN director issue on RT-AC86U (386.14 Merlin FW) Asuswrt-Merlin 9
nospamever Happy and sad for RT-AC86U Asuswrt-Merlin 10
H Extremely low speed on ac86u with openvpn client Asuswrt-Merlin 7
P EoL RT-AC86U replacement Asuswrt-Merlin 4
H GT-AC29000 and AC86U mesh together Asuswrt-Merlin 10
M RT-AC86U Errors after latest firmware update (386.14) Asuswrt-Merlin 3
criskoe Asus RT-AC86U Openvpn connected but not working Asuswrt-Merlin 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 585 (members: 23, guests: 562)
Top