[OpenWrt-Devel] firewall instead of routing rules to keep ULAs from escaping

Steven Barth cyrus at openwrt.org
Tue Jun 16 02:47:44 EDT 2015


That commit got reverted 4 months later and was never really in use for
long. Source-Destination routing has been used to replace it for egress
traffic, i.e. there are simply no external (e.g. default) routes that
have a matching source-restriction.

For ingress traffic the stateful firewall handles this automatically
(unless you manually open it, then you might want to consider adding a
rule again here).

Using policy rules for incoming would be possible yes, however since we
have a zone-based firewall replicating the zones with policy rules is
awkward.
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list