[OpenWrt-Devel] Firewall rule for UDP-based Traceroute

Philip Prindeville philipp_subx at redfish-solutions.com
Sun Apr 26 19:13:31 EDT 2020

I was playing with traceroute classic and Openwrt using the following rule:

config rule
        option name             Allow-UDP-Traceroute
        option src              wan
        option dest_port        33434:33689
        option proto            udp
	option family		ipv4
        option target           REJECT

and it works, but can anyone see a downside to it?  Yes, it exposes the presence of the Firewall.

But is there any other risk to the firewall besides that?  Should we include this rule, even if it’s not enabled, in the default /etc/config/firewall?


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list