RT-N66U no iptables with class a netmask

Hi,

with a class a netmask the firewall/iptables are not active and the router is open to attacks from the internet.

example: ip=10.0.0.1 netmask=255.0.0.0

result:

cat /etc/iptables
cat: can't open '/etc/iptables': No such file or directory

immediatly after change of netmask to 255.255.255.0 the error is gone:

cat /etc/iptables
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-I PREROUTING -i vlan2 -j DSCP --set-dscp 0
-I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:WANPREROUTING - [0:0]
-A PREROUTING -d 188.193.189.168 -j WANPREROUTING
-A PREROUTING -i vlan2 -d 10.0.0.1/255.255.255.0 -j DROP
-A WANPREROUTING -p icmp -j DNAT --to-destination 10.0.0.1
-A POSTROUTING  -o vlan2 -j MASQUERADE
-A POSTROUTING -o vlan2 -d 192.168.100.1 -j MASQUERADE
-A POSTROUTING -o br0 -s 10.0.0.1/255.255.255.0 -d 10.0.0.1/255.255.255.0 -j SNAT --to-source 10.0.0.1
COMMIT
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-N shlimit
-A shlimit -m recent --set --name shlimit
-A shlimit -m recent --update --hitcount 4 --seconds 180 --name shlimit -j DROP
-A INPUT -p tcp --dport 10 -m state --state NEW -j shlimit
-A INPUT -p tcp --dport 23 -m state --state NEW -j shlimit
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p tcp  --dport 10 -j ACCEPT
:FORWARD DROP [0:0]
-A FORWARD -m account --aaddr 10.0.0.0/255.255.255.0 --aname lan
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
:wanin - [0:0]
:wanout - [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan2 -j wanin
-A FORWARD -o vlan2 -j wanout
-A FORWARD -i br0 -j ACCEPT
COMMIT


Current Version:      2018.5 MIPSR2 K26 USB AIO-64K

Comments (2)