I _think_ but am not sure the difference lies in what options are included/excluded.
>From http://wiki.openwrt.org/doc/uci/firewall#rules - If src and dest are given, the rule matches *forwarded* traffic - If only src is given, the rule matches *incoming* traffic - If only dest is given, the rule matches *outgoing* traffic - If neither src nor dest are given, the rule defaults to an *outgoing* traffic rule The second rule includes 'src' and 'dest', so it is forwarding onto the given 'dest' (which is lan) The third rule indicates only 'src' and no 'dest', so it is treated as in 'incoming' (to the CPU) traffic. Forwarding to the LAN does not forward to the router cpu. I believe the third rule is allow the traffic to hit the CPU. hope this helps Camden On Tue, Dec 2, 2014 at 8:57 AM, Robert P. J. Day <[email protected]> wrote: > hoping i'm not totally misunderstanding some firewall rules but on this > wiki page: > > http://wiki.openwrt.org/doc/howto/udp_multicast > > toward the bottom, one reads that, to use igmpproxy and udpxy together, > you must combine the earlier firewall rules. the page claims you need > three rules: > > config rule > option src wan > option proto igmp > option target ACCEPT > config rule > option src wan > option proto udp > option dest lan > option dest_ip 224.0.0.0/4 > option target ACCEPT > config rule > option src wan > option proto udp > option dest_ip 224.0.0.0/4 > option target ACCEPT > > but isn't that third rule a superset of the second rule, making the > second rule redundant? or am I just misreading something? > > rday > _______________________________________________ > openwrt-users mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users >
_______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
