NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jsmy's avatar
jsmy
Aspirant
Mar 12, 2020

iptables rules

I have been using a similar process to what is outlined on this post to modify some iptables rules: https://community.netgear.com/t5/Orbi/Static-Routing-and-NAT-iptables/td-p/1270184   With one of...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Mar 12, 2020
jsmy wrote:

I have been using a similar process to what is outlined on this post to modify some iptables rules:

https://community.netgear.com/t5/Orbi/Static-Routing-and-NAT-iptables/td-p/1270184

 

With one of the last firmware updates I can no longer get the iptables changes to take effect.  When I delete a rule, within seconds it comes back.  When I add a rule, within seconds it is gone.

Since you are willing to hack the Orbi firmware, you might consider flashing Voxel's firmware for the RBR50:

http://www.voxel-firmware.com/Downloads/Voxel/html/orbi.html 

Scroll to the bottom to find his Change Log.

If you download the most recent version and unpack it, there is a file QuickStart.txt.  Open it and search for "iptables".  This firmware includes a method for including your own iptables rules.

 

Testing Voxel firmware is not terribly difficult.  Save a copy of the current configuration, perform a Manual Update using Voxel's "img" file.  My memory is a bit dim, but I probably did a Factory Reset after installing Voxel and during the setup said to "Reload previous configuration."  If it turns out the Voxel firmware is not suitable, just "go back" (which it sounds like you have ample experience with).

 

I sort of like that this firmware has options to obliterate things like Disney Circle, Armor, Samba, etc.  Includes SSH in addition to telnet.

 

  • jsmy's avatar
    jsmy
    Aspirant
    Mar 13, 2020

    Thanks for the info... I tried the firmware you suggested and it did not solve the problem.  It took doing a factory reset, then configuring everything manually. There was something busted in the old config and if I used a backup config file the problem would show up again.  After resetting to factory and manually configuring everything (painful), it works as it should again and I can modify iptables rules!