10501 questions

12508 answers

19436 comments

22020 members

0 votes
29 views 1 comments
by

Hello,
on RUT240 with new FW RUT2_R_00.07.02, the following firewall custom rules does not work:

iptables -I output_rule -o wwan0 -p udp -m udp --dport 53 -m string --hex-string "|04|pool|03|ntp|03|org" --algo bm -j ACCEPT

The same rule on the old FW (RUT2XX_R_00.01.14.5) worked fine.

When I force /etc/init.d/firewall restart, I got the following error:

 * Running script '/etc/firewall.user'
iptables v1.8.7 (legacy): Couldn't load match `string':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.


I tried the same with FW RUT2_R_00.07.01 and I got the same error.
However looking at the release note of RUT2_R_00.07.02, I thought it was solved. In fact, in the FW changelog is reported: 

  • Added iptables filter package for string filtering

Could anyone comment on this? Is the issue still present?

Thanks,
M
 

1 Answer

0 votes
by
Hello,

I have forwarded this issue to the RnD department. I will inform you once I get more information.

Best regards,

Žygimantas
by

What you need to do is to install an additional package from Services -> Package manager, called  IPtables Filter Extension. Once done, the string option should not cause issues anymore.

Best regards