WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

FIREWALL CUSTOM RULES "STRING" OPTION NOT SUPPORTED (FW RUT2_R_00.07.02)

0 votes
349 views 2 comments
by anonymous

Hello,
on RUT240 with new FW RUT2_R_00.07.02, the following firewall custom rules does not work:

iptables -I output_rule -o wwan0 -p udp -m udp --dport 53 -m string --hex-string "|04|pool|03|ntp|03|org" --algo bm -j ACCEPT

The same rule on the old FW (RUT2XX_R_00.01.14.5) worked fine.

When I force /etc/init.d/firewall restart, I got the following error:

 * Running script '/etc/firewall.user'
iptables v1.8.7 (legacy): Couldn't load match `string':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.

I tried the same with FW RUT2_R_00.07.01 and I got the same error.
However looking at the release note of RUT2_R_00.07.02, I thought it was solved. In fact, in the FW changelog is reported: 

  • Added iptables filter package for string filtering

Could anyone comment on this? Is the issue still present?

Thanks,
M
 

1 Answer

0 votes
by anonymous
Hello,

I have forwarded this issue to the RnD department. I will inform you once I get more information.

Best regards,

Žygimantas
Best answer
by anonymous

What you need to do is to install an additional package from Services -> Package manager, called  IPtables Filter Extension. Once done, the string option should not cause issues anymore.

Best regards

by anonymous
Thanks, this solved the issue.