ipset working on r7000

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2
View previous topic :: View next topic  
Author Message
Xentrk
DD-WRT Novice


Joined: 03 Jun 2016
Posts: 45
PostPosted: Mon Feb 27, 2017 22:48    Post subject: Reply with quote
I got it to work now. Following these instructions got around the checksum error:

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1035801
Back to top View user's profile Send private message
Sponsor
No_Body
DD-WRT Novice


Joined: 01 Mar 2019
Posts: 8
PostPosted: Mon Mar 04, 2019 9:26    Post subject: Re: ipset working on r7000 Reply with quote
nahdude wrote:
Hello,

I managed to get ipset/iptables working on the r7000 kong builds with kernel 3.10.

The attached file contains the needed iptables v1.4.16.3 libraries, application, and xt_set module.
It also contains the ipset v6.21.1 application and libmnl v1.0.3 library.

The only module needed is xt_set since all needed kernel parts for ipset and iptables are already built-in.

To test, extract the tar in /jffs/usr, then
Code:

insmod /jffs/usr/lib/modules/xt_set.ko
ipset -N IPTEST hash:ip
ipset -A IPTEST 8.8.8.8
ipset -A IPTEST 8.8.4.4
ipset -N NETTEST hash:net
ipset -A NETTEST 4.2.2.0/24

Check that the new sets are correct with
Code:

ipset -L

then
Code:

cd /jffs/usr/sbin
./iptables -A OUTPUT -m set --match-set IPTEST dst -j DROP
./iptables -A OUTPUT -m set --match-set NETTEST dst -j DROP

Any attempts to ping
8.8.8.8
8.8.4.4
4.2.2.1 ... 4.2.2.4
should fail


Will this work on a Atheros AR7161 CPU with the Linux 3.10.108-d8 Kernel?
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12917
Location: Netherlands
PostPosted: Mon Mar 04, 2019 14:01    Post subject: Reply with quote
You better ask in the Atheros Forum but I think it will work use entware to obtain the packages:
https://github.com/Entware/Entware-ng/wiki
https://wiki.dd-wrt.com/wiki/index.php/Installing_Entware

I have used ipset in combination with a script from @Eibgrad for advanced PBR routing

I now use a simpler implementation but that can only retrieve the first IP address of a domain, but works at the moment for my purpose.
the simpler PBR implementation can be found at: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662

If you want the advanced script from @Eibgrad with ipset I can look it up for you if necessary
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum