can't disable spi

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
danielsender
DD-WRT User


Joined: 12 Aug 2010
Posts: 59

PostPosted: Thu Dec 04, 2014 2:58    Post subject: can't disable spi Reply with quote
I installed on a wrt54gv6 the micro build 25527 and configured as a repeater bridge according to the instructions. Everything works OK, although I cannot disable the firewall->SPI button. I'm able to click on the "Disable" but I can't save it. I also tried with previous builds but I get the same results.

I don't know how important is that step for the functionality as a repeater, but it may be for other people.
Sponsor
rgraville
DD-WRT Novice


Joined: 18 Jan 2015
Posts: 18

PostPosted: Sat Jan 24, 2015 17:35    Post subject: Reply with quote
This is also true for
DD-WRT v24-sp2 (01/20/15) micro - build 25974
(also on a WRT54G V6)

I can save/apply for any other settings on the page, as long as I leave SPI enabled. As soon as I disable SPI the Save and Apply buttons no longer trigger when clicked.
rgraville
DD-WRT Novice


Joined: 18 Jan 2015
Posts: 18

PostPosted: Sat Jan 24, 2015 17:36    Post subject: Reply with quote
Note that I am coming from 14929 where I was able to disable SPI and save/apply just fine.
hurlybuehrle
DD-WRT Novice


Joined: 19 Oct 2017
Posts: 3

PostPosted: Thu Oct 19, 2017 18:50    Post subject: Workaround? Reply with quote
I know this thread is old, but I was having the same problem and this thread topped my search results.

I think I have a workaround. I'm a total DD-WRT novice -- haven't really had to think about it much since initially installing it in 2010.

I encountered this issue when upgrading an old Linksys WRT54Gv8 from build 13637 to build 33535 (https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2017/10-17-2017-r33525/broadcom/dd-wrt.v24_micro_generic.bin), to patch against the Krack vulnerability.

The Access Point setup instructions said to disable the SPI firewall. This worked for the old build, but not with the new build. [Clarification: I couldn't get the "disable SPI" setting to stick on build 33535. After the workaround below it does stick, and my device is now working as an access point]

Looks like there's a JavaScript issue with Firewall.asp. See http://svn.dd-wrt.com/changeset/26242/src/router/kromo/dd-wrt/Firewall.asp?contextall=1&old=12892&old_path=%2Fsrc%2Frouter%2Fkromo%2Fdd-wrt%2FFirewall.asp for the diff between a working and non-working versions. The submitcheck function wants to check the value of log_enable, but for micro builds the log_enable control is commented out.

Here is my workaround. Your mileage may vary.

  1. Load Firewall.asp in the web browser.

  2. Open your browser's DevTools. (The following instructions are Chrome.) Go the the Elements tab and search for “log_enable”.

  3. Look for the log_enable instance in a large commented-out block below the idfilter div. Right-click on this large block and Edit as HTML. Remove the comment prefix (<!--) and suffix (-->). Click elsewhere to remove focus from the HTML tag being edited.

  4. Close DevTools.
  5. Some extra form controls will now appear. For me these controls didn't have any labels. Click on the rightmost unlabelled radio button (corresponding to log_enable in the disabled state). Then the four unlabelled drop-down controls will disappear.
  6. You might have to re-click some of the checkboxes.
  7. The "Save" button at the bottom of Firewall.asp should now work. The ARP Spoofing Protection checkbox, which I had unchecked prior to saving, got re-checked. But that didn't prevent me from following the rest of the rules at https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point to get my device working as an AP.
  8. When the time comes to Apply Settings, do it from a page other than Firewall.asp.


By the way, for the firmware upgrade I followed the "How to update if dd-wrt is already installed" instructions at http://dd-wrt.com/wiki/index.php/Linksys_WRT54G_v8.0_%26_v8.2 . I loaded the new firmware through the web GUI.
ripp2003
DD-WRT Novice


Joined: 05 Jul 2006
Posts: 8

PostPosted: Fri Feb 15, 2019 17:49    Post subject: Reply with quote
Ho god !!!! You saved my life, now, I can disable this firewall
_________________
WRT54G V5 with 2.3SP1 micro (non jtag)
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Sat Feb 16, 2019 8:43    Post subject: Reply with quote
you must have a solid reason to disable SPI as this is not recommended at all...
only on certain cases as a WAP, client/repeater/WDS

some ppl believe disabling SPI gives a better speed...
now there is a SFE option for that on the new builds...

in general those routers affected by slow performance are very old and must be replaced instead of disabling
an important features in order to provide better performance as they cannot provide it at all...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Scimitar
DD-WRT Novice


Joined: 13 Jul 2019
Posts: 1

PostPosted: Sat Jul 13, 2019 12:08    Post subject: Reply with quote
so sorry I must be stupid- o do not understand how or what to do to go around the ;

I quote:

Open your browser's DevTools. (The following instructions are Chrome.) Go the the Elements tab and search for “log_enable”.

Look for the log_enable instance in a large commented-out block below the idfilter div. Right-click on this large block and Edit as HTML. Remove the comment prefix (<!--) and suffix (-->). Click elsewhere to remove focus from the HTML tag being edited.

End quote...

I find this and then?
Paste:

//<![CDATA[
function submitcheck(F) {if(F._block_proxy){F.block_proxy.value = F._block_proxy.checked ? 1 : 0;}if(F._block_cookie){F.block_cookie.value = F._block_cookie.checked ? 1 : 0;}if(F._block_java){F.block_java.value = F._block_java.checked ? 1 : 0;}if(F._block_activex){F.block_activex.value = F._block_activex.checked ? 1 : 0;}if (F._block_wan){F.block_wan.value = F._block_wan.checked ? 1 : 0;}if(F._block_multicast) {F.block_multicast.value = F._block_multicast.checked ? 1 : 0;}if(F._block_loopback){F.block_loopback.value = F._block_loopback.checked ? 1 : 0;}if(F._block_ident){F.block_ident.value = F._block_ident.checked ? 1 : 0;}if(F._block_snmp){F.block_snmp.value = F._block_snmp.checked ? 1 : 0;}if(F._arp_spoofing){F.arp_spoofing.value = F._arp_spoofing.checked ? 1 : 0;}if(F._filter_tos){F.filter_tos.value = F._filter_tos.checked ? 1 : 0;}if(F._limit_ssh){F.limit_ssh.value = F._limit_ssh.checked ? 1 : 0;}if(F._limit_telnet){F.limit_telnet.value = F._limit_telnet.checked ? 1 : 0;}if(F._limit_pptp){F.limit_pptp.value = F._limit_pptp.checked ? 1 : 0;}if(F._limit_ftp){F.limit_ftp.value = F._limit_ftp.checked ? 1 : 0;}if (F.filter.value == "off"){F.log_enable.value = 0;}F.save_button.value = sbutton.saving;}function to_submit(F){submitcheck(F);apply(F);}function to_apply(F){submitcheck(F);applytake(F);}function setFirewall(F, val) {/*if (val != "on") { document.firewall.log_enable[1].click(); }*/if (val != "on") {if(F._block_proxy){F._block_proxy.checked = false;}if(F._block_cookie){F._block_cookie.checked = false;}if(F._block_java){F._block_java.checked = false;}if(F._block_activex){F._block_activex.checked = false;}if (F._block_wan){F._block_wan.checked = false;}if(F._block_multicast) {F._block_multicast.checked = false;}if(F._block_loopback){F._block_loopback.checked = false;}if(F._block_ident){F._block_ident.checked = false;}if(F._block_snmp){F._block_snmp.checked = false;}if(F._arp_spoofing){F._arp_spoofing.checked = false;}if(F._filter_tos){F._filter_tos.checked = false;}if(F._limit_ssh){F._limit_ssh.checked = false;}if(F._limit_telnet){F._limit_telnet.checked = false;}if(F._limit_pptp){F._limit_pptp.checked = false;}if(F._limit_ftp){F._limit_ftp.checked = false;}}}var update;addEvent(window, "load", function() {setFirewall(this.form, "on");show_layer_ext(document.firewall.log_enable, 'idlog1', 0 == 1);show_layer_ext(document.firewall.log_enable, 'idlog2', 0 == 1);show_layer_ext(document.firewall.warn_enabled, 'idwarn', 0 == 1);update = new StatusbarUpdate();update.start();});addEvent(window, "unload", function() {update.stop();});
//]]>


End paste...
Is it the right section or?
Sorry for beind dumb...

thx in advance for any help
Regards...
jwh7
DD-WRT Guru


Joined: 25 Oct 2013
Posts: 2670
Location: Indy

PostPosted: Wed Jul 17, 2019 16:26    Post subject: Re: Workaround? Reply with quote
danielsender wrote:
I installed on a wrt54gv6 the micro build 25527 and configured as a repeater bridge according to the instructions. Everything works OK, although I cannot disable the firewall->SPI button. I'm able to click on the "Disable" but I can't save it.
hurlybuehrle wrote:
The Access Point setup instructions said to disable the SPI firewall. [...]

Looks like there's a JavaScript issue with Firewall.asp. [...] The submitcheck function wants to check the value of log_enable, but for micro builds the log_enable control is commented out.
Thanks @hurlybuehrle; I recall this when I setup my WRT54GSv6, though I just disabled SPI via CLI as a workaround.

Good news though... This was broken in 19597, and BS has now fixed it in 40365. Wink

Thanks BS!

_________________
# NAT/SFE/CTF: limited speed w/ DD # Repeater issues # DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo #
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250
|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum