DD-WRT :: View topic - How big can be "Firewall" iptables script ?

How big can be "Firewall" iptables script ?

DD-WRT Forum Index -> General Questions

Author

Message

jikev
DD-WRT Novice

Joined: 01 Jun 2010
Posts: 1

Posted: Tue Jun 01, 2010 14:59 Post subject: How big can be "Firewall" iptables script ?
Hello guys, i asking because i have around 35 rules total spread around the chains and i lately see that some of the rules disappeared after reboot despite that i saved them in firewall script.

Sponsor

buddee
DD-WRT Guru

Joined: 06 Feb 2010
Posts: 7401
Location: Little Rock

Posted: Tue Jun 01, 2010 23:26 Post subject:

I am unsure on an actual size number, but i saved this post from phuzi0n which is very useful.

phuzi0n wrote:

If you're one of the few people running out of nvram space due to huge firewall scripts, I wrote some commands to compress/decompress it. My ~4KB firewall script (custom written QoS) got reduced to ~1KB with it. The compressed data is even smaller but it has to be base64 encoded so that it's safe to store in nvram which makes it ~33% bigger.

Usage:

Run the "Compress Firewall" set of commands to compress your real firewall script and change the firewall script to decompress and execute your compressed firewall script. If you ever want to view/edit your firewall commands then run the "Decompress Firewall" commands to have it decompressed. You can use the "Editing the Firewall" commands to safely edit it before recompressing it.

After running the decompression commands it will tell you how much nvram you have left, if it's negative then stay out of the GUI to avoid committing nvram! Instead use the "Editing the Firewall" commands via telnet/ssh so that you can compress it before committing.

When you're done and you want to save it through reboots then make sure that there is free space left and then run nvram commit.

# Compress Firewall
nvram set pH_fw="`nvram get rc_firewall | gzip | uuencode -m /dev/stdout`"
nvram set rc_firewall="nvram get pH_fw | uudecode -o /tmp/pH_fw.gz;gunzip /tmp/pH_fw.gz;chmod +x /tmp/pH_fw;/tmp/pH_fw"
nvram show >/dev/null

# Decompress Firewall
nvram get pH_fw | uudecode -o /tmp/pH_fw.gz
nvram unset pH_fw
gunzip /tmp/pH_fw.gz
nvram set rc_firewall="`cat /tmp/pH_fw`"
nvram show >/dev/null

# Editing the Firewall
vi /tmp/pH_fw
# finish editing with vi before running the rest
nvram set rc_firewall="`cat /tmp/pH_fw`"
nvram show >/dev/null

Hope that maybe helps....
_________________
Wireless N Config | Linking Routers | DD-WRT Wiki | DD-WRT Builds | Peacock - Broadcom FAQ

Having problems with port forwarding? Check out Port Forward Troubleshooting for more info.

phuzi0n
DD-WRT Guru

Joined: 10 Oct 2006
Posts: 10141

Posted: Wed Jun 02, 2010 16:06 Post subject:

The firewall script is stored in nvram like every other setting so it's limited by the available nvram space which is very small (typically 32KB). You can run this command to find out how much you have used/free.

nvram show >/dev/null

Btw the firewall compression is on the useful scripts wiki page:
http://www.dd-wrt.com/wiki/index.php/Useful_Scripts#Compress_the_Firewall_Script_.28to_reduce_nvram_usage.29
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> General Questions

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Log in

How big can be "Firewall" iptables script ?

Quick Links

Log in