I want to add a firewall rule which allows certain static IP addresses to go via the normal WAN connection instead of via the default OpenVPN connection. I went into the CLI and found the file /etc/firewall.user and assume this is where I can make my changes.
Couple of questions:
1. Will these changes to /etc/firewall.user persist through reboots? (the notes in the file mention firewall restarts, but not device reboots)
2. What destination/gateway do I use to send traffic to the non-VPN WAN connection? I see zone_wan_output chains in the output of iptables --list, do I use this?
3. Can I run my custom rule even when I set the OpenVPN config to "Block non-OpenVPN traffic" or do I need to allow this traffic for the rule to work?
Any pointers you can give me would be most helpful. Thanks!
Adding Firewall Rule
Moderator: Moderators
Re: Adding Firewall Rule
You're going outside the way it was intended to work, so I don't think you'll get many answers, and probably not much support.
My recommendation would be to start here
https://stangri.github.io/openwrt-repo/
This user has made a VPN bypass and vpn policy based routing package. These won't directly work on Gargoyle, but they may be good to examine and see how it was achieved.
My recommendation would be to start here
https://stangri.github.io/openwrt-repo/
This user has made a VPN bypass and vpn policy based routing package. These won't directly work on Gargoyle, but they may be good to examine and see how it was achieved.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.