CoreELEC Firewall: Request to change precedence on rules location

CoreELEC Firewall: Request to change precedence on rules location

CoreELEC’s firewall is very bad. The firewall Home option should allow access to the device from the IP addresses 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 but this is not true for network interfaces other than eth+, en+, wl+, tether and docker+. For example, this firewall does not work with WireGuard (wg+) or ZeroTier (zt +) and this forces the user to prepare a custom firewall option, which I find stupid.

The solution is very simple: I request that the directory /storage/.config/iptables take precedence over the default directory /etc/iptables (read only).

Use custom firewall option with rules in file /storage/.config/iptables/rules.v4.

1 Like

Custom firewall does not appear initially, first it is necessary to enable the Home option (the Public option does not work either) so that the Custom option appears.

If a device is far away and only accessible via VPN your solution is unusable.

I reiterate my request that the /storage/.config/iptables directory take precedence over /etc/iptables.

I think you will see Custom option only if you have file with custom rules.

I don’t see the point to have some precedence. Rules in /etc are some system one. And if you want some custom one copy those rules to custom, edit them or create new from fresh, restart kodi, select Custom rules. Done.

I doubt that anyone is going to change this part.

Sorry, you’re right, to see the Custom option I need a /storage/.config/iptables/rules.v4 file. Other names do not work. SOLVED!

1 Like

Well those rules need some dusting probably. I think tethering is broken when using default firewalls.

But w can certainly add wg+ to the devices. I think we also need to add a raw table and prerouting to protect from attacks on wireguard.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.