[TriLUG] Anybody using DD-WRT?

Fri Aug 1 07:30:48 EDT 2008

As a temporary fix until the corrections make their way into the  
current builds:

1) Goto the "Administration" tab and in the Cron section make sure  
Cron is enabled and paste the following into the Additional cron jobs:

30 * * * * /tmp/custom.sh

2) Find the "Commands" sub-tab up top and paste the following script  
into the Command Shell box:

#!/bin/sh
#
# DD-WRT v2.4 errant firewall rules temporary fix.

echo Testing for errant firewall rules...
LINE1=`iptables -L INPUT -n --line-numbers | grep 194\.231\.229\.20 |  
awk '{print $1}'`

if [ -z "$LINE1" ]
then
echo Errant 194.231.229.20 rule not found.
else
iptables -D INPUT $LINE1
echo Errant 194.231.229.20 rule removed.
fi

LINE2=`iptables -L INPUT -n --line-numbers | grep 212\.65\.2\.116 |  
awk '{print $1}'`

if [ -z "$LINE2" ]
then
echo Errant 212.65.2.116 rule not found.
else
iptables -D INPUT $LINE2
echo Errant 212.65.2.116 rule removed.
fi

Now just hit the "Save Custom Script" button.

Every 30 minutes your router will check to see if the bad rules are  
there and remove them.
You may wonder why use a cron job instead of the startup or, more  
appropriately, the firewall script option.
Well it seems that the startup script runs before the firewall is  
initiated. And the firewall script will run before the system adds  
these IPs in.
Every time the firewall restarts or, of course, whenever the router  
reboots, the rules will pop back up, though neither should happen very  
often.

John Wheeler
Web Applications Developer
jcw.dev at gmail.com
336-255-8004

On Aug 1, 2008, at 1:21 AM, John Wheeler wrote:

> http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783
>
> It looks like as a result of your thread a patch has been issued but
> the latest builds don't seem to be updated yet.
>
> John Wheeler
> Web Applications Developer
> jcw.dev at gmail.com
> 336-255-8004
>
> On Jul 31, 2008, at 11:54 PM, Jason Herr wrote:
>
>> They were taking it out according to your thread, but it got me
>> looking
>> at the code that contained it as a default:
>> /src/router/services/sysinit/defaults.c
>>
>> Found via google, it starts wierd (comments in the head of the file
>> don't mention licensing, but do talk about being created by  
>> Broadcom),
>> and the #IFDEFs in this thing are a hodgepodge of nastiness.  It may
>> be
>> they make special build options for people who use various service
>> providers?
>>
>> heading comments from:
>> http://svn.dd-wrt.com:8000/dd-wrt/changeset/6627?format=diff&new=6627
>> /*
>> * Router default NVRAM values
>> *
>> * Copyright 2001-2003, Broadcom Corporation
>> * All Rights Reserved.
>> *
>> * THIS SOFTWARE IS OFFERED "AS IS", AND BROADCOM GRANTS NO WARRANTIES
>> F ANY
>> * KIND, EXPRESS OR IMPLIED, BY STATUTE, COMMUNICATION OR OTHERWISE.
>> BROADCOM
>> * SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
>> FITNESS
>> * FOR A SPECIFIC PURPOSE OR NONINFRINGEMENT CONCERNING THIS SOFTWARE.
>> *
>> * $Id: defaults.c,v 1.11 2005/11/30 11:53:42 seg Exp $
>> */
>>
>> The addresses are now only found in an ifdef for something called
>> HAVE_GGEW.
>> http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/services/sysinit/defaults.c
>>
>>
>> Not sure what to make of it, but it was interesting reading.
>>
>> J
>>
>>
>> Brian Daniels wrote:
>>> On Thu, Jul 31, 2008 at 04:10:38PM -0400, John Wheeler wrote:
>>>> What services do you have turned on for this setup? Have you
>>>> modified
>>>> the default options much?
>>>
>>> A bit.  I set up port forwarding, and OpenVPN.  Wpa key and
>>> passwords.  Dyndns.
>>> Nothing really unusual other than the vpn, and that was just
>>> pasting keys into
>>> the web interface.  I haven't made any changes through ssh,
>>> everything was done
>>> with the web interface.
>>>
>>> I've made a post on their forums:
>>> http://www.dd-wrt.com/phpBB2/viewtopic.php?p=197399#197399
>>> and found another user reporting the same issue earlier in the
>>> month.  He got a
>>> bogus reply about it being for pinging, and no one followed up
>>> further.
>>>
>>> I'll post back here if I learn more, but I'm not using DD-WRT for
>>> the moment.
>>>
>>> --Brian
>>>
>>>
>>
>> -- 
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions