Dispatcher for handling iptables nat forwarding and others by systemd service.
Since netctl is a dirty and quick solution, this is quick and dirty.
Set lan in /etc/archwrt/dispatcher/dispatcher.conf, default is 'br0'
Just add the following to your netctl.profile: (assuming the WAN interface is net0)
ExecUpPost="systemctl start archwrt-dispatcher.service;"
ExecDownPre="systemctl stop archwrt-dispatcher.service;"
Tipically, the above use the default interface from ip route. If you want to assign an interface manually, use the following instead: (assuming the WAN interface is net0)
ExecUpPost="systemctl start archwrt-dispatcher@net0.service;"
ExecDownPre="systemctl stop archwrt-dispatcher@net0.service;"
/etc/ppp/ip-up.d/10-archwrt-dispatcher.sh
#!/bin/bash
systemctl start "archwrt-dispatcher.service"/etc/ppp/ip-down.d/10-archwrt-dispatcher.sh
#!/bin/bash
systemctl stop "archwrt-dispatcher.service"Tipically, the above use the default interface from ip route. If you want to assign the interface "manually", use the following instead:
/etc/ppp/ip-up.d/10-archwrt-dispatcher.sh
#!/bin/bash
systemctl start "archwrt-dispatcher@${IFNAME}.service"/etc/ppp/ip-down.d/10-archwrt-dispatcher.sh
#!/bin/bash
systemctl stop "archwrt-dispatcher@${IFNAME}.service"See nat_type in dispatcher.conf
Currently support:
- iptables, iptables-fullconenat
- nftables, nftables-fullcone
- einat-ebpf
Set services array in the /etc/archwrt/dispatcher/dispatcher.conf
The default policy for INPUT is DROP
If you need unblock a port, edit the /etc/archwrt/dispatcher/filter.rules
e.g. To open tcp port 80, add this line to the end of the INPUT Chain:
-A INPUT -p tcp --dport 80 -j ACCEPT