User manual
31: Diagnostics
_______________________________________________________________________________________________________
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
To view the available firewall commands, enter:
root@VA_router:~# /etc/init.d/firewall
Syntax: /etc/init.d/firewall [command]
Available commands:
start Start the service
stop Stop the service
restart Restart the service
reload Reload configuration files (or restart if that fails)
enable Enable service autostart
disable Disable service autostart
31.8.1 IP tables
To add a quick firewall rule for dropping packets to a specific IP, enter:
root@VA_router:~# iptables -I OUTPUT -d 8.8.8.8/32 -p icmp -j DROP
To disable the rule, enter:
root@VA_router:~# iptables -D OUTPUT 1
31.8.2 Debug
It is possible to view the iptables commands generated by the firewall program.
This is useful if you want to track down iptables errors during firewall restarts or
to verify the outcome of certain UCI rules.
To see the rules as they are executed, run the fw command with the FW_TRACE
environment variable set to 1:
root@VA_router:~# FW_TRACE=1 fw reload
To direct the output to a file for later inspection, enter:
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 243 of 255