How to temporally disable WAN access?

Discussion in 'Tomato Firmware' started by JeffD, Feb 2, 2019.

  1. JeffD

    JeffD Serious Server Member

    I'm looking to be able to do something like a WAN kill switch for the kid's devices. I'm currently using access restrictions, but don't like having to enable/disable and save multiple different groups.

    Is there a better way to dynamically block groups of devices which doesn't require committing the changes to flash? I may only want to have a block 24/7 but if homework and chores are done, flip the switch and they have access for 3 hours or whatever. Is there a way to do that in the tomato firmware?
     
  2. Sean B.

    Sean B. LI Guru Member

    Create a separate subnet/VLAN, same fashion as a guest network, for the kids to use. I'd assume they're only using wireless and not LAN ports, so you can create a virtual wireless interface for them to connect to ( virtual interfaces don't often play well with VLANs when it comes to segregating networks, however they should work fine as that isn't the goal here ). For example, make br1/VLAN3 with router IP 192.168.2.1 and DHCP range 192.168.2.100 - 150, create a 2.4ghz virtual interface with SSID set as KIDSNETWORK and bridge it to br1.

    This separates the kids at the network level so policy can be implemented on just them. Now, how do want your "switch" to work? Do you want to use one of the physical buttons on the router? Or login to the web interface and run a command? Also, do you have USB storage attached to the router?
     
  3. JeffD

    JeffD Serious Server Member


    Thanks the VLAN won't really work as there are computer and gaming systems that are wired. Tablets, game systems and phones are wifi.

    I want the switch to work whenever my wife or I decide we need to pull the plug (but allow our devices and computers to work) My wife works out of the house, so her computer and the VOIP stuff need to be always on.

    We do have a USB port, but no storage inserted at the moment. You thinking about having a script on the USB which can be trigger by something like the WPS button?
     
  4. Sean B.

    Sean B. LI Guru Member

    VLAN's will work with LAN ports just fine. Simply add the ports that they use to the VLAN you created for them. USB storage isn't required if using a button on the router. If you want to be able to switch access on or off via the routers web interface or a telnet/ssh shell then USB storage or use of the jffs partition would be needed to store the script. If you create a VLAN for the kids as I instructed, with a virtual interface for them to connect via wifi and adding the LAN ports they use, then control of their internet access is as simple as an iptables rule.

    For a hard button on the router, place this in the Administration->Buttons/LED custom config box:

    Code:
    #!/bin/sh
    STATUS="$(iptables -t filter -C FORWARD -i br1 -o vlan2 -j DROP >/dev/null 2>&1; echo $?)"
    
    if [ "$STATUS" == "0" ]
      then
        iptables -t filter -D FORWARD -i br1 -o vlan2 -j DROP
        logger "Kids network internet access: Enabled"
          else
            iptables -t filter -I FORWARD 1 -i br1 -o vlan2 -j DROP
            logger "Kids network internet access: Disabled"
    fi
    Then set one, or all, of the press duration options to "Run custom script". Whenever the button is pressed for the selected duration, the script will either enable or disable internet access from the kids network depending on the previous access state. It will make an entry to the system log whenever access is toggled.

    To switch access via the web interface Tools->System commands or a telnet/ssh shell, the same script could be used, however I'd change it a bit:

    Code:
    #!/bin/sh
    STATUS="$(iptables -t filter -C FORWARD -i br1 -o vlan2 -j DROP >/dev/null 2>&1; echo $?)"
    VAR="$1"
    
    case "$VAR" in
      "enable") if [ "$STATUS" == "0" ]
                  then
                    iptables -t filter -D FORWARD -i br1 -o vlan2 -j DROP
                    echo "Kids network internet access is now: Enabled."
                      else
                        echo "Kids network internet access is already enabled."
                fi
      ;;
      "disable") if [ "$STATUS" == "1" ]
                   then
                     iptables -t filter -I FORWARD 1 -i br1 -o vlan2 -j DROP
                     echo "Kids network internet access is now: Disabled."
                       else
                         echo "Kids network internet access is already disabled."
                 fi
      ;;
      "status") if [ "$STATUS" == "0" ]
                  then
                    echo "Kids network internet access is currently: Disabled"
                      else
                        echo "Kids network internet access is currently: Enabled"
                fi
      ;;
      *) echo ""
         echo "Missing or unknown option."
         echo ""
         echo "Syntax: $0 [option]"
         echo ""
         echo "Options: enable | disable | status"
         echo ""
      ;;
    esac
    Place that in a file on either USB storage or jffs partition, you can name it whatever you like but for this example we'll say the file name is "access" and you placed it on USB storage which is mounted on /tmp/mnt/flashdrive . After creating the file run this command from System Commands or a telnet/ssh shell so the file is executable:

    Code:
    chmod +x /tmp/mnt/flashdrive/access
    Now, from either the web interface Tools->System Commands or a telnet/ssh shell, you can alter the access state running:

    Code:
    /tmp/mnt/flashdrive/access OPTION
    Where OPTION is one of: enable | disable | status .


    **NOTE** These scripts assume the kids subnet/VLAN will be using the br1 bridge, if not then change accordingly. Also, if anything resets the firewall ( IE: router reboot, WAN up/down, clicking save in certain menus of the web interface etc ) the kids internet access will become enabled. If you wish for the default access for the kids to be disabled, place this in Administration->Scripts firewall tab:

    Code:
    #!/bin/sh
    STATUS="$(iptables -t filter -C FORWARD -i br1 -o vlan2 -j DROP >/dev/null 2>&1; echo $?)"
    
    if [ "$STATUS" == "1" ]
      then
        iptables -t filter -I FORWARD 1 -i br1 -o vlan2 -j DROP
    fi
    Now internet access for the kids network will be disabled if anything changes with the router.
     
    Last edited: Feb 2, 2019
    JeffD likes this.
  5. JeffD

    JeffD Serious Server Member

    Awesome that's great, huge thank you! I'll give it a try. Kids and internet has been one of the most frustrating things for my wife and I. Even though I'm the tech one I really don't like having to micro manage the network.
     
  6. Sean B.

    Sean B. LI Guru Member

    You're welcome. Let me know how it works out for ya.
     
  7. JeffD

    JeffD Serious Server Member

    For some reason when I put the script on the usb drive (call it lockdown.sh) when the drive is mounted in the router it shows as empty, 0 bytes. I've tried several times and same thing every time. I'm going a little nuts but still trying to get it working.

    So I pasted the script through putty into vi and got something but it's not working. The status change always responds it's in that state already. I did list the chains and found everything is referenced by lanX no reference to vlan anywhere.

    Code:
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
               all  --  anywhere             anywhere            account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
               all  --  anywhere             anywhere            account: network/netmask: 192.168.10.0/255.255.255.0 name: lan1
    
     
    Last edited: Feb 8, 2019
  8. Sean B.

    Sean B. LI Guru Member

    I put the script in a file, tested it, and uploaded it to my google drive. You can download it here . Pasting it through putty is likely messing up the spacing. Place it on your USB drive, then connect it to the router and telnet/ssh into the router. Cd to the USB drive and execute script via:

    Code:
    ./lockdown.sh
     
  9. JeffD

    JeffD Serious Server Member

    Thanks again. FWIW I did type in your first command which sets STATUS and that echoed back reports 2 every time which is neither 0 or 1. I thought that was interesting. I'll give the script a shot. I was more than surprised I could paste into vi from putty...
     
  10. JeffD

    JeffD Serious Server Member

    So the assignment of STATUS doesn't seem to be working from the script.
    If I do the line from the command line status=0 and I can echo that. But if I echo status after the status assignment completes in the script I get status=2. Does BASH just process sequentially or is it possible that

    It seems iptables v1.3.8 doesn't like the -C FORWARD option
    What version of iptables are you using? I'm running freshtomato from December with iptables 1.3.8
     
  11. Sean B.

    Sean B. LI Guru Member

    I'm running a heavily customized build of Toastman's source.

    Code:
    root@Storage:/tmp/home/root# iptables -V
    iptables v1.4.14
    root@Storage:/tmp/home/root#
    I modified the script to be compatible with your version of iptables:

    Code:
    #!/bin/sh
    STATUS="$(iptables -t filter --list-rules FORWARD | grep -qFe "-i br1 -o vlan2 -j DROP"; echo $?)"
    VAR="$1"
    
    case "$VAR" in
      "enable") if [ "$STATUS" == "0" ]
                  then
                    iptables -t filter -D FORWARD -i br1 -o vlan2 -j DROP
                    echo "Kids network internet access is now: Enabled."
                      else
                        echo "Kids network internet access is already enabled."
                fi
      ;;
      "disable") if [ "$STATUS" == "1" ]
                   then
                     iptables -t filter -I FORWARD 1 -i br1 -o vlan2 -j DROP
                     echo "Kids network internet access is now: Disabled."
                       else
                         echo "Kids network internet access is already disabled."
                 fi
      ;;
      "status") if [ "$STATUS" == "0" ]
                  then
                    echo "Kids network internet access is currently: Disabled"
                      else
                        echo "Kids network internet access is currently: Enabled"
                fi
      ;;
      *) echo ""
         echo "Missing or unknown option."
         echo ""
         echo "Syntax: $0 [option]"
         echo ""
         echo "Options: enable | disable | status"
         echo ""
      ;;
    esac
     
  12. JeffD

    JeffD Serious Server Member

    Thanks for following up, but still no joy. I had been playing around with a mod similar to yours on my own which wasn't working so I headed off to bed hoping you may have a better option.

    Here's what I know:
    The -L FORWARD or --list FORWARD is all that works there's not --list-rules in 1.3.8. Looking at the output from that iptables command there's nothing which contains any information about the vlans. I did add -v and there was 5 entries for in:br3 out:vlan5. I figured the multiple entries was due to testing with the adds, so I rebooted.

    After rebooting there's no info about any vlans except vlan2 with iptables -t filter -L -v
    So I started over this time specifying all for the bridge. I also added and an entry flipping in/out with the any bridge. (I was exploring.)
     
    Last edited: Feb 9, 2019
  13. Sean B.

    Sean B. LI Guru Member

    Ugh, damn versioning. Try this:

    Code:
    #!/bin/sh
    STATUS="$(iptables -t filter -L FORWARD -v | grep -qFe "br1    vlan2"; echo $?)"
    VAR1="$1"
    
    case "$VAR1" in
      "enable") if [ "$STATUS" == "0" ]
                  then
                    iptables -t filter -D FORWARD -i br1 -o vlan2 -j DROP
                    echo "Kids network internet access is now: Enabled."
                  else
                     echo "Kids network internet access is already enabled."
                fi
      ;;
      "disable") if [ "$STATUS" == "1" ]
                   then
                     iptables -t filter -I FORWARD 1 -i br1 -o vlan2 -j DROP
                     echo "Kids network internet access is now: Disabled."
                   else
                      echo "Kids network internet access is already disabled."
                 fi
      ;;
      "status") if [ "$STATUS" == "0" ]
                  then
                    echo "Kids network internet access is currently: Disabled"
                  else
                     echo "Kids network internet access is currently: Enabled"
                fi
      ;;
      *) echo ""
         echo "Missing or unknown option."
         echo ""
         echo "Syntax: $0 [option]"
         echo ""
         echo "Options: enable | disable | status"
         echo ""
      ;;
    esac
     
    JeffD likes this.
  14. JeffD

    JeffD Serious Server Member

    Thanks, I was out working in the yard and though to myself... dude you know grep, you could figure this out!
    I understood enough about what your script was doing so I basically did the same as you except I was a little more selective in my grep, I regex'd the result, got rid of the -qFe added a regex to
    Code:
    iptables -t filter -L FORWARD -v | grep -q 'DROP[a-zA-z0-9 -]\{1,\}br3[ ]\{4,\}wlan5'; echo $?
    
    So that part seems to work, now I need to figure out why my iPhone is able to get out with it disabled. This is the List results with the status as enabled:
    Code:
        0     0 DROP       all  --  br3    vlan5   anywhere             anywhere
     
  15. Sean B.

    Sean B. LI Guru Member

    Are you certain you configured the VLANS/bridges/ports correctly? Post screen shots of Basic->Network and Advanced->VLAN please.


    **EDIT** I just noticed the tail end of the code in your last post. You replaced vlan2 with vlan5. Are you using a WAN other than the standard WAN interface ( aka Multiwan )?

    Also, a minor suggestion. Replace " -j DROP " with " -j REJECT " in the rule. Rather than requests waiting to timeout ( browser sitting there loading for awhile ) it will immediately give a " connection refused " error. Will make a clear difference between the internet being " down " or " laggy " and parents having turned it off.
     
    Last edited: Feb 10, 2019
  16. JeffD

    JeffD Serious Server Member

    Correct, I've got several vlans: guest, IOT devices, the kids, etc.
    I'm only using one wan. It is a multiwan build (and I can't figure out why fresh tomato seems to build with multiwan enabled for everything. I'm currently reworking a fork of that code to make dual wan an option because I don't even want second WAN enabled.)
    This is from the forward table:
    Code:
        0     0 wanin      all  --  vlan2  any     anywhere             anywhere
        0     0 wanout     all  --  any    vlan2   anywhere             anywhere
    
     
  17. JeffD

    JeffD Serious Server Member

  18. Sean B.

    Sean B. LI Guru Member

    VLAN2 is still your WAN, yet you changed VLAN2 to VLAN5 in the iptables rule. VLAN5 is bridged to br3 which is the subnet you're restricting. I'm not sure of your reasoning behind that, but it would be why LAN3 clients can still reach the internet. Traffic from br3 destined for the internet is not leaving the router from VLAN5, it's leaving on VLAN2. Here's a visual, and while the #'s don't match, it shows the concept of the CPU ( router ) and switch connection and its relation to bridges/vlans.

    [​IMG]
     
    Last edited: Feb 10, 2019
    JeffD likes this.
  19. JeffD

    JeffD Serious Server Member

    HA, I thought I was smarter than I am! I was thinking your example was to block vlan specific to the kids, not the bridge. Now I get it... keep their bridge from accessing the WAN vlan.
    That worked! I also switched the script to REJECT, quick response as you suggested.
    BIG Thank you!

    Could I just call this script from the firewall startup you mentioned above with:
    Code:
    sh /tmp/mnt/sdb1/lockdown.sh disable
     
    Last edited: Feb 10, 2019
  20. Sean B.

    Sean B. LI Guru Member

    You're welcome, glad to help.

    Just put the iptables rule itself into the firewall script box. IE:

    Code:
    iptables -t filter -I FORWARD 1 -i br3 -o vlan2 -j REJECT
    No need to execute a file to do it.
     
  21. JeffD

    JeffD Serious Server Member

    Thanks, I was looking for a way to do with less characters because flash at this point has ~70 free bytes.
    I need to jump on modifying the firmware to conditional out the dual-wan WLAN2 variables and then I should be fine. So, that's priority #1 now.
     
  22. Sean B.

    Sean B. LI Guru Member

    Just FYI: You don't need to rebuild the firmware to free up NVRAM space. The NVRAM space you're referring to is used for storing variables ( IE: settings/configuration ) not the firmware itself. If you're not using certain features of the firmware, you can unset those variables from NVRAM by hand:

    Code:
    nvram unset <variable>
    And then make the changes permanent once sure you didn't break anything:

    Code:
    nvram commit
    I would recommend saving your configuration first via Administration->Configuration . Then if after removing variables you find problems after a commit/reboot, you can reset the NVRAM to defaults by holding the WPS button during power on, then reload your config from the saved file.
     
  23. JeffD

    JeffD Serious Server Member

    I thought about doing it this way but decided against it for two reason:
    1) if I ever need to restore the default settings WAN2 values will come back
    2) The default configuration for both Shibby's and Freshtomato seems to have dual-WAN (i.e.WAN1 and WAN2) enabled by default they also enable MULTIWAN which on first look enables WAN3-4. I didn't check toastman builds. Shibby and Freshtomato firmware will looks for WAN2 values unless it's built without and I have no idea what would happen if WAN2_variable were deleted. I figured it may be easiest to break WAN2 out into a DUAL_WAN build option and wrap all WAN2 support inside. Unless some has a better option...
     
  24. JeffD

    JeffD Serious Server Member

    Just as an example of what I'm talking about, this is from the defaults.c file
    Code:
        // WAN TCP/IP parameters
        { "wan_proto",            "dhcp"            },    // [static|dhcp|pppoe|disabled]
        { "wan_ipaddr",            "0.0.0.0"        },    // WAN IP address
        { "wan_netmask",        "0.0.0.0"        },    // WAN netmask
        { "wan_gateway",        "0.0.0.0"        },    // WAN gateway
        { "wan_gateway_get",        "0.0.0.0"        },    // default gateway for PPP
        { "wan_dns",            ""            },    // x.x.x.x x.x.x.x ...
        { "wan_weight",            "1"            },
        { "wan_ckmtd",            "2"            },
    
        { "wan2_proto",            "dhcp"            },  // [static|dhcp|pppoe|disabled]
        { "wan2_ipaddr",        "0.0.0.0"        },  // WAN IP address
        { "wan2_netmask",        "0.0.0.0"        },  // WAN netmask
        { "wan2_gateway",        "0.0.0.0"        },  // WAN gateway
        { "wan2_dns",            ""            },  // x.x.x.x x.x.x.x ...
        { "wan2_weight",        "1"            },
        { "wan2_hwname",        ""            },  // WAN driver name (e.g. et1)
        { "wan2_hwaddr",        ""            },  // WAN interface MAC address
        { "wan2_ifnameX",        NULL            },  // real wan if; see wan.c:start_wan
        { "wan2_ckmtd",            "2"            },
    
    #ifdef TCONFIG_MULTIWAN
        { "wan3_proto",            "dhcp"            },  // [static|dhcp|pppoe|disabled]
        { "wan3_ipaddr",        "0.0.0.0"        },  // WAN IP address
        { "wan3_netmask",        "0.0.0.0"        },  // WAN netmask
        { "wan3_gateway",        "0.0.0.0"        },  // WAN gateway
        { "wan3_dns",            ""            },  // x.x.x.x x.x.x.x ...
        { "wan3_weight",        "1"            },
        { "wan3_hwname",        ""            },  // WAN driver name (e.g. et1)
        { "wan3_hwaddr",        ""            },  // WAN interface MAC address
        { "wan3_ifnameX",        NULL            },  // real wan if; see wan.c:start_wan
        { "wan3_ckmtd",            "2"            },
    
        { "wan4_proto",            "dhcp"            },  // [static|dhcp|pppoe|disabled]
        { "wan4_ipaddr",        "0.0.0.0"        },  // WAN IP address
        { "wan4_netmask",        "0.0.0.0"        },  // WAN netmask
        { "wan4_gateway",        "0.0.0.0"        },  // WAN gateway
        { "wan4_dns",            ""            },  // x.x.x.x x.x.x.x ...
        { "wan4_weight",        "1"            },
        { "wan4_hwname",        ""            },  // WAN driver name (e.g. et1)
        { "wan4_hwaddr",        ""            },  // WAN interface MAC address
        { "wan4_ifnameX",        NULL            },  // real wan if; see wan.c:start_wan
        { "wan4_ckmtd",            "2"            },
    #endif
    
    From tomato.c, defining 2 WANs by default or 4 WANs with MULTIWAN enabled:
    Code:
    #ifdef TCONFIG_MULTIWAN
     { "mwan_num",   V_RANGE(1, 4)   },
    #else
     { "mwan_num",   V_RANGE(1, 2)   },
    #endif
    
     
  25. Sean B.

    Sean B. LI Guru Member

    I believe you can remove multiwan by modifying ~/freshtomato-arm/release/src-rt-6.x.4708/Makefile and removing "MULTIWAN=y" for your target build:

    Code:
    ## targets
    e:
        @$(MAKE) bin NTFS=y BBEXTRAS=y USBEXTRAS=y EBTABLES=y IPV6SUPP=y MEDIASRV=y MULTIWAN=y B=E BUILD_DESC="$(VPN)" CTF=y GRO=y USB="USB" PPTPD=y OPENVPN=y DNSSEC=y SNMP=y
    
    o:
        @$(MAKE) bin OPENVPN=y NTFS=y BBEXTRAS=y USBEXTRAS=y EBTABLES=y MEDIASRV=y IPV6SUPP=y MULTIWAN=y B=E BUILD_DESC="Custom" CTF=y GRO=y USB="USB" BTCLIENT=y TR_EXTRAS=y DNSCRYPT=y PPTPD=y DNSSEC=y SNMP=y TINC=y TOR=y
    
    z:
        @$(MAKE) bin OPENVPN=y NTFS=y BBEXTRAS=y USBEXTRAS=y EBTABLES=y MEDIASRV=y IPV6SUPP=y MULTIWAN=y B=E BUILD_DESC="AIO" CTF=y GRO=y USB="USB" BTCLIENT=y TR_EXTRAS=y DNSCRYPT=y STUBBY=y UPS=y PPTPD=y DNSSEC=y TINC=y SNMP=y NFS=y NANO=y TOR=y NGINX=y
    
    ac68e:
        @$(MAKE) e ARM=y NVRAM_64K=y NAND=y BCMSMP=y ASUS_TRX="ASUS" TUXERA=y
    
     
  26. JeffD

    JeffD Serious Server Member

    Yup, I saw that but this only gets rid of the "multiwan" part which is just WAN3 and WAN4, it doesn't include WAN2.

    What I found is WAN2 is always active even when MULTIWAN isn't enabled.
    This is generally how all the WAN code looks, wan and wan2 aren't in conditional while wan3 and wan4 are conditional on MULTIWAN. TCONFIG_MULTIWAN is defined when MULTIWAN=y

    Code:
       if (check_wanup("wan")) {
        memcpy(&wanfaces, get_wanfaces("wan"), sizeof(wanfaces));
        for (i = 0; i < wanfaces.count; ++i) {
         ip = wanfaces.iface[i].ip;
         if (!(*ip) || strcmp(ip, "0.0.0.0") == 0)
          continue;
         add_listen_socket(ip, wanport, 0, nvram_match("remote_mgt_https", "1"));
        }
       }
       if (check_wanup("wan2")) {
        memcpy(&wan2faces, get_wanfaces("wan2"), sizeof(wan2faces));
        for (i = 0; i < wan2faces.count; ++i) {
         ip = wan2faces.iface[i].ip;
         if (!(*ip) || strcmp(ip, "0.0.0.0") == 0)
          continue;
         add_listen_socket(ip, wanport, 0, nvram_match("remote_mgt_https", "1"));
        }
       }
    #ifdef TCONFIG_MULTIWAN
       if (check_wanup("wan3")) {
        … same as above but for wan3 …
         }
       }
       if (check_wanup("wan4")) {
        … same as above but for wan4 …
        }
       }
    #endif
    
    This example is similar to other code which references the wans and why didn't want to just delete the wan2 variables in NVRAM. I didn't dig deep on happens when the wan2 values are referenced but not defined in NVRAM. Obviously it wan2 won't be "up" here, but most code acts on wan and wan2 in tandem. I thought it safer to wrap all wan2 stuff with a DUALWAN, build without DUALWAN. Then delete the WAN2 variables from NVRAM (or erase and let the defaults populate without WAN2). This will be a private fork and if anyone else wants it merged back in it can be enabled by default.

    The only place I saw WAN2 broken out from WAN1 in the code is in the configuration html generation where there's a dualWAN reference around wan2.

    Am I making this more complicated than is needed?
     
    Last edited: Feb 11, 2019
  27. Sean B.

    Sean B. LI Guru Member

    I don't see the reasoning behind adding an additional wan ( wan2 ) outside of the multiwan definition. Makes me wonder if there's something more going on there with wan2, sense it was not a different change/addition. First appearance of it was with the multiwan commit. Yet coded in a fashion that removes it from the scope of the multiwan makefile flag.
     
    JeffD likes this.
  28. JeffD

    JeffD Serious Server Member

    So, I think you're agree with me. I only discovered this after disabling multiwan and found that wan2 values were still being saved in NVRAM. So I dug a little deeper and found wan2 isn't included in multiwan.

    I've wondered, how many people actually have a need for 2 WAN? I can understand cellular modems in the event wired connection goes offline.
    We have a cellular hotspot, but I wouldn't even think of connecting that to my router. Just use it as a AP until the wired connection is restored.
    I thought I first saw MULTIWAN in a Shibby build and maybe he had a need for WAN2 and added 3-4 for future use??!? Nothing wrong with a developer making what they need! I'm not sure how/why one could use 4 WANs and why that's been enabled for most builds in that make file you included above.
     
  29. Sean B.

    Sean B. LI Guru Member

    Yes, multiwan was introduced in Shibby's build, of which FreshTomato is a fork off of. The introduction of multiwan was in Shibby v138 at commit 2f3db3c, as can be seen here. As it makes changes to 67 files, I'd like to say simply revert the commit and pull multiwan out. However, it's hard to say how many following commits add code changes dependent on the existence of multiwan. Either way, it would be advisable to use that commit as a guide to verify you've covered all instances of wan2 if you're merging it into multiwans ifdef.
     
  30. JeffD

    JeffD Serious Server Member

    Thanks for the confirmation. When I discovered this years ago I ended up running Shibby's last pre-multiwan build and had been happy except I was never able to update from there.

    I was thinking of adding a new DUALWAN if that doesn't get overly complex, though may just roll into MW which seems easier. The main reason for thinking about the DUAL option is that the configuration HTML generation mentions dualwan in addition to multiwan. It's like someone tried this before...

    I like the idea of referencing the pre MW commit, thanks for the referenced commit id.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice