the mt3000 does not work in terms of firewall, not sure if it is something which started after 4.7.0
i have a simple setup with a tailscale exit node and custom firewall rules
the firewall hit counter increments but it blocks nothing
what is going on?
Update:
think already found it, after some digging , i was right, enabling tailscale makes its own chain (ts-input and ts-forward), when creating custom rules it overwrites all existing rules and thus bascially deleting tailcale chain, making tailscale non working, solution for me was for now adding the iptables via ssh to these chains, im sure after reboot they will be gone so really not stable for now
Any firewall rule from luci has no effect because it adds them into the main input or forward table, making the tailscale chains basically evade them
That is why I added my rules into the tailscale chains themself via ssh (update: I might need to recall this as because I think even if the rules are in the main table during processing they still will hit the tailscale data as well, however about second note I’m sure)
The second note is that the option custom rules in luci, if you just save it or add whatever into it, it flushes out al the system generated firewall rules like the previously mentioned ts-input and ts-forward, thus causing tailscale to be non working (solution disable reenable Tailscale from GUI), but because of this you can’t have custom rules via luci, and need to tweak via ssh