I got some custom firewall rules that mangle TTL defined in the advanced luci interface, but I have to change them based on which network I’m connecting to.
Does anyone know a way I can script it so it sets custom rules based on a certain range of IP (ie, set a TTL of XX when WAN is connected to 10.X.X.X addresses but a TTL of XX when WAN is connected to 192.168.1.X addresses?)
This command will set the TTL:
iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-set 65
If you want to set it based on IP range:
iptables -t mangle -I POSTROUTING 1 -s 10.0.0.0/24 -j TTL --ttl-set 65
This is good info, but I don’t think I explained myself clearly, sorry.
I’m looking for a rule for setting TTL based on the WAN address.
Unless I’m missing something, in the above example, the source IP will always be assigned by the gl.inet DHCP, which in my case is some variant of 192.168.8.X, right?
You are right. Maybe you need to write a script