This is my first time using GLiNet router (Flint 3) and it has been a great experience so far! However, I am not familiar with openWRT and I currently have a problem setting up an ipset within LuCI.
My goal is to have port forwarding with IP whitelist (in the form of a file). In the GLiNet admin panel, I have created a rule for the port forwarding part easily and it works as expected.
Now to have the whitelist, I went to the LuCI panel and go to Network -> Panel -> IP Sets. Then I do the following.
- Create a new IP set
- Select "Packet Field Match" to "src_net"
- Upload and select my whitelist file containing IPs with CIDR notation
- Use the newly created ipset in the port forwarding rule
This does not work. If i went to the router via ssh then check the list with nft list sets, there is no list at all. However, when I change the "Packet Field Match" to "src_ip" and check it again with nft list sets, the list will be visible (but without the CIDR notation, since it is parsed as an IP and not subnet).
Using this ipset with "src_ip" works. For example if the file contains 1.2.3.4/8 it will be parsed as 1.2.3.4 and I can access the forwarded port from that IP, so I am sure that I did the rules correctly. It seems to me that the option "src_net" simply doesn't work or I misunderstood it. Can anyone point me on how to use a list with subnet? Thanks!