openwrt · brada4 · Jan 19, 2026
diff --git a/root/usr/share/firewall4/templates/ruleset.uc b/root/usr/share/firewall4/templates/ruleset.uc
@@ -363,6 +363,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 {% for (let zone in fw4.zones()): %}
 {%  if (zone.dflags["notrack"]): %}
 {%   for (let rule in zone.match_rules): %}

diff --git a/tests/01_configuration/01_ruleset b/tests/01_configuration/01_ruleset
@@ -252,6 +252,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/01_configuration/02_rule_order b/tests/01_configuration/02_rule_order
@@ -192,6 +192,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/01_policies b/tests/02_zones/01_policies
@@ -222,6 +222,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/02_masq b/tests/02_zones/02_masq
@@ -231,6 +231,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/03_masq_src_dest_restrictions b/tests/02_zones/03_masq_src_dest_restrictions
@@ -225,6 +225,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/04_masq_allow_invalid b/tests/02_zones/04_masq_allow_invalid
@@ -145,6 +145,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/04_wildcard_devices b/tests/02_zones/04_wildcard_devices
@@ -326,6 +326,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/05_subnet_mask_matches b/tests/02_zones/05_subnet_mask_matches
@@ -192,6 +192,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/06_family_selections b/tests/02_zones/06_family_selections
@@ -325,6 +325,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/07_helpers b/tests/02_zones/07_helpers
@@ -347,6 +347,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/02_zones/08_log_limit b/tests/02_zones/08_log_limit
@@ -443,6 +443,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/01_direction b/tests/03_rules/01_direction
@@ -121,6 +121,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/02_enabled b/tests/03_rules/02_enabled
@@ -116,6 +116,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/03_constraints b/tests/03_rules/03_constraints
@@ -176,6 +176,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/04_icmp b/tests/03_rules/04_icmp
@@ -128,6 +128,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/05_mangle b/tests/03_rules/05_mangle
@@ -278,6 +278,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/06_subnet_mask_matches b/tests/03_rules/06_subnet_mask_matches
@@ -295,6 +295,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/07_redirect b/tests/03_rules/07_redirect
@@ -332,6 +332,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/08_family_inheritance b/tests/03_rules/08_family_inheritance
@@ -286,6 +286,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/09_time b/tests/03_rules/09_time
@@ -197,6 +197,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/10_notrack b/tests/03_rules/10_notrack
@@ -223,6 +223,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 		iifname "eth0" jump notrack_zone1 comment "!fw4: Handle zone1 IPv4/IPv6 notrack traffic"
 	}
 

diff --git a/tests/03_rules/11_log b/tests/03_rules/11_log
@@ -198,6 +198,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/03_rules/12_mark b/tests/03_rules/12_mark
@@ -144,6 +144,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/04_forwardings/01_family_selections b/tests/04_forwardings/01_family_selections
@@ -217,6 +217,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/05_ipsets/01_declaration b/tests/05_ipsets/01_declaration
@@ -134,6 +134,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/05_ipsets/02_usage b/tests/05_ipsets/02_usage
@@ -214,6 +214,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/06_includes/01_nft_includes b/tests/06_includes/01_nft_includes
@@ -227,6 +227,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/06_includes/02_firewall.user_include b/tests/06_includes/02_firewall.user_include
@@ -162,6 +162,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/06_includes/04_disabled_include b/tests/06_includes/04_disabled_include
@@ -168,6 +168,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {

diff --git a/tests/06_includes/05_automatic_includes b/tests/06_includes/05_automatic_includes
@@ -168,6 +168,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+		rt type 0 counter drop
 	}
 
 	chain raw_output {