API tools faq
paste
Advertisement
Guest User

amplifi iptables

a guest
Jul 19th, 2016
1,514
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.75 KB | None | 0 0
raw download clone embed print report
  1. ubnt@AFi-R-HD-02086D:/usr/sbin# iptables -L
  2. Chain INPUT (policy ACCEPT)
  3. target prot opt source destination
  4. ACCEPT all -- anywhere anywhere ID:66773300
  5. input_rule all -- anywhere anywhere ID:66773300 /* user chain for input */
  6. ACCEPT all -- anywhere anywhere ID:66773300 ctstate RELATED,ESTABLISHED
  7. DROP all -- anywhere anywhere ID:66773300 ctstate INVALID
  8. syn_flood tcp -- anywhere anywhere ID:66773300 tcp flags:FIN,SYN,RST,ACK/SYN
  9. zone_lan_input all -- anywhere anywhere ID:66773300
  10. zone_guest_input all -- anywhere anywhere ID:66773300
  11. zone_guest_input all -- anywhere anywhere ID:66773300
  12. zone_guest_input all -- anywhere anywhere ID:66773300
  13. zone_wan_input all -- anywhere anywhere ID:66773300
  14.  
  15. Chain FORWARD (policy DROP)
  16. target prot opt source destination
  17. forwarding_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */
  18. ACCEPT all -- anywhere anywhere ID:66773300 ctstate RELATED,ESTABLISHED
  19. DROP all -- anywhere anywhere ID:66773300 ctstate INVALID
  20. zone_lan_forward all -- anywhere anywhere ID:66773300
  21. zone_guest_forward all -- anywhere anywhere ID:66773300
  22. zone_guest_forward all -- anywhere anywhere ID:66773300
  23. zone_guest_forward all -- anywhere anywhere ID:66773300
  24. zone_wan_forward all -- anywhere anywhere ID:66773300
  25. reject all -- anywhere anywhere ID:66773300
  26.  
  27. Chain OUTPUT (policy ACCEPT)
  28. target prot opt source destination
  29. ACCEPT all -- anywhere anywhere ID:66773300
  30. output_rule all -- anywhere anywhere ID:66773300 /* user chain for output */
  31. ACCEPT all -- anywhere anywhere ID:66773300 ctstate RELATED,ESTABLISHED
  32. DROP all -- anywhere anywhere ID:66773300 ctstate INVALID
  33. zone_lan_output all -- anywhere anywhere ID:66773300
  34. zone_guest_output all -- anywhere anywhere ID:66773300
  35. zone_guest_output all -- anywhere anywhere ID:66773300
  36. zone_guest_output all -- anywhere anywhere ID:66773300
  37. zone_wan_output all -- anywhere anywhere ID:66773300
  38.  
  39. Chain MINIUPNPD (1 references)
  40. target prot opt source destination
  41.  
  42. Chain forwarding_guest_rule (1 references)
  43. target prot opt source destination
  44.  
  45. Chain forwarding_lan_rule (1 references)
  46. target prot opt source destination
  47.  
  48. Chain forwarding_rule (1 references)
  49. target prot opt source destination
  50.  
  51. Chain forwarding_wan_rule (1 references)
  52. target prot opt source destination
  53.  
  54. Chain input_guest_rule (1 references)
  55. target prot opt source destination
  56.  
  57. Chain input_lan_rule (1 references)
  58. target prot opt source destination
  59.  
  60. Chain input_rule (1 references)
  61. target prot opt source destination
  62.  
  63. Chain input_wan_rule (1 references)
  64. target prot opt source destination
  65.  
  66. Chain output_guest_rule (1 references)
  67. target prot opt source destination
  68.  
  69. Chain output_lan_rule (1 references)
  70. target prot opt source destination
  71.  
  72. Chain output_rule (1 references)
  73. target prot opt source destination
  74.  
  75. Chain output_wan_rule (1 references)
  76. target prot opt source destination
  77.  
  78. Chain reject (6 references)
  79. target prot opt source destination
  80. REJECT tcp -- anywhere anywhere ID:66773300 reject-with tcp-reset
  81. REJECT all -- anywhere anywhere ID:66773300 reject-with icmp-port-unreachable
  82.  
  83. Chain syn_flood (1 references)
  84. target prot opt source destination
  85. RETURN tcp -- anywhere anywhere ID:66773300 tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
  86. DROP all -- anywhere anywhere ID:66773300
  87.  
  88. Chain zone_guest_dest_ACCEPT (2 references)
  89. target prot opt source destination
  90. ACCEPT all -- anywhere anywhere ID:66773300
  91. ACCEPT all -- anywhere anywhere ID:66773300
  92. ACCEPT all -- anywhere anywhere ID:66773300
  93.  
  94. Chain zone_guest_forward (3 references)
  95. target prot opt source destination
  96. forwarding_guest_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */
  97. zone_wan_dest_ACCEPT all -- anywhere anywhere ID:66773300 /* forwarding guest -> wan */
  98. ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port forwards */
  99. zone_guest_dest_ACCEPT all -- anywhere anywhere ID:66773300
  100.  
  101. Chain zone_guest_input (3 references)
  102. target prot opt source destination
  103. input_guest_rule all -- anywhere anywhere ID:66773300 /* user chain for input */
  104. ACCEPT tcp -- anywhere anywhere ID:66773300 tcp dpt:domain /* Allow guest dns */
  105. ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:domain /* Allow guest dns */
  106. ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:bootps /* Allow guest dhcp */
  107. ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:bootpc /* Allow guest dhcp */
  108. ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port redirections */
  109. zone_guest_src_REJECT all -- anywhere anywhere ID:66773300
  110.  
  111. Chain zone_guest_output (3 references)
  112. target prot opt source destination
  113. output_guest_rule all -- anywhere anywhere ID:66773300 /* user chain for output */
  114. zone_guest_dest_ACCEPT all -- anywhere anywhere ID:66773300
  115.  
  116. Chain zone_guest_src_REJECT (1 references)
  117. target prot opt source destination
  118. reject all -- anywhere anywhere ID:66773300
  119. reject all -- anywhere anywhere ID:66773300
  120. reject all -- anywhere anywhere ID:66773300
  121.  
  122. Chain zone_lan_dest_ACCEPT (4 references)
  123. target prot opt source destination
  124. ACCEPT all -- anywhere anywhere ID:66773300
  125.  
  126. Chain zone_lan_forward (1 references)
  127. target prot opt source destination
  128. MINIUPNPD all -- anywhere anywhere
  129. forwarding_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */
  130. zone_wan_dest_ACCEPT all -- anywhere anywhere ID:66773300 /* forwarding lan -> wan */
  131. ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port forwards */
  132. zone_lan_dest_ACCEPT all -- anywhere anywhere ID:66773300
  133.  
  134. Chain zone_lan_input (1 references)
  135. target prot opt source destination
  136. input_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for input */
  137. ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port redirections */
  138. zone_lan_src_ACCEPT all -- anywhere anywhere ID:66773300
  139.  
  140. Chain zone_lan_output (1 references)
  141. target prot opt source destination
  142. output_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for output */
  143. zone_lan_dest_ACCEPT all -- anywhere anywhere ID:66773300
  144.  
  145. Chain zone_lan_src_ACCEPT (1 references)
  146. target prot opt source destination
  147. ACCEPT all -- anywhere anywhere ID:66773300
  148.  
  149. Chain zone_wan_dest_ACCEPT (3 references)
  150. target prot opt source destination
  151. ACCEPT all -- anywhere anywhere ID:66773300
  152.  
  153. Chain zone_wan_dest_REJECT (1 references)
  154. target prot opt source destination
  155. reject all -- anywhere anywhere ID:66773300
  156.  
  157. Chain zone_wan_forward (1 references)
  158. target prot opt source destination
  159. forwarding_wan_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */
  160. zone_lan_dest_ACCEPT esp -- anywhere anywhere ID:66773300 /* @rule[9] */
  161. zone_lan_dest_ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:isakmp /* @rule[10] */
  162. ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port forwards */
  163. zone_wan_dest_REJECT all -- anywhere anywhere ID:66773300
  164.  
  165. Chain zone_wan_input (1 references)
  166. target prot opt source destination
  167. input_wan_rule all -- anywhere anywhere ID:66773300 /* user chain for input */
  168. ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:bootpc /* Allow-DHCP-Renew */
  169. ACCEPT icmp -- anywhere anywhere ID:66773300 icmp echo-request /* Allow-Ping */
  170. ACCEPT igmp -- anywhere anywhere ID:66773300 /* Allow-IGMP */
  171. ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port redirections */
  172. zone_wan_src_REJECT all -- anywhere anywhere ID:66773300
  173.  
  174. Chain zone_wan_output (1 references)
  175. target prot opt source destination
  176. output_wan_rule all -- anywhere anywhere ID:66773300 /* user chain for output */
  177. zone_wan_dest_ACCEPT all -- anywhere anywhere ID:66773300
  178.  
  179. Chain zone_wan_src_REJECT (1 references)
  180. target prot opt source destination
  181. reject all -- anywhere anywhere ID:66773300
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!