API tools faq
paste
Advertisement
bmelika

Untitled

bmelika
Mar 7th, 2021
52
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.98 KB | None | 0 0
raw download clone embed print report
  1. root@OpenWrt:~# ubus call system board; uci show network; uci show firewall; uci show dhcp; \
  2. > ip address show; ip route show table all; ip rule show; iptables-save; \
  3. > head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
  4. {
  5. "kernel": "4.14.221",
  6. "hostname": "OpenWrt",
  7. "system": "MediaTek MT7620N ver:2 eco:6",
  8. "model": "D-Link DWR-921 C1",
  9. "board_name": "dlink,dwr-921-c1",
  10. "release": {
  11. "distribution": "OpenWrt",
  12. "version": "19.07.7",
  13. "revision": "r11306-c4a6851c72",
  14. "target": "ramips/mt7620",
  15. "description": "OpenWrt 19.07.7 r11306-c4a6851c72"
  16. }
  17. }
  18. network.loopback=interface
  19. network.loopback.ifname='lo'
  20. network.loopback.proto='static'
  21. network.loopback.ipaddr='127.0.0.1'
  22. network.loopback.netmask='255.0.0.0'
  23. network.globals=globals
  24. network.globals.ula_prefix='fdde:2128:5cc2::/48'
  25. network.lan=interface
  26. network.lan.type='bridge'
  27. network.lan.ifname='eth0.1'
  28. network.lan.proto='static'
  29. network.lan.netmask='255.255.255.0'
  30. network.lan.ip6assign='60'
  31. network.lan.ipaddr='192.168.10.1'
  32. network.lan.dns='8.8.8.8' '8.8.4.4' '1.1.1.1'
  33. network.lan_eth0_1_dev=device
  34. network.lan_eth0_1_dev.name='eth0.1'
  35. network.lan_eth0_1_dev.macaddr='28:3b:82:82:71:2b'
  36. network.wan_eth0_2_dev=device
  37. network.wan_eth0_2_dev.name='eth0.2'
  38. network.wan_eth0_2_dev.macaddr='28:3b:82:82:71:2a'
  39. network.@switch[0]=switch
  40. network.@switch[0].name='switch0'
  41. network.@switch[0].reset='1'
  42. network.@switch[0].enable_vlan='1'
  43. network.@switch_vlan[0]=switch_vlan
  44. network.@switch_vlan[0].device='switch0'
  45. network.@switch_vlan[0].vlan='1'
  46. network.@switch_vlan[0].ports='0 1 2 3 6t'
  47. network.@switch_vlan[1]=switch_vlan
  48. network.@switch_vlan[1].device='switch0'
  49. network.@switch_vlan[1].vlan='2'
  50. network.@switch_vlan[1].ports='4 6t'
  51. network.wwan=interface
  52. network.wwan.proto='qmi'
  53. network.wwan.device='/dev/cdc-wdm0'
  54. network.wwan.apn='orangeweb'
  55. network.wwan.modes='lte'
  56. network.tun0VPN=interface
  57. network.tun0VPN.ifname='tun0'
  58. network.tun0VPN.proto='none'
  59. network.tun0VPN.auto='0'
  60. firewall.@defaults[0]=defaults
  61. firewall.@defaults[0].input='ACCEPT'
  62. firewall.@defaults[0].output='ACCEPT'
  63. firewall.@defaults[0].forward='REJECT'
  64. firewall.@defaults[0].synflood_protect='1'
  65. firewall.@zone[0]=zone
  66. firewall.@zone[0].name='lan'
  67. firewall.@zone[0].input='ACCEPT'
  68. firewall.@zone[0].output='ACCEPT'
  69. firewall.@zone[0].forward='ACCEPT'
  70. firewall.@zone[0].network='lan'
  71. firewall.@zone[1]=zone
  72. firewall.@zone[1].name='wan'
  73. firewall.@zone[1].input='REJECT'
  74. firewall.@zone[1].output='ACCEPT'
  75. firewall.@zone[1].forward='REJECT'
  76. firewall.@zone[1].masq='1'
  77. firewall.@zone[1].mtu_fix='1'
  78. firewall.@zone[1].device='tun0'
  79. firewall.@zone[1].network='tun0VPN wwan'
  80. firewall.@forwarding[0]=forwarding
  81. firewall.@forwarding[0].src='lan'
  82. firewall.@forwarding[0].dest='wan'
  83. firewall.@rule[0]=rule
  84. firewall.@rule[0].name='Allow-DHCP-Renew'
  85. firewall.@rule[0].src='wan'
  86. firewall.@rule[0].proto='udp'
  87. firewall.@rule[0].dest_port='68'
  88. firewall.@rule[0].target='ACCEPT'
  89. firewall.@rule[0].family='ipv4'
  90. firewall.@rule[1]=rule
  91. firewall.@rule[1].name='Allow-Ping'
  92. firewall.@rule[1].src='wan'
  93. firewall.@rule[1].proto='icmp'
  94. firewall.@rule[1].icmp_type='echo-request'
  95. firewall.@rule[1].family='ipv4'
  96. firewall.@rule[1].target='ACCEPT'
  97. firewall.@rule[2]=rule
  98. firewall.@rule[2].name='Allow-IGMP'
  99. firewall.@rule[2].src='wan'
  100. firewall.@rule[2].proto='igmp'
  101. firewall.@rule[2].family='ipv4'
  102. firewall.@rule[2].target='ACCEPT'
  103. firewall.@rule[3]=rule
  104. firewall.@rule[3].name='Allow-DHCPv6'
  105. firewall.@rule[3].src='wan'
  106. firewall.@rule[3].proto='udp'
  107. firewall.@rule[3].src_ip='fc00::/6'
  108. firewall.@rule[3].dest_ip='fc00::/6'
  109. firewall.@rule[3].dest_port='546'
  110. firewall.@rule[3].family='ipv6'
  111. firewall.@rule[3].target='ACCEPT'
  112. firewall.@rule[4]=rule
  113. firewall.@rule[4].name='Allow-MLD'
  114. firewall.@rule[4].src='wan'
  115. firewall.@rule[4].proto='icmp'
  116. firewall.@rule[4].src_ip='fe80::/10'
  117. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  118. firewall.@rule[4].family='ipv6'
  119. firewall.@rule[4].target='ACCEPT'
  120. firewall.@rule[5]=rule
  121. firewall.@rule[5].name='Allow-ICMPv6-Input'
  122. firewall.@rule[5].src='wan'
  123. firewall.@rule[5].proto='icmp'
  124. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  125. firewall.@rule[5].limit='1000/sec'
  126. firewall.@rule[5].family='ipv6'
  127. firewall.@rule[5].target='ACCEPT'
  128. firewall.@rule[6]=rule
  129. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  130. firewall.@rule[6].src='wan'
  131. firewall.@rule[6].dest='*'
  132. firewall.@rule[6].proto='icmp'
  133. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  134. firewall.@rule[6].limit='1000/sec'
  135. firewall.@rule[6].family='ipv6'
  136. firewall.@rule[6].target='ACCEPT'
  137. firewall.@rule[7]=rule
  138. firewall.@rule[7].name='Allow-IPSec-ESP'
  139. firewall.@rule[7].src='wan'
  140. firewall.@rule[7].dest='lan'
  141. firewall.@rule[7].proto='esp'
  142. firewall.@rule[7].target='ACCEPT'
  143. firewall.@rule[8]=rule
  144. firewall.@rule[8].name='Allow-ISAKMP'
  145. firewall.@rule[8].src='wan'
  146. firewall.@rule[8].dest='lan'
  147. firewall.@rule[8].dest_port='500'
  148. firewall.@rule[8].proto='udp'
  149. firewall.@rule[8].target='ACCEPT'
  150. firewall.@include[0]=include
  151. firewall.@include[0].path='/etc/firewall.user'
  152. dhcp.@dnsmasq[0]=dnsmasq
  153. dhcp.@dnsmasq[0].domainneeded='1'
  154. dhcp.@dnsmasq[0].boguspriv='1'
  155. dhcp.@dnsmasq[0].filterwin2k='0'
  156. dhcp.@dnsmasq[0].localise_queries='1'
  157. dhcp.@dnsmasq[0].rebind_protection='1'
  158. dhcp.@dnsmasq[0].rebind_localhost='1'
  159. dhcp.@dnsmasq[0].local='/lan/'
  160. dhcp.@dnsmasq[0].domain='lan'
  161. dhcp.@dnsmasq[0].expandhosts='1'
  162. dhcp.@dnsmasq[0].nonegcache='0'
  163. dhcp.@dnsmasq[0].authoritative='1'
  164. dhcp.@dnsmasq[0].readethers='1'
  165. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  166. dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
  167. dhcp.@dnsmasq[0].nonwildcard='1'
  168. dhcp.@dnsmasq[0].localservice='1'
  169. dhcp.lan=dhcp
  170. dhcp.lan.interface='lan'
  171. dhcp.lan.start='100'
  172. dhcp.lan.limit='150'
  173. dhcp.lan.leasetime='12h'
  174. dhcp.lan.dhcpv6='server'
  175. dhcp.lan.ra='server'
  176. dhcp.lan.ra_management='1'
  177. dhcp.wan=dhcp
  178. dhcp.wan.interface='wan'
  179. dhcp.wan.ignore='1'
  180. dhcp.odhcpd=odhcpd
  181. dhcp.odhcpd.maindhcp='0'
  182. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  183. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  184. dhcp.odhcpd.loglevel='4'
  185. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  186. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  187. inet 127.0.0.1/8 scope host lo
  188. valid_lft forever preferred_lft forever
  189. inet6 ::1/128 scope host
  190. valid_lft forever preferred_lft forever
  191. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
  192. link/ether ea:9b:39:1f:17:c1 brd ff:ff:ff:ff:ff:ff
  193. inet6 fe80::e89b:39ff:fe1f:17c1/64 scope link
  194. valid_lft forever preferred_lft forever
  195. 4: wwan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
  196. link/ether 0a:aa:50:6b:c9:e0 brd ff:ff:ff:ff:ff:ff
  197. inet 10.173.152.162/30 brd 10.173.152.163 scope global wwan0
  198. valid_lft forever preferred_lft forever
  199. inet6 fe80::8aa:50ff:fe6b:c9e0/64 scope link
  200. valid_lft forever preferred_lft forever
  201. 5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  202. link/ether 28:3b:82:82:71:2b brd ff:ff:ff:ff:ff:ff
  203. inet 192.168.10.1/24 brd 192.168.10.255 scope global br-lan
  204. valid_lft forever preferred_lft forever
  205. inet6 fdde:2128:5cc2::1/60 scope global noprefixroute
  206. valid_lft forever preferred_lft forever
  207. inet6 fe80::2a3b:82ff:fe82:712b/64 scope link
  208. valid_lft forever preferred_lft forever
  209. 6: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  210. link/ether 28:3b:82:82:71:2b brd ff:ff:ff:ff:ff:ff
  211. 7: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
  212. link/ether 28:3b:82:82:71:2b brd ff:ff:ff:ff:ff:ff
  213. inet6 fe80::2a3b:82ff:fe82:712b/64 scope link
  214. valid_lft forever preferred_lft forever
  215. default via 10.173.152.161 dev wwan0 proto static src 10.173.152.162
  216. 10.173.152.160/30 dev wwan0 proto kernel scope link src 10.173.152.162
  217. 192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
  218. broadcast 10.173.152.160 dev wwan0 table local proto kernel scope link src 10.173.152.162
  219. local 10.173.152.162 dev wwan0 table local proto kernel scope host src 10.173.152.162
  220. broadcast 10.173.152.163 dev wwan0 table local proto kernel scope link src 10.173.152.162
  221. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  222. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  223. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  224. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  225. broadcast 192.168.10.0 dev br-lan table local proto kernel scope link src 192.168.10.1
  226. local 192.168.10.1 dev br-lan table local proto kernel scope host src 192.168.10.1
  227. broadcast 192.168.10.255 dev br-lan table local proto kernel scope link src 192.168.10.1
  228. fdde:2128:5cc2::/64 dev br-lan proto static metric 1024 pref medium
  229. unreachable fdde:2128:5cc2::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
  230. fe80::/64 dev eth0 proto kernel metric 256 pref medium
  231. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  232. fe80::/64 dev wwan0 proto kernel metric 256 pref medium
  233. fe80::/64 dev wlan0 proto kernel metric 256 pref medium
  234. local ::1 dev lo table local proto kernel metric 0 pref medium
  235. anycast fdde:2128:5cc2:: dev br-lan table local proto kernel metric 0 pref medium
  236. local fdde:2128:5cc2::1 dev br-lan table local proto kernel metric 0 pref medium
  237. anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
  238. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  239. anycast fe80:: dev wwan0 table local proto kernel metric 0 pref medium
  240. anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
  241. local fe80::8aa:50ff:fe6b:c9e0 dev wwan0 table local proto kernel metric 0 pref medium
  242. local fe80::2a3b:82ff:fe82:712b dev br-lan table local proto kernel metric 0 pref medium
  243. local fe80::2a3b:82ff:fe82:712b dev wlan0 table local proto kernel metric 0 pref medium
  244. local fe80::e89b:39ff:fe1f:17c1 dev eth0 table local proto kernel metric 0 pref medium
  245. ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
  246. ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
  247. ff00::/8 dev wwan0 table local proto kernel metric 256 pref medium
  248. ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
  249. 0: from all lookup local
  250. 32766: from all lookup main
  251. 32767: from all lookup default
  252. # Generated by iptables-save v1.8.3 on Sun Mar 7 14:05:07 2021
  253. *nat
  254. :PREROUTING ACCEPT [702:230199]
  255. :INPUT ACCEPT [202:16148]
  256. :OUTPUT ACCEPT [237:18119]
  257. :POSTROUTING ACCEPT [39:4522]
  258. :postrouting_lan_rule - [0:0]
  259. :postrouting_rule - [0:0]
  260. :postrouting_wan_rule - [0:0]
  261. :prerouting_lan_rule - [0:0]
  262. :prerouting_rule - [0:0]
  263. :prerouting_wan_rule - [0:0]
  264. :zone_lan_postrouting - [0:0]
  265. :zone_lan_prerouting - [0:0]
  266. :zone_wan_postrouting - [0:0]
  267. :zone_wan_prerouting - [0:0]
  268. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  269. -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  270. -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_wan_prerouting
  271. -A PREROUTING -i wwan0 -m comment --comment "!fw3" -j zone_wan_prerouting
  272. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  273. -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  274. -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_wan_postrouting
  275. -A POSTROUTING -o wwan0 -m comment --comment "!fw3" -j zone_wan_postrouting
  276. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  277. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  278. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  279. -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  280. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  281. COMMIT
  282. # Completed on Sun Mar 7 14:05:07 2021
  283. # Generated by iptables-save v1.8.3 on Sun Mar 7 14:05:07 2021
  284. *mangle
  285. :PREROUTING ACCEPT [48396:46131811]
  286. :INPUT ACCEPT [1382:187074]
  287. :FORWARD ACCEPT [46765:45773975]
  288. :OUTPUT ACCEPT [1359:226159]
  289. :POSTROUTING ACCEPT [48145:46026471]
  290. -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  291. -A FORWARD -i tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  292. -A FORWARD -o wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  293. -A FORWARD -i wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  294. COMMIT
  295. # Completed on Sun Mar 7 14:05:07 2021
  296. # Generated by iptables-save v1.8.3 on Sun Mar 7 14:05:07 2021
  297. *filter
  298. :INPUT ACCEPT [0:0]
  299. :FORWARD DROP [0:0]
  300. :OUTPUT ACCEPT [0:0]
  301. :forwarding_lan_rule - [0:0]
  302. :forwarding_rule - [0:0]
  303. :forwarding_wan_rule - [0:0]
  304. :input_lan_rule - [0:0]
  305. :input_rule - [0:0]
  306. :input_wan_rule - [0:0]
  307. :output_lan_rule - [0:0]
  308. :output_rule - [0:0]
  309. :output_wan_rule - [0:0]
  310. :reject - [0:0]
  311. :syn_flood - [0:0]
  312. :zone_lan_dest_ACCEPT - [0:0]
  313. :zone_lan_forward - [0:0]
  314. :zone_lan_input - [0:0]
  315. :zone_lan_output - [0:0]
  316. :zone_lan_src_ACCEPT - [0:0]
  317. :zone_wan_dest_ACCEPT - [0:0]
  318. :zone_wan_dest_REJECT - [0:0]
  319. :zone_wan_forward - [0:0]
  320. :zone_wan_input - [0:0]
  321. :zone_wan_output - [0:0]
  322. :zone_wan_src_REJECT - [0:0]
  323. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  324. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  325. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  326. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  327. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  328. -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_wan_input
  329. -A INPUT -i wwan0 -m comment --comment "!fw3" -j zone_wan_input
  330. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  331. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  332. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  333. -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_wan_forward
  334. -A FORWARD -i wwan0 -m comment --comment "!fw3" -j zone_wan_forward
  335. -A FORWARD -m comment --comment "!fw3" -j reject
  336. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  337. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  338. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  339. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  340. -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_wan_output
  341. -A OUTPUT -o wwan0 -m comment --comment "!fw3" -j zone_wan_output
  342. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  343. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  344. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  345. -A syn_flood -m comment --comment "!fw3" -j DROP
  346. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  347. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  348. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  349. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  350. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  351. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  352. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  353. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  354. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  355. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  356. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  357. -A zone_wan_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  358. -A zone_wan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
  359. -A zone_wan_dest_ACCEPT -o wwan0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  360. -A zone_wan_dest_ACCEPT -o wwan0 -m comment --comment "!fw3" -j ACCEPT
  361. -A zone_wan_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
  362. -A zone_wan_dest_REJECT -o wwan0 -m comment --comment "!fw3" -j reject
  363. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  364. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  365. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  366. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  367. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  368. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  369. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  370. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  371. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  372. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  373. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  374. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  375. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  376. -A zone_wan_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
  377. -A zone_wan_src_REJECT -i wwan0 -m comment --comment "!fw3" -j reject
  378. COMMIT
  379. # Completed on Sun Mar 7 14:05:07 2021
  380. ==> /etc/resolv.conf <==
  381. search lan
  382. nameserver 127.0.0.1
  383.  
  384. ==> /tmp/resolv.conf <==
  385. search lan
  386. nameserver 127.0.0.1
  387.  
  388. ==> /tmp/resolv.conf.auto <==
  389. # Interface lan
  390. nameserver 8.8.8.8
  391. nameserver 8.8.4.4
  392. nameserver 1.1.1.1
  393. # Interface wwan_4
  394. nameserver 213.131.66.246
  395. nameserver 213.131.65.20
  396. head: /tmp/resolv.*/*: No such file or directory
  397.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!