API tools faq
paste
Advertisement
spacemanspiff

iptables asus

spacemanspiff
Apr 16th, 2025
57
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.64 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.4.15 on Thu Apr 17 15:31:59 2025
  2. *raw
  3. :PREROUTING ACCEPT [48110:11042834]
  4. :OUTPUT ACCEPT [24595:14286242]
  5. COMMIT
  6. # Completed on Thu Apr 17 15:31:59 2025
  7. # Generated by iptables-save v1.4.15 on Thu Apr 17 15:31:59 2025
  8. *nat
  9. :PREROUTING ACCEPT [5287:592911]
  10. :INPUT ACCEPT [2547:160379]
  11. :OUTPUT ACCEPT [103:18632]
  12. :POSTROUTING ACCEPT [217:17928]
  13. :DNSFILTER - [0:0]
  14. :GAME_VSERVER - [0:0]
  15. :LOCALSRV - [0:0]
  16. :MAPE - [0:0]
  17. :PCREDIRECT - [0:0]
  18. :PUPNP - [0:0]
  19. :VSERVER - [0:0]
  20. :VUPNP - [0:0]
  21. [0:0] -A PREROUTING -p udp -m udp --dport 1194 -j ACCEPT
  22. [945:51413] -A PREROUTING -d 119.224.63.27/32 -j GAME_VSERVER
  23. [945:51413] -A PREROUTING -d 119.224.63.27/32 -j VSERVER
  24. [2551:426091] -A POSTROUTING -o vlan10 -j PUPNP
  25. [0:0] -A POSTROUTING -m policy --dir out --pol ipsec -j ACCEPT
  26. [2489:420838] -A POSTROUTING ! -s 119.224.63.27/32 -o vlan10 -j MASQUERADE
  27. [32:7937] -A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MASQUERADE
  28. [0:0] -A VSERVER -p tcp -m tcp --dport 2xxxx -j DNAT --to-destination 192.168.1.4:2xxxx
  29. [0:0] -A VSERVER -p udp -m udp --dport 2xxxx -j DNAT --to-destination 192.168.1.4:2xxxx
  30. [0:0] -A VSERVER -p tcp -m tcp --dport 2xxxx -j DNAT --to-destination 192.168.1.4:2xxxx
  31. [0:0] -A VSERVER -p udp -m udp --dport 2xxxx -j DNAT --to-destination 192.168.1.4:2xxxx
  32. [0:0] -A VSERVER -p tcp -m tcp --dport 5xxxx -j DNAT --to-destination 192.168.1.3:5xxxx
  33. [0:0] -A VSERVER -p udp -m udp --dport 5xxxx -j DNAT --to-destination 192.168.1.3:5xxxx
  34. [0:0] -A VSERVER -p tcp -m tcp --dport 4xxxx -j DNAT --to-destination 192.168.1.4:4xxxx
  35. [0:0] -A VSERVER -p udp -m udp --dport 4xxxx -j DNAT --to-destination 192.168.1.4:4xxxx
  36. [0:0] -A VSERVER -p tcp -m tcp --dport 2xxxx -j DNAT --to-destination 192.168.1.3:2xxxx
  37. [0:0] -A VSERVER -p udp -m udp --dport 2xxxx -j DNAT --to-destination 192.168.1.3:2xxxx
  38. [0:0] -A VSERVER -p tcp -m tcp --dport 2xxxx -j DNAT --to-destination 192.168.1.3:2xxxx
  39. [0:0] -A VSERVER -p udp -m udp --dport 2xxxx -j DNAT --to-destination 192.168.1.3:2xxxx
  40. [0:0] -A VSERVER -p tcp -m tcp --dport 1xxxx -j DNAT --to-destination 192.168.1.4:1xxxx
  41. [0:0] -A VSERVER -p udp -m udp --dport 1xxxx -j DNAT --to-destination 192.168.1.4:1xxxx
  42. [4:200] -A VSERVER -p tcp -m tcp --dport 10xx:11xxx -j DNAT --to-destination 192.168.1.250
  43. [0:0] -A VSERVER -p udp -m udp --dport 10xxx:11xxx -j DNAT --to-destination 192.168.1.250
  44. [0:0] -A VSERVER -p tcp -m tcp --dport 3xxxx -j DNAT --to-destination 192.168.1.3:3xxxx
  45. [0:0] -A VSERVER -p udp -m udp --dport 3xxxx -j DNAT --to-destination 192.168.1.3:3xxxx
  46. [20:864] -A VSERVER -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.3
  47. [19:776] -A VSERVER -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.3
  48. [96:4997] -A VSERVER -p tcp -m tcp --dport xxxx -j DNAT --to-destination 192.168.1.3
  49. [806:44576] -A VSERVER -j VUPNP
  50. COMMIT
  51. # Completed on Thu Apr 17 15:31:59 2025
  52. # Generated by iptables-save v1.4.15 on Thu Apr 17 15:31:59 2025
  53. *mangle
  54. :PREROUTING ACCEPT [36914:8310623]
  55. :INPUT ACCEPT [13454:3496649]
  56. :FORWARD ACCEPT [23216:4802676]
  57. :OUTPUT ACCEPT [19668:12222218]
  58. :POSTROUTING ACCEPT [42806:17027820]
  59. [0:0] -A FORWARD -p tcp -m policy --dir in --pol ipsec -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
  60. [0:0] -A FORWARD -p tcp -m policy --dir out --pol ipsec -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
  61. COMMIT
  62. # Completed on Thu Apr 17 15:31:59 2025
  63. # Generated by iptables-save v1.4.15 on Thu Apr 17 15:31:59 2025
  64. *filter
  65. :INPUT ACCEPT [13453:3496066]
  66. :FORWARD ACCEPT [7490:1043260]
  67. :OUTPUT ACCEPT [19643:12219662]
  68. :ACCESS_RESTRICTION - [0:0]
  69. :DNSFILTER_DOT - [0:0]
  70. :FUPNP - [0:0]
  71. :IControls - [0:0]
  72. :INPUT_ICMP - [0:0]
  73. :INPUT_PING - [0:0]
  74. :IPSEC_DROP_SUBNET_ICMP - [0:0]
  75. :IPSEC_STRONGSWAN - [0:0]
  76. :OUTPUT_DNS - [0:0]
  77. :OUTPUT_IP - [0:0]
  78. :OVPNCF - [0:0]
  79. :OVPNCI - [0:0]
  80. :OVPNSF - [0:0]
  81. :OVPNSI - [0:0]
  82. :PControls - [0:0]
  83. :PTCSRVLAN - [0:0]
  84. :PTCSRVWAN - [0:0]
  85. :SECURITY - [0:0]
  86. :VPNCF - [0:0]
  87. :VPNCI - [0:0]
  88. :WGCF - [0:0]
  89. :WGCI - [0:0]
  90. :WGNPControls - [0:0]
  91. :WGSF - [0:0]
  92. :WGSI - [0:0]
  93. :default_block - [0:0]
  94. :logaccept - [0:0]
  95. :logdrop - [0:0]
  96. :logdrop_dns - [0:0]
  97. :logdrop_ip - [0:0]
  98. [23218:4802768] -A FORWARD -j IPSEC_DROP_SUBNET_ICMP
  99. [23218:4802768] -A FORWARD -j IPSEC_STRONGSWAN
  100. [15420:3745084] -A FORWARD -m state --state RELATED,ESTABLISHED -j logaccept
  101. [0:0] -A FORWARD -m policy --dir in --pol ipsec -j ACCEPT
  102. [7798:1057684] -A FORWARD -j WGSF
  103. [7798:1057684] -A FORWARD -j OVPNSF
  104. [0:0] -A FORWARD ! -i br0 -o vlan10 -j DROP
  105. [8:416] -A FORWARD -i br0 -o br0 -j logaccept
  106. [117:4791] -A FORWARD -m state --state INVALID -j DROP
  107. [131:6421] -A FORWARD -m conntrack --ctstate DNAT -j logaccept
  108. [7490:1043260] -A FORWARD -j WGCF
  109. [7490:1043260] -A FORWARD -j OVPNCF
  110. [7490:1043260] -A FORWARD -j VPNCF
  111. [55:3977] -A OUTPUT -p udp -m udp --dport 53 -m u32 --u32 "0x0>>0x16&0x3c@0x8>>0xf&0x1=0x0" -j OUTPUT_DNS
  112. [0:0] -A OUTPUT -p tcp -m tcp --dport 53 -m u32 --u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x8>>0xf&0x1=0x0" -j OUTPUT_DNS
  113. [19643:12219662] -A OUTPUT -j OUTPUT_IP
  114. [0:0] -A OUTPUT_DNS -m string --hex-string "|10706f697579747975696f706b6a666e6603636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  115. [0:0] -A OUTPUT_DNS -m string --hex-string "|0d72666a656a6e666a6e65666a6503636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  116. [0:0] -A OUTPUT_DNS -m string --hex-string "|1131306166646d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  117. [0:0] -A OUTPUT_DNS -m string --hex-string "|0f376d667364666173646d6b676d726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  118. [0:0] -A OUTPUT_DNS -m string --hex-string "|0d386d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  119. [0:0] -A OUTPUT_DNS -m string --hex-string "|0f3966646d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  120. [0:0] -A OUTPUT_DNS -m string --hex-string "|1265666274686d6f6975796b6d6b6a6b6a677403636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  121. [0:0] -A OUTPUT_DNS -m string --hex-string "|086861636b7563647403636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  122. [0:0] -A OUTPUT_DNS -m string --hex-string "|076c696e77756469056633333232036e657400|" --algo bm --to 65535 --icase -j logdrop_dns
  123. [0:0] -A OUTPUT_DNS -m string --hex-string "|0f6c6b6a68676664736174727975696f03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  124. [0:0] -A OUTPUT_DNS -m string --hex-string "|0b6d6e627663787a7a7a313203636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  125. [0:0] -A OUTPUT_DNS -m string --hex-string "|077131313133333303746f7000|" --algo bm --to 65535 --icase -j logdrop_dns
  126. [0:0] -A OUTPUT_DNS -m string --hex-string "|057371353230056633333232036e657400|" --algo bm --to 65535 --icase -j logdrop_dns
  127. [0:0] -A OUTPUT_DNS -m string --hex-string "|077563746b6f6e6503636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  128. [0:0] -A OUTPUT_DNS -m string --hex-string "|0e7a786376626d6e6e666a6a66777103636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  129. [0:0] -A OUTPUT_DNS -m string --hex-string "|0a65756d6d6167766e627003636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
  130. [0:0] -A OUTPUT_IP -d 193.201.224.0/24 -j logdrop_ip
  131. [0:0] -A OUTPUT_IP -d 51.15.120.245/32 -j logdrop_ip
  132. [0:0] -A OUTPUT_IP -d 45.33.73.134/32 -j logdrop_ip
  133. [0:0] -A OUTPUT_IP -d 190.115.18.28/32 -j logdrop_ip
  134. [0:0] -A OUTPUT_IP -d 51.159.52.250/32 -j logdrop_ip
  135. [0:0] -A OUTPUT_IP -d 190.115.18.86/32 -j logdrop_ip
  136. [52:2796] -A OVPNSF -o tun21 -j ACCEPT
  137. [0:0] -A OVPNSF -i tun21 -j ACCEPT
  138. [0:0] -A OVPNSI -i tun21 -j ACCEPT
  139. [0:0] -A OVPNSI -p udp -m udp --dport 1194 -j ACCEPT
  140. [0:0] -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
  141. [0:0] -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
  142. [0:0] -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
  143. [0:0] -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
  144. [0:0] -A SECURITY -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN
  145. [0:0] -A SECURITY -p icmp -m icmp --icmp-type 8 -j DROP
  146. [0:0] -A SECURITY -j RETURN
  147. [139:6837] -A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
  148. [15559:3751921] -A logaccept -j ACCEPT
  149. [0:0] -A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
  150. [0:0] -A logdrop -j DROP
  151. [0:0] -A logdrop_dns -j LOG --log-prefix "DROP_DNS " --log-tcp-sequence --log-tcp-options --log-ip-options
  152. [0:0] -A logdrop_dns -j DROP
  153. [0:0] -A logdrop_ip -j LOG --log-prefix "DROP_IP " --log-tcp-sequence --log-tcp-options --log-ip-options
  154. [0:0] -A logdrop_ip -j DROP
  155. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!