API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 5th, 2018
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.18 KB | None | 0 0
raw download clone embed print report
  1. root@OpenWrt:~# ifconfig
  2. br-lan Link encap:Ethernet HWaddr 62:38:E0:C5:45:B0
  3. inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
  4. inet6 addr: fe80::6038:e0ff:fec5:45b0/64 Scope:Link
  5. inet6 addr: fdac:c12c:403b::1/60 Scope:Global
  6. inet6 addr: 2a02:908:13cb:2b20::1/60 Scope:Global
  7. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  8. RX packets:1089 errors:0 dropped:0 overruns:0 frame:0
  9. TX packets:738 errors:0 dropped:0 overruns:0 carrier:0
  10. collisions:0 txqueuelen:1000
  11. RX bytes:155570 (151.9 KiB) TX bytes:332999 (325.1 KiB)
  12.  
  13. ds-wan6_4 Link encap:UNSPEC HWaddr 2A-02-09-08-13-00-00-0C-00-00-00-00-00-00-00-00
  14. inet addr:192.0.0.2 P-t-P:192.0.0.1 Mask:255.255.255.255
  15. inet6 addr: fe80::90b4:23ff:fe1c:5cf7/64 Scope:Link
  16. UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
  17. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  18. TX packets:82 errors:1 dropped:0 overruns:0 carrier:1
  19. collisions:0 txqueuelen:1000
  20. RX bytes:0 (0.0 B) TX bytes:4844 (4.7 KiB)
  21.  
  22. eth0 Link encap:Ethernet HWaddr 62:38:E0:C5:45:B0
  23. inet6 addr: fe80::6038:e0ff:fec5:45b0/64 Scope:Link
  24. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  25. RX packets:1117 errors:0 dropped:0 overruns:0 frame:0
  26. TX packets:770 errors:0 dropped:0 overruns:0 carrier:0
  27. collisions:0 txqueuelen:532
  28. RX bytes:179046 (174.8 KiB) TX bytes:339972 (332.0 KiB)
  29. Interrupt:37
  30.  
  31. eth0.1 Link encap:Ethernet HWaddr 62:38:E0:C5:45:B0
  32. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  33. RX packets:1089 errors:0 dropped:0 overruns:0 frame:0
  34. TX packets:738 errors:0 dropped:0 overruns:0 carrier:0
  35. collisions:0 txqueuelen:1000
  36. RX bytes:155570 (151.9 KiB) TX bytes:332999 (325.1 KiB)
  37.  
  38. eth1 Link encap:Ethernet HWaddr 60:38:E0:C5:45:B0
  39. inet6 addr: fe80::6238:e0ff:fec5:45b0/64 Scope:Link
  40. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  41. RX packets:4048 errors:0 dropped:0 overruns:0 frame:0
  42. TX packets:185 errors:0 dropped:0 overruns:0 carrier:0
  43. collisions:0 txqueuelen:532
  44. RX bytes:312175 (304.8 KiB) TX bytes:29166 (28.4 KiB)
  45. Interrupt:36
  46.  
  47. eth1.2 Link encap:Ethernet HWaddr 60:38:E0:C5:45:B0
  48. inet6 addr: 2a02:908:1300:c:8c05:629e:9964:19f4/128 Scope:Global
  49. inet6 addr: fe80::6238:e0ff:fec5:45b0/64 Scope:Link
  50. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  51. RX packets:4043 errors:0 dropped:0 overruns:0 frame:0
  52. TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
  53. collisions:0 txqueuelen:1000
  54. RX bytes:239011 (233.4 KiB) TX bytes:27848 (27.1 KiB)
  55.  
  56. lo Link encap:Local Loopback
  57. inet addr:127.0.0.1 Mask:255.0.0.0
  58. inet6 addr: ::1/128 Scope:Host
  59. UP LOOPBACK RUNNING MTU:65536 Metric:1
  60. RX packets:144 errors:0 dropped:0 overruns:0 frame:0
  61. TX packets:144 errors:0 dropped:0 overruns:0 carrier:0
  62. collisions:0 txqueuelen:1000
  63. RX bytes:13570 (13.2 KiB) TX bytes:13570 (13.2 KiB)
  64. root@OpenWrt:~# ifstatus wan6_4
  65. {
  66. "up": true,
  67. "pending": false,
  68. "available": true,
  69. "autostart": true,
  70. "dynamic": true,
  71. "uptime": 96,
  72. "l3_device": "ds-wan6_4",
  73. "proto": "dslite",
  74. "updated": [
  75. "addresses",
  76. "routes",
  77. "data"
  78. ],
  79. "metric": 0,
  80. "dns_metric": 0,
  81. "delegation": true,
  82. "ipv4-address": [
  83. {
  84. "address": "192.0.0.2",
  85. "mask": 32,
  86. "ptpaddress": "192.0.0.1"
  87. }
  88. ],
  89. "ipv6-address": [
  90.  
  91. ],
  92. "ipv6-prefix": [
  93.  
  94. ],
  95. "ipv6-prefix-assignment": [
  96.  
  97. ],
  98. "route": [
  99. {
  100. "target": "0.0.0.0",
  101. "mask": 0,
  102. "nexthop": "0.0.0.0",
  103. "source": "0.0.0.0\/0"
  104. }
  105. ],
  106. "dns-server": [
  107.  
  108. ],
  109. "dns-search": [
  110.  
  111. ],
  112. "inactive": {
  113. "ipv4-address": [
  114.  
  115. ],
  116. "ipv6-address": [
  117.  
  118. ],
  119. "route": [
  120.  
  121. ],
  122. "dns-server": [
  123.  
  124. ],
  125. "dns-search": [
  126.  
  127. ]
  128. },
  129. "data": {
  130. "firewall": [
  131. {
  132. "type": "nat",
  133. "target": "ACCEPT"
  134. }
  135. ],
  136. "zone": "wan"
  137. }
  138. }
  139. root@OpenWrt:~# iptables -t filter -L -vn
  140. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  141. pkts bytes target prot opt in out source destination
  142. 136 12970 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  143. 681 82271 input_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom input rule chain */
  144. 536 44710 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  145. 7 364 syn_flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 /* !fw3 */
  146. 130 32536 zone_lan_input all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  147. 15 5025 zone_wan_input all -- eth1.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  148. 0 0 zone_wan_input all -- ds-wan6_4 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  149.  
  150. Chain FORWARD (policy DROP 0 packets, 0 bytes)
  151. pkts bytes target prot opt in out source destination
  152. 73 3940 forwarding_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom forwarding rule chain */
  153. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  154. 69 3756 zone_lan_forward all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  155. 4 184 zone_wan_forward all -- eth1.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  156. 0 0 zone_wan_forward all -- ds-wan6_4 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  157. 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  158.  
  159. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  160. pkts bytes target prot opt in out source destination
  161. 136 12970 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  162. 675 290K output_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom output rule chain */
  163. 651 287K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  164. 4 1052 zone_lan_output all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  165. 0 0 zone_wan_output all -- * eth1.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  166. 20 1520 zone_wan_output all -- * ds-wan6_4 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  167.  
  168. Chain forwarding_lan_rule (1 references)
  169. pkts bytes target prot opt in out source destination
  170.  
  171. Chain forwarding_rule (1 references)
  172. pkts bytes target prot opt in out source destination
  173.  
  174. Chain forwarding_wan_rule (1 references)
  175. pkts bytes target prot opt in out source destination
  176.  
  177. Chain input_lan_rule (1 references)
  178. pkts bytes target prot opt in out source destination
  179.  
  180. Chain input_rule (1 references)
  181. pkts bytes target prot opt in out source destination
  182.  
  183. Chain input_wan_rule (1 references)
  184. pkts bytes target prot opt in out source destination
  185.  
  186. Chain output_lan_rule (1 references)
  187. pkts bytes target prot opt in out source destination
  188.  
  189. Chain output_rule (1 references)
  190. pkts bytes target prot opt in out source destination
  191.  
  192. Chain output_wan_rule (1 references)
  193. pkts bytes target prot opt in out source destination
  194.  
  195. Chain reject (5 references)
  196. pkts bytes target prot opt in out source destination
  197. 4 184 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */ reject-with tcp-reset
  198. 10 3080 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */ reject-with icmp-port-unreachable
  199.  
  200. Chain syn_flood (1 references)
  201. pkts bytes target prot opt in out source destination
  202. 7 364 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50 /* !fw3 */
  203. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  204.  
  205. Chain zone_lan_dest_ACCEPT (4 references)
  206. pkts bytes target prot opt in out source destination
  207. 4 1052 ACCEPT all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  208.  
  209. Chain zone_lan_forward (1 references)
  210. pkts bytes target prot opt in out source destination
  211. 69 3756 forwarding_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan forwarding rule chain */
  212. 69 3756 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Zone lan to wan forwarding policy */
  213. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
  214. 0 0 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  215.  
  216. Chain zone_lan_input (1 references)
  217. pkts bytes target prot opt in out source destination
  218. 130 32536 input_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan input rule chain */
  219. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
  220. 130 32536 zone_lan_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  221.  
  222. Chain zone_lan_output (1 references)
  223. pkts bytes target prot opt in out source destination
  224. 4 1052 output_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan output rule chain */
  225. 4 1052 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  226.  
  227. Chain zone_lan_src_ACCEPT (1 references)
  228. pkts bytes target prot opt in out source destination
  229. 130 32536 ACCEPT all -- br-lan * 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED /* !fw3 */
  230.  
  231. Chain zone_wan_dest_ACCEPT (2 references)
  232. pkts bytes target prot opt in out source destination
  233. 0 0 DROP all -- * eth1.2 0.0.0.0/0 0.0.0.0/0 ctstate INVALID /* !fw3: Prevent NAT leakage */
  234. 0 0 ACCEPT all -- * eth1.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  235. 0 0 DROP all -- * ds-wan6_4 0.0.0.0/0 0.0.0.0/0 ctstate INVALID /* !fw3: Prevent NAT leakage */
  236. 89 5276 ACCEPT all -- * ds-wan6_4 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  237.  
  238. Chain zone_wan_dest_REJECT (1 references)
  239. pkts bytes target prot opt in out source destination
  240. 0 0 reject all -- * eth1.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  241. 4 184 reject all -- * ds-wan6_4 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  242.  
  243. Chain zone_wan_forward (2 references)
  244. pkts bytes target prot opt in out source destination
  245. 4 184 forwarding_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan forwarding rule chain */
  246. 0 0 zone_lan_dest_ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Allow-IPSec-ESP */
  247. 0 0 zone_lan_dest_ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 /* !fw3: Allow-ISAKMP */
  248. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
  249. 4 184 zone_wan_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  250.  
  251. Chain zone_wan_input (2 references)
  252. pkts bytes target prot opt in out source destination
  253. 15 5025 input_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan input rule chain */
  254. 5 1945 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 /* !fw3: Allow-DHCP-Renew */
  255. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* !fw3: Allow-Ping */
  256. 0 0 ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Allow-IGMP */
  257. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
  258. 10 3080 zone_wan_src_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  259.  
  260. Chain zone_wan_output (2 references)
  261. pkts bytes target prot opt in out source destination
  262. 20 1520 output_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan output rule chain */
  263. 20 1520 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  264.  
  265. Chain zone_wan_src_REJECT (1 references)
  266. pkts bytes target prot opt in out source destination
  267. 10 3080 reject all -- eth1.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  268. 0 0 reject all -- ds-wan6_4 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  269. root@OpenWrt:~# iptables -t nat -L -vn
  270. Chain PREROUTING (policy ACCEPT 180 packets, 37042 bytes)
  271. pkts bytes target prot opt in out source destination
  272. 180 37042 prerouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom prerouting rule chain */
  273. 174 36441 zone_lan_prerouting all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  274. 6 601 zone_wan_prerouting all -- eth1.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  275. 0 0 zone_wan_prerouting all -- ds-wan6_4 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  276.  
  277. Chain INPUT (policy ACCEPT 12 packets, 1043 bytes)
  278. pkts bytes target prot opt in out source destination
  279.  
  280. Chain OUTPUT (policy ACCEPT 50 packets, 4086 bytes)
  281. pkts bytes target prot opt in out source destination
  282.  
  283. Chain POSTROUTING (policy ACCEPT 30 packets, 2566 bytes)
  284. pkts bytes target prot opt in out source destination
  285. 73 5230 postrouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom postrouting rule chain */
  286. 43 2664 ACCEPT all -- * ds-wan6_4 0.0.0.0/0 0.0.0.0/0 /* !fw3: ubus:wan6_4[dslite] nat 0 */
  287. 3 714 zone_lan_postrouting all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  288. 0 0 zone_wan_postrouting all -- * eth1.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  289. 0 0 zone_wan_postrouting all -- * ds-wan6_4 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  290.  
  291. Chain postrouting_lan_rule (1 references)
  292. pkts bytes target prot opt in out source destination
  293.  
  294. Chain postrouting_rule (1 references)
  295. pkts bytes target prot opt in out source destination
  296.  
  297. Chain postrouting_wan_rule (1 references)
  298. pkts bytes target prot opt in out source destination
  299.  
  300. Chain prerouting_lan_rule (1 references)
  301. pkts bytes target prot opt in out source destination
  302.  
  303. Chain prerouting_rule (1 references)
  304. pkts bytes target prot opt in out source destination
  305.  
  306. Chain prerouting_wan_rule (1 references)
  307. pkts bytes target prot opt in out source destination
  308.  
  309. Chain zone_lan_postrouting (1 references)
  310. pkts bytes target prot opt in out source destination
  311. 3 714 postrouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan postrouting rule chain */
  312.  
  313. Chain zone_lan_prerouting (1 references)
  314. pkts bytes target prot opt in out source destination
  315. 174 36441 prerouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan prerouting rule chain */
  316.  
  317. Chain zone_wan_postrouting (2 references)
  318. pkts bytes target prot opt in out source destination
  319. 0 0 postrouting_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan postrouting rule chain */
  320. 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  321.  
  322. Chain zone_wan_prerouting (2 references)
  323. pkts bytes target prot opt in out source destination
  324. 6 601 prerouting_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan prerouting rule chain */
  325. root@OpenWrt:~# ip6tables -t filter -L -vn
  326. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  327. pkts bytes target prot opt in out source destination
  328. 0 0 ACCEPT all lo * ::/0 ::/0 /* !fw3 */
  329. 251 30957 input_rule all * * ::/0 ::/0 /* !fw3: Custom input rule chain */
  330. 146 23593 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  331. 0 0 syn_flood tcp * * ::/0 ::/0 tcp flags:0x17/0x02 /* !fw3 */
  332. 47 3732 zone_lan_input all br-lan * ::/0 ::/0 /* !fw3 */
  333. 58 3632 zone_wan_input all eth1.2 * ::/0 ::/0 /* !fw3 */
  334. 0 0 zone_wan_input all ds-wan6_4 * ::/0 ::/0 /* !fw3 */
  335.  
  336. Chain FORWARD (policy DROP 0 packets, 0 bytes)
  337. pkts bytes target prot opt in out source destination
  338. 80 47959 forwarding_rule all * * ::/0 ::/0 /* !fw3: Custom forwarding rule chain */
  339. 77 47736 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  340. 1 72 zone_lan_forward all br-lan * ::/0 ::/0 /* !fw3 */
  341. 2 151 zone_wan_forward all eth1.2 * ::/0 ::/0 /* !fw3 */
  342. 0 0 zone_wan_forward all ds-wan6_4 * ::/0 ::/0 /* !fw3 */
  343. 2 151 reject all * * ::/0 ::/0 /* !fw3 */
  344.  
  345. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  346. pkts bytes target prot opt in out source destination
  347. 0 0 ACCEPT all * lo ::/0 ::/0 /* !fw3 */
  348. 197 20925 output_rule all * * ::/0 ::/0 /* !fw3: Custom output rule chain */
  349. 32 4709 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  350. 18 1432 zone_lan_output all * br-lan ::/0 ::/0 /* !fw3 */
  351. 147 14784 zone_wan_output all * eth1.2 ::/0 ::/0 /* !fw3 */
  352. 0 0 zone_wan_output all * ds-wan6_4 ::/0 ::/0 /* !fw3 */
  353.  
  354. Chain forwarding_lan_rule (1 references)
  355. pkts bytes target prot opt in out source destination
  356.  
  357. Chain forwarding_rule (1 references)
  358. pkts bytes target prot opt in out source destination
  359.  
  360. Chain forwarding_wan_rule (1 references)
  361. pkts bytes target prot opt in out source destination
  362.  
  363. Chain input_lan_rule (1 references)
  364. pkts bytes target prot opt in out source destination
  365.  
  366. Chain input_rule (1 references)
  367. pkts bytes target prot opt in out source destination
  368.  
  369. Chain input_wan_rule (1 references)
  370. pkts bytes target prot opt in out source destination
  371.  
  372. Chain output_lan_rule (1 references)
  373. pkts bytes target prot opt in out source destination
  374.  
  375. Chain output_rule (1 references)
  376. pkts bytes target prot opt in out source destination
  377.  
  378. Chain output_wan_rule (1 references)
  379. pkts bytes target prot opt in out source destination
  380.  
  381. Chain reject (5 references)
  382. pkts bytes target prot opt in out source destination
  383. 2 151 REJECT tcp * * ::/0 ::/0 /* !fw3 */ reject-with tcp-reset
  384. 0 0 REJECT all * * ::/0 ::/0 /* !fw3 */ reject-with icmp6-port-unreachable
  385.  
  386. Chain syn_flood (1 references)
  387. pkts bytes target prot opt in out source destination
  388. 0 0 RETURN tcp * * ::/0 ::/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50 /* !fw3 */
  389. 0 0 DROP all * * ::/0 ::/0 /* !fw3 */
  390.  
  391. Chain zone_lan_dest_ACCEPT (4 references)
  392. pkts bytes target prot opt in out source destination
  393. 18 1432 ACCEPT all * br-lan ::/0 ::/0 /* !fw3 */
  394.  
  395. Chain zone_lan_forward (1 references)
  396. pkts bytes target prot opt in out source destination
  397. 1 72 forwarding_lan_rule all * * ::/0 ::/0 /* !fw3: Custom lan forwarding rule chain */
  398. 1 72 zone_wan_dest_ACCEPT all * * ::/0 ::/0 /* !fw3: Zone lan to wan forwarding policy */
  399. 0 0 zone_lan_dest_ACCEPT all * * ::/0 ::/0 /* !fw3 */
  400.  
  401. Chain zone_lan_input (1 references)
  402. pkts bytes target prot opt in out source destination
  403. 47 3732 input_lan_rule all * * ::/0 ::/0 /* !fw3: Custom lan input rule chain */
  404. 47 3732 zone_lan_src_ACCEPT all * * ::/0 ::/0 /* !fw3 */
  405.  
  406. Chain zone_lan_output (1 references)
  407. pkts bytes target prot opt in out source destination
  408. 18 1432 output_lan_rule all * * ::/0 ::/0 /* !fw3: Custom lan output rule chain */
  409. 18 1432 zone_lan_dest_ACCEPT all * * ::/0 ::/0 /* !fw3 */
  410.  
  411. Chain zone_lan_src_ACCEPT (1 references)
  412. pkts bytes target prot opt in out source destination
  413. 47 3732 ACCEPT all br-lan * ::/0 ::/0 ctstate NEW,UNTRACKED /* !fw3 */
  414.  
  415. Chain zone_wan_dest_ACCEPT (2 references)
  416. pkts bytes target prot opt in out source destination
  417. 1 60 DROP all * eth1.2 ::/0 ::/0 ctstate INVALID /* !fw3: Prevent NAT leakage */
  418. 147 14796 ACCEPT all * eth1.2 ::/0 ::/0 /* !fw3 */
  419. 0 0 DROP all * ds-wan6_4 ::/0 ::/0 ctstate INVALID /* !fw3: Prevent NAT leakage */
  420. 0 0 ACCEPT all * ds-wan6_4 ::/0 ::/0 /* !fw3 */
  421.  
  422. Chain zone_wan_dest_REJECT (1 references)
  423. pkts bytes target prot opt in out source destination
  424. 0 0 reject all * eth1.2 ::/0 ::/0 /* !fw3 */
  425. 0 0 reject all * ds-wan6_4 ::/0 ::/0 /* !fw3 */
  426.  
  427. Chain zone_wan_forward (2 references)
  428. pkts bytes target prot opt in out source destination
  429. 2 151 forwarding_wan_rule all * * ::/0 ::/0 /* !fw3: Custom wan forwarding rule chain */
  430. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
  431. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
  432. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
  433. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
  434. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
  435. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 0 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
  436. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 1 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Forward */
  437. 0 0 zone_lan_dest_ACCEPT esp * * ::/0 ::/0 /* !fw3: Allow-IPSec-ESP */
  438. 0 0 zone_lan_dest_ACCEPT udp * * ::/0 ::/0 udp dpt:500 /* !fw3: Allow-ISAKMP */
  439. 2 151 zone_wan_dest_REJECT all * * ::/0 ::/0 /* !fw3 */
  440.  
  441. Chain zone_wan_input (2 references)
  442. pkts bytes target prot opt in out source destination
  443. 58 3632 input_wan_rule all * * ::/0 ::/0 /* !fw3: Custom wan input rule chain */
  444. 0 0 ACCEPT udp * * fc00::/6 fc00::/6 udp dpt:546 /* !fw3: Allow-DHCPv6 */
  445. 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130 code 0 /* !fw3: Allow-MLD */
  446. 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131 code 0 /* !fw3: Allow-MLD */
  447. 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132 code 0 /* !fw3: Allow-MLD */
  448. 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143 code 0 /* !fw3: Allow-MLD */
  449. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  450. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  451. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  452. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  453. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  454. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 0 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  455. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 code 1 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  456. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  457. 24 1728 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  458. 34 1904 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  459. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 limit: avg 1000/sec burst 5 /* !fw3: Allow-ICMPv6-Input */
  460. 0 0 zone_wan_src_REJECT all * * ::/0 ::/0 /* !fw3 */
  461.  
  462. Chain zone_wan_output (2 references)
  463. pkts bytes target prot opt in out source destination
  464. 147 14784 output_wan_rule all * * ::/0 ::/0 /* !fw3: Custom wan output rule chain */
  465. 147 14784 zone_wan_dest_ACCEPT all * * ::/0 ::/0 /* !fw3 */
  466.  
  467. Chain zone_wan_src_REJECT (1 references)
  468. pkts bytes target prot opt in out source destination
  469. 0 0 reject all eth1.2 * ::/0 ::/0 /* !fw3 */
  470. 0 0 reject all ds-wan6_4 * ::/0 ::/0 /* !fw3 */
  471. root@OpenWrt:~# ip route show
  472. default dev ds-wan6_4 scope link
  473. 192.0.0.1 dev ds-wan6_4 scope link src 192.0.0.2
  474. 192.168.1.0/24 dev br-lan scope link src 192.168.1.1
  475. root@OpenWrt:~# ip addr show
  476. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
  477. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  478. inet 127.0.0.1/8 scope host lo
  479. valid_lft forever preferred_lft forever
  480. inet6 ::1/128 scope host
  481. valid_lft forever preferred_lft forever
  482. 2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 532
  483. link/ether 60:38:e0:c5:45:b0 brd ff:ff:ff:ff:ff:ff
  484. inet6 fe80::6238:e0ff:fec5:45b0/64 scope link
  485. valid_lft forever preferred_lft forever
  486. 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 532
  487. link/ether 62:38:e0:c5:45:b0 brd ff:ff:ff:ff:ff:ff
  488. inet6 fe80::6038:e0ff:fec5:45b0/64 scope link
  489. valid_lft forever preferred_lft forever
  490. 5: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN qlen 1000
  491. link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
  492. 6: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  493. link/ether 60:38:e0:c5:45:b2 brd ff:ff:ff:ff:ff:ff
  494. 7: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  495. link/ether 60:38:e0:c5:45:b1 brd ff:ff:ff:ff:ff:ff
  496. 8: mlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  497. link/ether 60:38:e0:c5:45:b3 brd ff:ff:ff:ff:ff:ff
  498. 9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
  499. link/ether 62:38:e0:c5:45:b0 brd ff:ff:ff:ff:ff:ff
  500. inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
  501. valid_lft forever preferred_lft forever
  502. inet6 2a02:908:13cb:2b20::1/60 scope global dynamic
  503. valid_lft 1209338sec preferred_lft 604538sec
  504. inet6 fdac:c12c:403b::1/60 scope global
  505. valid_lft forever preferred_lft forever
  506. inet6 fe80::6038:e0ff:fec5:45b0/64 scope link
  507. valid_lft forever preferred_lft forever
  508. 10: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
  509. link/ether 62:38:e0:c5:45:b0 brd ff:ff:ff:ff:ff:ff
  510. 11: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
  511. link/ether 60:38:e0:c5:45:b0 brd ff:ff:ff:ff:ff:ff
  512. inet6 2a02:908:1300:c:8c05:629e:9964:19f4/128 scope global dynamic
  513. valid_lft 1209338sec preferred_lft 604538sec
  514. inet6 fe80::6238:e0ff:fec5:45b0/64 scope link
  515. valid_lft forever preferred_lft forever
  516. 12: ds-wan6_4@eth1.2: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN qlen 1000
  517. link/tunnel6 2a:02:09:08:13:00:00:0c:8c:05:62:9e:99:64:19:f4 peer 2a:02:09:08:00:00:00:00:00:00:00:00:00:13:40:00
  518. inet 192.0.0.2 peer 192.0.0.1/32 brd 255.255.255.255 scope global ds-wan6_4
  519. valid_lft forever preferred_lft forever
  520. inet6 fe80::90b4:23ff:fe1c:5cf7/64 scope link
  521. valid_lft forever preferred_lft forever
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!