iptables -L -vn

1. ASUSWRT-Merlin GT-AXE16000 388.1_beta1 Sat Nov 5 23:17:54 UTC 2022
2. jon@GT-AXE16000-A230:/tmp/home/root# iptables -L -vn
3. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
4. pkts bytes target prot opt in out source destination
5. 338 28008 INPUT_PING icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
6. 3628 812K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
7. 490 41971 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
8. 3326 680K PTCSRVWAN all -- !br0 * 0.0.0.0/0 0.0.0.0/0
9. 3885 889K PTCSRVLAN all -- br0 * 0.0.0.0/0 0.0.0.0/0
10. 0 0 DROP tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5152
11. 3885 889K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
12. 2999 643K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
13. 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
14. 0 0 INPUT_ICMP icmp -- * * 0.0.0.0/0 0.0.0.0/0
15. 0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
16. 327 36892 WGSI all -- * * 0.0.0.0/0 0.0.0.0/0
17. 327 36892 WGCI all -- * * 0.0.0.0/0 0.0.0.0/0
18. 327 36892 OVPNSI all -- * * 0.0.0.0/0 0.0.0.0/0
19. 327 36892 OVPNCI all -- * * 0.0.0.0/0 0.0.0.0/0
20. 327 36892 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
21.  
22. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
23. pkts bytes target prot opt in out source destination
24. 4544 949K IPSEC_DROP_SUBNET_ICMP all -- * * 0.0.0.0/0 0.0.0.0/0
25. 4544 949K IPSEC_STRONGSWAN all -- * * 0.0.0.0/0 0.0.0.0/0
26. 3415 833K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
27. 1129 115K WGSF all -- * * 0.0.0.0/0 0.0.0.0/0
28. 1129 115K OVPNSF all -- * * 0.0.0.0/0 0.0.0.0/0
29. 0 0 DROP all -- !br0 eth0 0.0.0.0/0 0.0.0.0/0
30. 0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
31. 66 4965 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
32. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
33. 1063 110K WGCF all -- * * 0.0.0.0/0 0.0.0.0/0
34. 1063 110K OVPNCF all -- * * 0.0.0.0/0 0.0.0.0/0
35. 1063 110K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
36. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
37.  
38. Chain OUTPUT (policy ACCEPT 8501 packets, 2501K bytes)
39. pkts bytes target prot opt in out source destination
40. 469 33688 OUTPUT_DNS udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 u32 "0x0>>0x16&0x3c@0x8>>0xf&0x1=0x0"
41. 0 0 OUTPUT_DNS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x8>>0xf&0x1=0x0"
42. 8501 2501K OUTPUT_IP all -- * * 0.0.0.0/0 0.0.0.0/0
43.  
44. Chain ACCESS_RESTRICTION (0 references)
45. pkts bytes target prot opt in out source destination
46.  
47. Chain DNSFILTER_DOT (0 references)
48. pkts bytes target prot opt in out source destination
49.  
50. Chain FUPNP (0 references)
51. pkts bytes target prot opt in out source destination
52.  
53. Chain IControls (0 references)
54. pkts bytes target prot opt in out source destination
55.  
56. Chain INPUT_ICMP (1 references)
57. pkts bytes target prot opt in out source destination
58. 0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
59. 0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 13
60. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
61.  
62. Chain INPUT_PING (1 references)
63. pkts bytes target prot opt in out source destination
64. 0 0 DROP icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0
65.  
66. Chain IPSEC_DROP_SUBNET_ICMP (1 references)
67. pkts bytes target prot opt in out source destination
68.  
69. Chain IPSEC_STRONGSWAN (1 references)
70. pkts bytes target prot opt in out source destination
71.  
72. Chain OUTPUT_DNS (2 references)
73. pkts bytes target prot opt in out source destination
74. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|10706f697579747975696f706b6a666e6603636f6d00|" ALGO name bm TO 65535 ICASE
75. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0d72666a656a6e666a6e65666a6503636f6d00|" ALGO name bm TO 65535 ICASE
76. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|1131306166646d617361787373736171726b03636f6d00|" ALGO name bm TO 65535 ICASE
77. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0f376d667364666173646d6b676d726b03636f6d00|" ALGO name bm TO 65535 ICASE
78. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0d386d617361787373736171726b03636f6d00|" ALGO name bm TO 65535 ICASE
79. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0f3966646d617361787373736171726b03636f6d00|" ALGO name bm TO 65535 ICASE
80. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|1265666274686d6f6975796b6d6b6a6b6a677403636f6d00|" ALGO name bm TO 65535 ICASE
81. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|086861636b7563647403636f6d00|" ALGO name bm TO 65535 ICASE
82. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|076c696e77756469056633333232036e657400|" ALGO name bm TO 65535 ICASE
83. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0f6c6b6a68676664736174727975696f03636f6d00|" ALGO name bm TO 65535 ICASE
84. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0b6d6e627663787a7a7a313203636f6d00|" ALGO name bm TO 65535 ICASE
85. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|077131313133333303746f7000|" ALGO name bm TO 65535 ICASE
86. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|057371353230056633333232036e657400|" ALGO name bm TO 65535 ICASE
87. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|077563746b6f6e6503636f6d00|" ALGO name bm TO 65535 ICASE
88. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0e7a786376626d6e6e666a6a66777103636f6d00|" ALGO name bm TO 65535 ICASE
89. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0a65756d6d6167766e627003636f6d00|" ALGO name bm TO 65535 ICASE
90. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0b726f75746572736173757303636f6d00|" ALGO name bm TO 65535 ICASE
91. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|037777770b726f757465722d6173757303636f6d00|" ALGO name bm TO 65535 ICASE
92. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0377777709617375736c6f67696e03636f6d00|" ALGO name bm TO 65535 ICASE
93. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|0d72657065617461722d6173757303636f6d00|" ALGO name bm TO 65535 ICASE
94. 0 0 logdrop_dns all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match "|037777310b726f757465722d6173757303636f6d00|" ALGO name bm TO 65535 ICASE
95.  
96. Chain OUTPUT_IP (1 references)
97. pkts bytes target prot opt in out source destination
98. 0 0 logdrop_ip all -- * * 0.0.0.0/0 193.201.224.0/24
99. 0 0 logdrop_ip all -- * * 0.0.0.0/0 51.15.120.245
100. 0 0 logdrop_ip all -- * * 0.0.0.0/0 45.33.73.134
101. 0 0 logdrop_ip all -- * * 0.0.0.0/0 190.115.18.28
102. 0 0 logdrop_ip all -- * * 0.0.0.0/0 51.159.52.250
103. 0 0 logdrop_ip all -- * * 0.0.0.0/0 190.115.18.86
104.  
105. Chain OVPNCF (1 references)
106. pkts bytes target prot opt in out source destination
107.  
108. Chain OVPNCI (1 references)
109. pkts bytes target prot opt in out source destination
110.  
111. Chain OVPNSF (1 references)
112. pkts bytes target prot opt in out source destination
113.  
114. Chain OVPNSI (1 references)
115. pkts bytes target prot opt in out source destination
116.  
117. Chain PControls (0 references)
118. pkts bytes target prot opt in out source destination
119.  
120. Chain PTCSRVLAN (1 references)
121. pkts bytes target prot opt in out source destination
122.  
123. Chain PTCSRVWAN (1 references)
124. pkts bytes target prot opt in out source destination
125.  
126. Chain SECURITY (0 references)
127. pkts bytes target prot opt in out source destination
128. 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02 limit: avg 1/sec burst 5
129. 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02
130. 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x04 limit: avg 1/sec burst 5
131. 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x04
132. 0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
133. 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
134. 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
135.  
136. Chain WGCF (1 references)
137. pkts bytes target prot opt in out source destination
138.  
139. Chain WGCI (1 references)
140. pkts bytes target prot opt in out source destination
141.  
142. Chain WGNPControls (0 references)
143. pkts bytes target prot opt in out source destination
144.  
145. Chain WGSF (1 references)
146. pkts bytes target prot opt in out source destination
147.  
148. Chain WGSI (1 references)
149. pkts bytes target prot opt in out source destination
150.  
151. Chain default_block (0 references)
152. pkts bytes target prot opt in out source destination
153.  
154. Chain logaccept (0 references)
155. pkts bytes target prot opt in out source destination
156. 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix "ACCEPT "
157. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
158.  
159. Chain logdrop (0 references)
160. pkts bytes target prot opt in out source destination
161. 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix "DROP "
162. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
163.  
164. Chain logdrop_dns (21 references)
165. pkts bytes target prot opt in out source destination
166. 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix "DROP_DNS "
167. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
168.  
169. Chain logdrop_ip (6 references)
170. pkts bytes target prot opt in out source destination
171. 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix "DROP_IP "
172. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
173. jon@GT-AXE16000-A230:/tmp/home/root#