API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 9th, 2022
28
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.43 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "kernel": "5.4.188",
  3. "hostname": "OpenWrt",
  4. "system": "ARMv7 Processor rev 0 (v7l)",
  5. "model": "Netgear Nighthawk X4S R7800",
  6. "board_name": "netgear,r7800",
  7. "release": {
  8. "distribution": "OpenWrt",
  9. "version": "21.02.3",
  10. "revision": "r16554-1d4dea6d4f",
  11. "target": "ipq806x/generic",
  12. "description": "OpenWrt 21.02.3 r16554-1d4dea6d4f"
  13. }
  14. }
  15. network.loopback=interface
  16. network.loopback.device='lo'
  17. network.loopback.proto='static'
  18. network.loopback.ipaddr='127.0.0.1'
  19. network.loopback.netmask='255.0.0.0'
  20. network.globals=globals
  21. network.globals.ula_prefix='fd91:58c0:ec5c::/48'
  22. network.globals.packet_steering='1'
  23. network.@device[0]=device
  24. network.@device[0].name='br-lan'
  25. network.@device[0].type='bridge'
  26. network.@device[0].ports='eth1.1'
  27. network.lan=interface
  28. network.lan.device='br-lan'
  29. network.lan.proto='static'
  30. network.lan.netmask='255.255.255.0'
  31. network.lan.ip6assign='60'
  32. network.lan.ipaddr='10.0.0.1'
  33. network.wan=interface
  34. network.wan.device='eth0.2'
  35. network.wan.proto='dhcp'
  36. network.wan.peerdns='0'
  37. network.wan.dns='1.1.1.1' '1.0.0.1'
  38. network.wan6=interface
  39. network.wan6.device='eth0.2'
  40. network.wan6.proto='dhcpv6'
  41. network.@switch[0]=switch
  42. network.@switch[0].name='switch0'
  43. network.@switch[0].reset='1'
  44. network.@switch[0].enable_vlan='1'
  45. network.@switch_vlan[0]=switch_vlan
  46. network.@switch_vlan[0].device='switch0'
  47. network.@switch_vlan[0].vlan='1'
  48. network.@switch_vlan[0].ports='1 2 3 4 6t'
  49. network.@switch_vlan[1]=switch_vlan
  50. network.@switch_vlan[1].device='switch0'
  51. network.@switch_vlan[1].vlan='2'
  52. network.@switch_vlan[1].ports='5 0t'
  53. firewall.@defaults[0]=defaults
  54. firewall.@defaults[0].input='ACCEPT'
  55. firewall.@defaults[0].output='ACCEPT'
  56. firewall.@defaults[0].forward='REJECT'
  57. firewall.@defaults[0].synflood_protect='1'
  58. firewall.lan=zone
  59. firewall.lan.name='lan'
  60. firewall.lan.input='ACCEPT'
  61. firewall.lan.output='ACCEPT'
  62. firewall.lan.forward='ACCEPT'
  63. firewall.lan.network='lan'
  64. firewall.wan=zone
  65. firewall.wan.name='wan'
  66. firewall.wan.input='REJECT'
  67. firewall.wan.output='ACCEPT'
  68. firewall.wan.forward='REJECT'
  69. firewall.wan.masq='1'
  70. firewall.wan.mtu_fix='1'
  71. firewall.wan.network='wan' 'wan6'
  72. firewall.@forwarding[0]=forwarding
  73. firewall.@forwarding[0].src='lan'
  74. firewall.@forwarding[0].dest='wan'
  75. firewall.@rule[0]=rule
  76. firewall.@rule[0].name='Allow-DHCP-Renew'
  77. firewall.@rule[0].src='wan'
  78. firewall.@rule[0].proto='udp'
  79. firewall.@rule[0].dest_port='68'
  80. firewall.@rule[0].target='ACCEPT'
  81. firewall.@rule[0].family='ipv4'
  82. firewall.@rule[1]=rule
  83. firewall.@rule[1].name='Allow-Ping'
  84. firewall.@rule[1].src='wan'
  85. firewall.@rule[1].proto='icmp'
  86. firewall.@rule[1].icmp_type='echo-request'
  87. firewall.@rule[1].family='ipv4'
  88. firewall.@rule[1].target='ACCEPT'
  89. firewall.@rule[2]=rule
  90. firewall.@rule[2].name='Allow-IGMP'
  91. firewall.@rule[2].src='wan'
  92. firewall.@rule[2].proto='igmp'
  93. firewall.@rule[2].family='ipv4'
  94. firewall.@rule[2].target='ACCEPT'
  95. firewall.@rule[3]=rule
  96. firewall.@rule[3].name='Allow-DHCPv6'
  97. firewall.@rule[3].src='wan'
  98. firewall.@rule[3].proto='udp'
  99. firewall.@rule[3].dest_port='546'
  100. firewall.@rule[3].family='ipv6'
  101. firewall.@rule[3].target='ACCEPT'
  102. firewall.@rule[4]=rule
  103. firewall.@rule[4].name='Allow-MLD'
  104. firewall.@rule[4].src='wan'
  105. firewall.@rule[4].proto='icmp'
  106. firewall.@rule[4].src_ip='fe80::/10'
  107. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  108. firewall.@rule[4].family='ipv6'
  109. firewall.@rule[4].target='ACCEPT'
  110. firewall.@rule[5]=rule
  111. firewall.@rule[5].name='Allow-ICMPv6-Input'
  112. firewall.@rule[5].src='wan'
  113. firewall.@rule[5].proto='icmp'
  114. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  115. firewall.@rule[5].limit='1000/sec'
  116. firewall.@rule[5].family='ipv6'
  117. firewall.@rule[5].target='ACCEPT'
  118. firewall.@rule[6]=rule
  119. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  120. firewall.@rule[6].src='wan'
  121. firewall.@rule[6].dest='*'
  122. firewall.@rule[6].proto='icmp'
  123. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  124. firewall.@rule[6].limit='1000/sec'
  125. firewall.@rule[6].family='ipv6'
  126. firewall.@rule[6].target='ACCEPT'
  127. firewall.@rule[7]=rule
  128. firewall.@rule[7].name='Allow-IPSec-ESP'
  129. firewall.@rule[7].src='wan'
  130. firewall.@rule[7].dest='lan'
  131. firewall.@rule[7].proto='esp'
  132. firewall.@rule[7].target='ACCEPT'
  133. firewall.@rule[8]=rule
  134. firewall.@rule[8].name='Allow-ISAKMP'
  135. firewall.@rule[8].src='wan'
  136. firewall.@rule[8].dest='lan'
  137. firewall.@rule[8].dest_port='500'
  138. firewall.@rule[8].proto='udp'
  139. firewall.@rule[8].target='ACCEPT'
  140. firewall.@rule[9]=rule
  141. firewall.@rule[9].name='Support-UDP-Traceroute'
  142. firewall.@rule[9].src='wan'
  143. firewall.@rule[9].dest_port='33434:33689'
  144. firewall.@rule[9].proto='udp'
  145. firewall.@rule[9].family='ipv4'
  146. firewall.@rule[9].target='REJECT'
  147. firewall.@rule[9].enabled='0'
  148. firewall.@include[0]=include
  149. firewall.@include[0].path='/etc/firewall.user'
  150. firewall.miniupnpd=include
  151. firewall.miniupnpd.type='script'
  152. firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
  153. firewall.miniupnpd.family='any'
  154. firewall.miniupnpd.reload='1'
  155. firewall.@redirect[0]=redirect
  156. firewall.@redirect[0].target='DNAT'
  157. firewall.@redirect[0].src='wan'
  158. firewall.@redirect[0].dest_ip='10.0.0.100'
  159. firewall.@redirect[0].dest='lan'
  160. firewall.@redirect[0].name='Ftp-Rule1'
  161. firewall.@redirect[0].src_dport='20-21'
  162. firewall.@redirect[0].dest_port='20-21'
  163. firewall.@redirect[0].proto='tcp'
  164. firewall.@redirect[1]=redirect
  165. firewall.@redirect[1].target='DNAT'
  166. firewall.@redirect[1].src='wan'
  167. firewall.@redirect[1].dest='lan'
  168. firewall.@redirect[1].dest_ip='10.0.0.100'
  169. firewall.@redirect[1].name='Ftp-Rule2'
  170. firewall.@redirect[1].proto='tcp'
  171. firewall.@redirect[1].src_dport='30000-30009'
  172. firewall.@redirect[1].dest_port='30000-30009'
  173. firewall.@redirect[2]=redirect
  174. firewall.@redirect[2].target='DNAT'
  175. firewall.@redirect[2].proto='tcp udp'
  176. firewall.@redirect[2].src_dport='32400'
  177. firewall.@redirect[2].dest_port='32400'
  178. firewall.@redirect[2].name='Plex'
  179. firewall.@redirect[2].dest='lan'
  180. firewall.@redirect[2].src='wan'
  181. firewall.@redirect[2].dest_ip='10.0.0.100'
  182. firewall.@redirect[3]=redirect
  183. firewall.@redirect[3].target='DNAT'
  184. firewall.@redirect[3].src='wan'
  185. firewall.@redirect[3].dest='lan'
  186. firewall.@redirect[3].proto='tcp'
  187. firewall.@redirect[3].src_dport='4662'
  188. firewall.@redirect[3].dest_ip='10.0.0.100'
  189. firewall.@redirect[3].dest_port='4662'
  190. firewall.@redirect[3].name='aMule'
  191. firewall.@redirect[4]=redirect
  192. firewall.@redirect[4].target='DNAT'
  193. firewall.@redirect[4].src='wan'
  194. firewall.@redirect[4].dest='lan'
  195. firewall.@redirect[4].proto='udp'
  196. firewall.@redirect[4].src_dport='4665'
  197. firewall.@redirect[4].dest_ip='10.0.0.100'
  198. firewall.@redirect[4].dest_port='4665'
  199. firewall.@redirect[4].name='aMule2'
  200. firewall.@redirect[5]=redirect
  201. firewall.@redirect[5].target='DNAT'
  202. firewall.@redirect[5].src='wan'
  203. firewall.@redirect[5].dest='lan'
  204. firewall.@redirect[5].proto='udp'
  205. firewall.@redirect[5].src_dport='4672'
  206. firewall.@redirect[5].dest_ip='10.0.0.100'
  207. firewall.@redirect[5].dest_port='4672'
  208. firewall.@redirect[5].name='aMule3'
  209. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
  210. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  211. inet 127.0.0.1/8 scope host lo
  212. valid_lft forever preferred_lft forever
  213. inet6 ::1/128 scope host
  214. valid_lft forever preferred_lft forever
  215. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
  216. link/ether b0:7f:b9:3e:44:80 brd ff:ff:ff:ff:ff:ff
  217. inet6 fe80::b27f:b9ff:fe3e:4480/64 scope link
  218. valid_lft forever preferred_lft forever
  219. 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
  220. link/ether b0:7f:b9:3e:44:7f brd ff:ff:ff:ff:ff:ff
  221. inet6 fe80::b27f:b9ff:fe3e:447f/64 scope link
  222. valid_lft forever preferred_lft forever
  223. 41: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
  224. link/ether b0:7f:b9:3e:44:7f brd ff:ff:ff:ff:ff:ff
  225. inet 10.0.0.1/24 brd 10.0.0.255 scope global br-lan
  226. valid_lft forever preferred_lft forever
  227. inet6 fd91:58c0:ec5c::1/60 scope global noprefixroute
  228. valid_lft forever preferred_lft forever
  229. inet6 fe80::b27f:b9ff:fe3e:447f/64 scope link
  230. valid_lft forever preferred_lft forever
  231. 42: eth1.1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
  232. link/ether b0:7f:b9:3e:44:7f brd ff:ff:ff:ff:ff:ff
  233. 43: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
  234. link/ether b0:7f:b9:3e:44:80 brd ff:ff:ff:ff:ff:ff
  235. inet 192.168.1.150/24 brd 192.168.1.255 scope global eth0.2
  236. valid_lft forever preferred_lft forever
  237. inet6 fe80::b27f:b9ff:fe3e:4480/64 scope link
  238. valid_lft forever preferred_lft forever
  239. 45: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
  240. link/ether b0:7f:b9:3e:44:81 brd ff:ff:ff:ff:ff:ff
  241. inet6 fe80::b27f:b9ff:fe3e:4481/64 scope link
  242. valid_lft forever preferred_lft forever
  243. 46: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
  244. link/ether b0:7f:b9:3e:44:82 brd ff:ff:ff:ff:ff:ff
  245. inet6 fe80::b27f:b9ff:fe3e:4482/64 scope link
  246. valid_lft forever preferred_lft forever
  247. default via 192.168.1.1 dev eth0.2 src 192.168.1.150
  248. 10.0.0.0/24 dev br-lan scope link src 10.0.0.1
  249. 192.168.1.0/24 dev eth0.2 scope link src 192.168.1.150
  250. broadcast 10.0.0.0 dev br-lan table local scope link src 10.0.0.1
  251. local 10.0.0.1 dev br-lan table local scope host src 10.0.0.1
  252. broadcast 10.0.0.255 dev br-lan table local scope link src 10.0.0.1
  253. broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
  254. local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
  255. local 127.0.0.1 dev lo table local scope host src 127.0.0.1
  256. broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
  257. broadcast 192.168.1.0 dev eth0.2 table local scope link src 192.168.1.150
  258. local 192.168.1.150 dev eth0.2 table local scope host src 192.168.1.150
  259. broadcast 192.168.1.255 dev eth0.2 table local scope link src 192.168.1.150
  260. fd91:58c0:ec5c::/64 dev br-lan metric 1024
  261. unreachable fd91:58c0:ec5c::/48 dev lo metric 2147483647
  262. fe80::/64 dev eth1 metric 256
  263. fe80::/64 dev eth0 metric 256
  264. fe80::/64 dev eth0.2 metric 256
  265. fe80::/64 dev br-lan metric 256
  266. fe80::/64 dev wlan0 metric 256
  267. fe80::/64 dev wlan1 metric 256
  268. local ::1 dev lo table local metric 0
  269. anycast fd91:58c0:ec5c:: dev br-lan table local metric 0
  270. local fd91:58c0:ec5c::1 dev br-lan table local metric 0
  271. anycast fe80:: dev eth0.2 table local metric 0
  272. anycast fe80:: dev eth0 table local metric 0
  273. anycast fe80:: dev eth1 table local metric 0
  274. anycast fe80:: dev br-lan table local metric 0
  275. anycast fe80:: dev wlan0 table local metric 0
  276. anycast fe80:: dev wlan1 table local metric 0
  277. local fe80::b27f:b9ff:fe3e:447f dev eth1 table local metric 0
  278. local fe80::b27f:b9ff:fe3e:447f dev br-lan table local metric 0
  279. local fe80::b27f:b9ff:fe3e:4480 dev eth0.2 table local metric 0
  280. local fe80::b27f:b9ff:fe3e:4480 dev eth0 table local metric 0
  281. local fe80::b27f:b9ff:fe3e:4481 dev wlan0 table local metric 0
  282. local fe80::b27f:b9ff:fe3e:4482 dev wlan1 table local metric 0
  283. multicast ff00::/8 dev eth1 table local metric 256
  284. multicast ff00::/8 dev br-lan table local metric 256
  285. multicast ff00::/8 dev eth0 table local metric 256
  286. multicast ff00::/8 dev eth0.2 table local metric 256
  287. multicast ff00::/8 dev wlan0 table local metric 256
  288. multicast ff00::/8 dev wlan1 table local metric 256
  289. 0: from all lookup local
  290. 32766: from all lookup main
  291. 32767: from all lookup default
  292. # Generated by iptables-save v1.8.7 on Tue Aug 9 22:55:25 2022
  293. *nat
  294. :PREROUTING ACCEPT [365:33864]
  295. :INPUT ACCEPT [69:3779]
  296. :OUTPUT ACCEPT [19:1339]
  297. :POSTROUTING ACCEPT [87:6704]
  298. :MINIUPNPD - [0:0]
  299. :MINIUPNPD-POSTROUTING - [0:0]
  300. :postrouting_lan_rule - [0:0]
  301. :postrouting_rule - [0:0]
  302. :postrouting_wan_rule - [0:0]
  303. :prerouting_lan_rule - [0:0]
  304. :prerouting_rule - [0:0]
  305. :prerouting_wan_rule - [0:0]
  306. :zone_lan_postrouting - [0:0]
  307. :zone_lan_prerouting - [0:0]
  308. :zone_wan_postrouting - [0:0]
  309. :zone_wan_prerouting - [0:0]
  310. [490:42986] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  311. [291:24832] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  312. [199:18154] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
  313. [338:23633] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  314. [81:6294] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  315. [250:16850] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
  316. [81:6294] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  317. [0:0] -A zone_lan_postrouting -s 10.0.0.0/24 -d 10.0.0.100/32 -p tcp -m tcp --dport 20:21 -m comment --comment "!fw3: Ftp-Rule1 (reflection)" -j SNAT --to-source 10.0.0.1
  318. [0:0] -A zone_lan_postrouting -s 10.0.0.0/24 -d 10.0.0.100/32 -p tcp -m tcp --dport 30000:30009 -m comment --comment "!fw3: Ftp-Rule2 (reflection)" -j SNAT --to-source 10.0.0.1
  319. [0:0] -A zone_lan_postrouting -s 10.0.0.0/24 -d 10.0.0.100/32 -p tcp -m tcp --dport 32400 -m comment --comment "!fw3: Plex (reflection)" -j SNAT --to-source 10.0.0.1
  320. [0:0] -A zone_lan_postrouting -s 10.0.0.0/24 -d 10.0.0.100/32 -p udp -m udp --dport 32400 -m comment --comment "!fw3: Plex (reflection)" -j SNAT --to-source 10.0.0.1
  321. [0:0] -A zone_lan_postrouting -s 10.0.0.0/24 -d 10.0.0.100/32 -p tcp -m tcp --dport 4662 -m comment --comment "!fw3: aMule (reflection)" -j SNAT --to-source 10.0.0.1
  322. [0:0] -A zone_lan_postrouting -s 10.0.0.0/24 -d 10.0.0.100/32 -p udp -m udp --dport 4665 -m comment --comment "!fw3: aMule2 (reflection)" -j SNAT --to-source 10.0.0.1
  323. [0:0] -A zone_lan_postrouting -s 10.0.0.0/24 -d 10.0.0.100/32 -p udp -m udp --dport 4672 -m comment --comment "!fw3: aMule3 (reflection)" -j SNAT --to-source 10.0.0.1
  324. [291:24832] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  325. [0:0] -A zone_lan_prerouting -p tcp -m tcp --dport 53 -m comment --comment "!fw3: ubus:simple-adblock[main] redirect 0" -j REDIRECT --to-ports 53
  326. [43:2703] -A zone_lan_prerouting -p udp -m udp --dport 53 -m comment --comment "!fw3: ubus:simple-adblock[main] redirect 0" -j REDIRECT --to-ports 53
  327. [0:0] -A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.1.150/32 -p tcp -m tcp --dport 20:21 -m comment --comment "!fw3: Ftp-Rule1 (reflection)" -j DNAT --to-destination 10.0.0.100:20-21
  328. [0:0] -A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.1.150/32 -p tcp -m tcp --dport 30000:30009 -m comment --comment "!fw3: Ftp-Rule2 (reflection)" -j DNAT --to-destination 10.0.0.100:30000-30009
  329. [0:0] -A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.1.150/32 -p tcp -m tcp --dport 32400 -m comment --comment "!fw3: Plex (reflection)" -j DNAT --to-destination 10.0.0.100:32400
  330. [0:0] -A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.1.150/32 -p udp -m udp --dport 32400 -m comment --comment "!fw3: Plex (reflection)" -j DNAT --to-destination 10.0.0.100:32400
  331. [0:0] -A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.1.150/32 -p tcp -m tcp --dport 4662 -m comment --comment "!fw3: aMule (reflection)" -j DNAT --to-destination 10.0.0.100:4662
  332. [0:0] -A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.1.150/32 -p udp -m udp --dport 4665 -m comment --comment "!fw3: aMule2 (reflection)" -j DNAT --to-destination 10.0.0.100:4665
  333. [0:0] -A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.1.150/32 -p udp -m udp --dport 4672 -m comment --comment "!fw3: aMule3 (reflection)" -j DNAT --to-destination 10.0.0.100:4672
  334. [250:16850] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  335. [250:16850] -A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
  336. [250:16850] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  337. [199:18154] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  338. [0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 20:21 -m comment --comment "!fw3: Ftp-Rule1" -j DNAT --to-destination 10.0.0.100:20-21
  339. [0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 30000:30009 -m comment --comment "!fw3: Ftp-Rule2" -j DNAT --to-destination 10.0.0.100:30000-30009
  340. [0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 32400 -m comment --comment "!fw3: Plex" -j DNAT --to-destination 10.0.0.100:32400
  341. [0:0] -A zone_wan_prerouting -p udp -m udp --dport 32400 -m comment --comment "!fw3: Plex" -j DNAT --to-destination 10.0.0.100:32400
  342. [0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 4662 -m comment --comment "!fw3: aMule" -j DNAT --to-destination 10.0.0.100:4662
  343. [0:0] -A zone_wan_prerouting -p udp -m udp --dport 4665 -m comment --comment "!fw3: aMule2" -j DNAT --to-destination 10.0.0.100:4665
  344. [81:6294] -A zone_wan_prerouting -p udp -m udp --dport 4672 -m comment --comment "!fw3: aMule3" -j DNAT --to-destination 10.0.0.100:4672
  345. [117:11735] -A zone_wan_prerouting -j MINIUPNPD
  346. COMMIT
  347. # Completed on Tue Aug 9 22:55:25 2022
  348. # Generated by iptables-save v1.8.7 on Tue Aug 9 22:55:25 2022
  349. *mangle
  350. :PREROUTING ACCEPT [689614:781164769]
  351. :INPUT ACCEPT [1269:187304]
  352. :FORWARD ACCEPT [688317:780970101]
  353. :OUTPUT ACCEPT [1384:2025252]
  354. :POSTROUTING ACCEPT [689699:782995273]
  355. [44:2640] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  356. [43:2460] -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  357. COMMIT
  358. # Completed on Tue Aug 9 22:55:25 2022
  359. # Generated by iptables-save v1.8.7 on Tue Aug 9 22:55:25 2022
  360. *filter
  361. :INPUT ACCEPT [0:0]
  362. :FORWARD DROP [0:0]
  363. :OUTPUT ACCEPT [0:0]
  364. :MINIUPNPD - [0:0]
  365. :forwarding_lan_rule - [0:0]
  366. :forwarding_rule - [0:0]
  367. :forwarding_wan_rule - [0:0]
  368. :input_lan_rule - [0:0]
  369. :input_rule - [0:0]
  370. :input_wan_rule - [0:0]
  371. :output_lan_rule - [0:0]
  372. :output_rule - [0:0]
  373. :output_wan_rule - [0:0]
  374. :reject - [0:0]
  375. :syn_flood - [0:0]
  376. :zone_lan_dest_ACCEPT - [0:0]
  377. :zone_lan_forward - [0:0]
  378. :zone_lan_input - [0:0]
  379. :zone_lan_output - [0:0]
  380. :zone_lan_src_ACCEPT - [0:0]
  381. :zone_wan_dest_ACCEPT - [0:0]
  382. :zone_wan_dest_REJECT - [0:0]
  383. :zone_wan_forward - [0:0]
  384. :zone_wan_input - [0:0]
  385. :zone_wan_output - [0:0]
  386. :zone_wan_src_REJECT - [0:0]
  387. [184:14608] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  388. [1085:172696] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  389. [885:156148] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  390. [26:1256] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  391. [82:4688] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  392. [118:11860] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  393. [688377:781017241] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  394. [688073:780995465] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  395. [223:15482] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  396. [81:6294] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  397. [0:0] -A FORWARD -m comment --comment "!fw3" -j reject
  398. [184:14608] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  399. [1201:2012460] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  400. [1189:2011610] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  401. [0:0] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  402. [12:850] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  403. [19:892] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  404. [81:10320] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  405. [26:1256] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  406. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
  407. [0:0] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  408. [223:15482] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  409. [0:0] -A zone_lan_forward -p tcp -m tcp --dport 853 -m comment --comment "!fw3: ubus:simple-adblock[main] rule 1" -j reject
  410. [0:0] -A zone_lan_forward -p udp -m udp --dport 853 -m comment --comment "!fw3: ubus:simple-adblock[main] rule 1" -j reject
  411. [223:15482] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  412. [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  413. [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  414. [82:4688] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  415. [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  416. [82:4688] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  417. [0:0] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  418. [0:0] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  419. [82:4688] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  420. [2:80] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  421. [233:16252] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  422. [0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
  423. [81:6294] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  424. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  425. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  426. [81:6294] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  427. [0:0] -A zone_wan_forward -j MINIUPNPD
  428. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  429. [118:11860] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  430. [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  431. [18:648] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  432. [0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  433. [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  434. [99:11087] -A zone_wan_input -j MINIUPNPD
  435. [100:11212] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  436. [12:850] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  437. [12:850] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  438. [100:11212] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
  439. COMMIT
  440. # Completed on Tue Aug 9 22:55:25 2022
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!