API tools faq
paste
Advertisement
Guest User

Network log

a guest
Aug 5th, 2021
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.69 KB | None | 0 0
raw download clone embed print report
  1. network.loopback=interface
  2. network.loopback.ifname='lo'
  3. network.loopback.proto='static'
  4. network.loopback.ipaddr='127.0.0.1'
  5. network.loopback.netmask='255.0.0.0'
  6. network.globals=globals
  7. network.globals.ula_prefix='fd83:36bb:699e::/48'
  8. network.wan=interface
  9. network.wan.ifname='eth1'
  10. network.wan.proto='dhcp'
  11. network.wan.dns='208.67.222.222' '208.67.220.220'
  12. network.wan.peerdns='0'
  13. network.wan6=interface
  14. network.wan6.ifname='eth1'
  15. network.wan6.proto='dhcpv6'
  16. network.wan6.reqprefix='auto'
  17. network.wan6.reqaddress='try'
  18. network.lan=interface
  19. network.lan.type='bridge'
  20. network.lan.ifname='eth0.1'
  21. network.lan.proto='static'
  22. network.lan.ipaddr='192.168.1.1'
  23. network.lan.netmask='255.255.255.0'
  24. network.lan.ip6assign='60'
  25. network.lan.ip6class='local'
  26. network.@switch[0]=switch
  27. network.@switch[0].name='switch0'
  28. network.@switch[0].reset='1'
  29. network.@switch[0].enable_vlan='1'
  30. network.@switch_vlan[0]=switch_vlan
  31. network.@switch_vlan[0].device='switch0'
  32. network.@switch_vlan[0].vlan='1'
  33. network.@switch_vlan[0].ports='1 2 3 4 0t'
  34. network.surfsharktun=interface
  35. network.surfsharktun.proto='none'
  36. network.surfsharktun.ifname='tun0'
  37. firewall.@defaults[0]=defaults
  38. firewall.@defaults[0].input='ACCEPT'
  39. firewall.@defaults[0].output='ACCEPT'
  40. firewall.@defaults[0].forward='REJECT'
  41. firewall.@defaults[0].synflood_protect='1'
  42. firewall.@zone[0]=zone
  43. firewall.@zone[0].name='lan'
  44. firewall.@zone[0].input='ACCEPT'
  45. firewall.@zone[0].output='ACCEPT'
  46. firewall.@zone[0].forward='ACCEPT'
  47. firewall.@zone[0].network='lan'
  48. firewall.@zone[1]=zone
  49. firewall.@zone[1].name='wan'
  50. firewall.@zone[1].input='REJECT'
  51. firewall.@zone[1].output='ACCEPT'
  52. firewall.@zone[1].forward='REJECT'
  53. firewall.@zone[1].mtu_fix='1'
  54. firewall.@zone[1].network='wan' 'wan6'
  55. firewall.@rule[0]=rule
  56. firewall.@rule[0].name='Allow-DHCP-Renew'
  57. firewall.@rule[0].src='wan'
  58. firewall.@rule[0].proto='udp'
  59. firewall.@rule[0].dest_port='68'
  60. firewall.@rule[0].target='ACCEPT'
  61. firewall.@rule[0].family='ipv4'
  62. firewall.@rule[1]=rule
  63. firewall.@rule[1].name='Allow-Ping'
  64. firewall.@rule[1].src='wan'
  65. firewall.@rule[1].proto='icmp'
  66. firewall.@rule[1].icmp_type='echo-request'
  67. firewall.@rule[1].family='ipv4'
  68. firewall.@rule[1].target='ACCEPT'
  69. firewall.@rule[2]=rule
  70. firewall.@rule[2].name='Allow-IGMP'
  71. firewall.@rule[2].src='wan'
  72. firewall.@rule[2].proto='igmp'
  73. firewall.@rule[2].family='ipv4'
  74. firewall.@rule[2].target='ACCEPT'
  75. firewall.@rule[3]=rule
  76. firewall.@rule[3].name='Allow-DHCPv6'
  77. firewall.@rule[3].src='wan'
  78. firewall.@rule[3].proto='udp'
  79. firewall.@rule[3].src_ip='fc00::/6'
  80. firewall.@rule[3].dest_ip='fc00::/6'
  81. firewall.@rule[3].dest_port='546'
  82. firewall.@rule[3].family='ipv6'
  83. firewall.@rule[3].target='ACCEPT'
  84. firewall.@rule[4]=rule
  85. firewall.@rule[4].name='Allow-MLD'
  86. firewall.@rule[4].src='wan'
  87. firewall.@rule[4].proto='icmp'
  88. firewall.@rule[4].src_ip='fe80::/10'
  89. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  90. firewall.@rule[4].family='ipv6'
  91. firewall.@rule[4].target='ACCEPT'
  92. firewall.@rule[5]=rule
  93. firewall.@rule[5].name='Allow-ICMPv6-Input'
  94. firewall.@rule[5].src='wan'
  95. firewall.@rule[5].proto='icmp'
  96. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  97. firewall.@rule[5].limit='1000/sec'
  98. firewall.@rule[5].family='ipv6'
  99. firewall.@rule[5].target='ACCEPT'
  100. firewall.@rule[6]=rule
  101. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  102. firewall.@rule[6].src='wan'
  103. firewall.@rule[6].dest='*'
  104. firewall.@rule[6].proto='icmp'
  105. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  106. firewall.@rule[6].limit='1000/sec'
  107. firewall.@rule[6].family='ipv6'
  108. firewall.@rule[6].target='ACCEPT'
  109. firewall.@rule[7]=rule
  110. firewall.@rule[7].name='Allow-IPSec-ESP'
  111. firewall.@rule[7].src='wan'
  112. firewall.@rule[7].dest='lan'
  113. firewall.@rule[7].proto='esp'
  114. firewall.@rule[7].target='ACCEPT'
  115. firewall.@rule[8]=rule
  116. firewall.@rule[8].name='Allow-ISAKMP'
  117. firewall.@rule[8].src='wan'
  118. firewall.@rule[8].dest='lan'
  119. firewall.@rule[8].dest_port='500'
  120. firewall.@rule[8].proto='udp'
  121. firewall.@rule[8].target='ACCEPT'
  122. firewall.@include[0]=include
  123. firewall.@include[0].path='/etc/firewall.user'
  124. firewall.@zone[2]=zone
  125. firewall.@zone[2].name='vpnfirewall'
  126. firewall.@zone[2].input='REJECT'
  127. firewall.@zone[2].output='ACCEPT'
  128. firewall.@zone[2].forward='REJECT'
  129. firewall.@zone[2].masq='1'
  130. firewall.@zone[2].mtu_fix='1'
  131. firewall.@zone[2].network='surfsharktun'
  132. firewall.@forwarding[0]=forwarding
  133. firewall.@forwarding[0].dest='vpnfirewall'
  134. firewall.@forwarding[0].src='lan'
  135. dhcp.@dnsmasq[0]=dnsmasq
  136. dhcp.@dnsmasq[0].domainneeded='1'
  137. dhcp.@dnsmasq[0].localise_queries='1'
  138. dhcp.@dnsmasq[0].rebind_protection='1'
  139. dhcp.@dnsmasq[0].rebind_localhost='1'
  140. dhcp.@dnsmasq[0].local='/lan/'
  141. dhcp.@dnsmasq[0].domain='lan'
  142. dhcp.@dnsmasq[0].expandhosts='1'
  143. dhcp.@dnsmasq[0].authoritative='1'
  144. dhcp.@dnsmasq[0].readethers='1'
  145. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  146. dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
  147. dhcp.@dnsmasq[0].localservice='1'
  148. dhcp.lan=dhcp
  149. dhcp.lan.interface='lan'
  150. dhcp.lan.start='100'
  151. dhcp.lan.limit='150'
  152. dhcp.lan.leasetime='12h'
  153. dhcp.lan.dhcpv6='server'
  154. dhcp.lan.ra='server'
  155. dhcp.lan.ra_management='1'
  156. dhcp.wan=dhcp
  157. dhcp.wan.interface='wan'
  158. dhcp.wan.ignore='1'
  159. dhcp.odhcpd=odhcpd
  160. dhcp.odhcpd.maindhcp='0'
  161. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  162. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  163. dhcp.odhcpd.loglevel='4'
  164. dhcp.@host[0]=host
  165. dhcp.@host[0].mac='XX:XX:XX:XX:XX:XX'
  166. dhcp.@host[0].name='LibreElec'
  167. dhcp.@host[0].dns='1'
  168. dhcp.@host[0].ip='192.168.1.116'
  169. dhcp.@host[1]=host
  170. dhcp.@host[1].name='Dell'
  171. dhcp.@host[1].dns='1'
  172. dhcp.@host[1].ip='192.168.1.101'
  173. dhcp.@host[1].mac='XX:XX:XX:XX:XX:XX'
  174. vpn-policy-routing.config=vpn-policy-routing
  175. vpn-policy-routing.config.verbosity='2'
  176. vpn-policy-routing.config.src_ipset='0'
  177. vpn-policy-routing.config.dest_ipset='0'
  178. vpn-policy-routing.config.resolver_ipset='dnsmasq.ipset'
  179. vpn-policy-routing.config.ignored_interface='vpnserver wgserver'
  180. vpn-policy-routing.config.boot_timeout='30'
  181. vpn-policy-routing.config.iptables_rule_option='append'
  182. vpn-policy-routing.config.procd_reload_delay='1'
  183. vpn-policy-routing.config.webui_show_ignore_target='0'
  184. vpn-policy-routing.config.webui_sorting='1'
  185. vpn-policy-routing.config.webui_supported_protocol='tcp' 'udp' 'tcp udp' 'icmp' 'all'
  186. vpn-policy-routing.config.ipv6_enabled='0'
  187. vpn-policy-routing.config.webui_enable_column='1'
  188. vpn-policy-routing.config.webui_protocol_column='1'
  189. vpn-policy-routing.config.webui_chain_column='1'
  190. vpn-policy-routing.config.strict_enforcement='0'
  191. vpn-policy-routing.config.enabled='0'
  192. vpn-policy-routing.@include[0]=include
  193. vpn-policy-routing.@include[0].path='/etc/vpn-policy-routing.netflix.user'
  194. vpn-policy-routing.@include[0].enabled='0'
  195. vpn-policy-routing.@include[1]=include
  196. vpn-policy-routing.@include[1].path='/etc/vpn-policy-routing.aws.user'
  197. vpn-policy-routing.@include[1].enabled='0'
  198. vpn-policy-routing.@policy[0]=policy
  199. vpn-policy-routing.@policy[0].name='Libreelec'
  200. vpn-policy-routing.@policy[0].src_addr='192.168.1.116'
  201. vpn-policy-routing.@policy[0].interface='surfsharktun'
  202. vpn-policy-routing.@policy[0].chain='FORWARD'
  203. vpn-policy-routing 0.3.2-20 running on OpenWrt 19.07.7.
  204. ============================================================
  205. Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley
  206. Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-nettlehash no-DNSSEC no-ID loop-detect inotify dumpfile
  207. ============================================================
  208. Routes/IP Rules
  209. default 10.8.8.1 128.0.0.0 UG 0 0 0 tun0
  210. default 5ad01001.bb.sky 0.0.0.0 UG 0 0 0 eth1
  211. ============================================================
  212. Current ipsets
  213. create vpnbypass hash:ip family inet hashsize 1024 maxelem 65536
  214. ============================================================
  215. Your support details have been logged to '/var/vpn-policy-routing-support'. [✓]
  216. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  217. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  218. inet 127.0.0.1/8 scope host lo
  219. valid_lft forever preferred_lft forever
  220. inet6 ::1/128 scope host
  221. valid_lft forever preferred_lft forever
  222. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
  223. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  224. inet6 fe80:XXXXXXXXXXXXXXXXXXX scope link
  225. valid_lft forever preferred_lft forever
  226. 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
  227. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  228. inet XXX.XXX.XXX.XXX/XX brd XXX.XXX.XXX.XXX scope global eth1
  229. valid_lft forever preferred_lft forever
  230. inet6 fe80:XXXXXXXXXXXXXXXXXXX scope link
  231. valid_lft forever preferred_lft forever
  232. 7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  233. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  234. inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
  235. valid_lft forever preferred_lft forever
  236. inet6 fd83:XXXXXXXXXXXXXXXXXXX scope global noprefixroute
  237. valid_lft forever preferred_lft forever
  238. inet6 fe80:XXXXXXXXXXXXXXXXXXX scope link
  239. valid_lft forever preferred_lft forever
  240. 8: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  241. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  242. 9: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  243. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  244. inet6 fe80:XXXXXXXXXXXXXXXXXXX scope link
  245. valid_lft forever preferred_lft forever
  246. 10: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  247. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  248. inet6 fe80:XXXXXXXXXXXXXXXXXXX scope link
  249. valid_lft forever preferred_lft forever
  250. 13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
  251. link/none
  252. inet 10.8.8.4/24 brd 10.8.8.255 scope global tun0
  253. valid_lft forever preferred_lft forever
  254. inet6 fe80:XXXXXXXXXXXXXXXXXXX scope link stable-privacy
  255. valid_lft forever preferred_lft forever
  256. 0.0.0.0/1 via 10.8.8.1 dev tun0
  257. default via XXX.XXX.XXX.XXX dev eth1 proto static src XXX.XXX.XXX.XXX
  258. 10.8.8.0/24 dev tun0 proto kernel scope link src 10.8.8.4
  259. XXX.XXX.XXX.XXX/22 dev eth1 proto kernel scope link src XXX.XXX.XXX.XXX
  260. XXX.XXX.XXX.XXX via XXX.XXX.XXX.XXX dev eth1
  261. 128.0.0.0/1 via 10.8.8.1 dev tun0
  262. 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
  263. broadcast 10.8.8.0 dev tun0 table local proto kernel scope link src 10.8.8.4
  264. local 10.8.8.4 dev tun0 table local proto kernel scope host src 10.8.8.4
  265. broadcast 10.8.8.255 dev tun0 table local proto kernel scope link src 10.8.8.4
  266. broadcast XXX.XXX.XXX.XXX dev eth1 table local proto kernel scope link src XXX.XXX.XXX.XXX
  267. local XXX.XXX.XXX.XXX dev eth1 table local proto kernel scope host src XXX.XXX.XXX.XXX
  268. broadcast XXX.XXX.XXX.XXX dev eth1 table local proto kernel scope link src XXX.XXX.XXX.XXX
  269. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  270. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  271. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  272. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  273. broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
  274. local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
  275. broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
  276. default from 2a02:XXXXXXXXXXXXXXXXXXX/56 via fe80:XXXXXXXXXXXXXXXXXXX dev eth1 proto static metric 512 pref medium
  277. unreachable 2a02:XXXXXXXXXXXXXXXXXXX/56 dev lo proto static metric 2147483647 error 4294967148 pref medium
  278. fd83:XXXXXXXXXXXXXXXXXXX/64 dev br-lan proto static metric 1024 pref medium
  279. unreachable fd83:XXXXXXXXXXXXXXXXXXX/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
  280. fe80::/64 dev eth0 proto kernel metric 256 pref medium
  281. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  282. fe80::/64 dev eth1 proto kernel metric 256 pref medium
  283. fe80::/64 dev wlan1 proto kernel metric 256 pref medium
  284. fe80::/64 dev wlan0 proto kernel metric 256 pref medium
  285. fe80::/64 dev tun0 proto kernel metric 256 pref medium
  286. local ::1 dev lo table local proto kernel metric 0 pref medium
  287. anycast fd83:XXXXXXXXXXXXXXXXXXX dev br-lan table local proto kernel metric 0 pref medium
  288. local fd83:XXXXXXXXXXXXXXXXXXX dev br-lan table local proto kernel metric 0 pref medium
  289. anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
  290. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  291. anycast fe80:: dev eth1 table local proto kernel metric 0 pref medium
  292. anycast fe80:: dev wlan1 table local proto kernel metric 0 pref medium
  293. anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
  294. anycast fe80:: dev tun0 table local proto kernel metric 0 pref medium
  295. local fe80:XXXXXXXXXXXXXXXXXXX dev tun0 table local proto kernel metric 0 pref medium
  296. local fe80:XXXXXXXXXXXXXXXXXXX dev wlan0 table local proto kernel metric 0 pref medium
  297. local fe80:XXXXXXXXXXXXXXXXXXX dev eth0 table local proto kernel metric 0 pref medium
  298. local fe80:XXXXXXXXXXXXXXXXXXX dev br-lan table local proto kernel metric 0 pref medium
  299. local fe80:XXXXXXXXXXXXXXXXXXX dev wlan1 table local proto kernel metric 0 pref medium
  300. local fe80:XXXXXXXXXXXXXXXXXXX dev eth1 table local proto kernel metric 0 pref medium
  301. ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
  302. ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
  303. ff00::/8 dev eth1 table local proto kernel metric 256 pref medium
  304. ff00::/8 dev wlan1 table local proto kernel metric 256 pref medium
  305. ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
  306. ff00::/8 dev tun0 table local proto kernel metric 256 pref medium
  307. 0: from all lookup local
  308. 32766: from all lookup main
  309. 32767: from all lookup default
  310. 0: from all lookup local
  311. 32766: from all lookup main
  312. 4200000001: from all iif lo failed_policy
  313. 4200000003: from all iif eth1 failed_policy
  314. 4200000003: from all iif eth1 failed_policy
  315. 4200000007: from all iif br-lan failed_policy
  316. 4200000013: from all iif tun0 failed_policy
  317. # Generated by iptables-save v1.8.3 on Thu Aug 5 12:16:13 2021
  318. *nat
  319. :PREROUTING ACCEPT [43441:6950913]
  320. :INPUT ACCEPT [12149:834704]
  321. :OUTPUT ACCEPT [10980:778092]
  322. :POSTROUTING ACCEPT [137:18749]
  323. :postrouting_lan_rule - [0:0]
  324. :postrouting_rule - [0:0]
  325. :postrouting_vpnfirewall_rule - [0:0]
  326. :postrouting_wan_rule - [0:0]
  327. :prerouting_lan_rule - [0:0]
  328. :prerouting_rule - [0:0]
  329. :prerouting_vpnfirewall_rule - [0:0]
  330. :prerouting_wan_rule - [0:0]
  331. :zone_lan_postrouting - [0:0]
  332. :zone_lan_prerouting - [0:0]
  333. :zone_vpnfirewall_postrouting - [0:0]
  334. :zone_vpnfirewall_prerouting - [0:0]
  335. :zone_wan_postrouting - [0:0]
  336. :zone_wan_prerouting - [0:0]
  337. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  338. -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  339. -A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
  340. -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_prerouting
  341. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  342. -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  343. -A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
  344. -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_postrouting
  345. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  346. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  347. -A zone_vpnfirewall_postrouting -m comment --comment "!fw3: Custom vpnfirewall postrouting rule chain" -j postrouting_vpnfirewall_rule
  348. -A zone_vpnfirewall_postrouting -m comment --comment "!fw3" -j MASQUERADE
  349. -A zone_vpnfirewall_prerouting -m comment --comment "!fw3: Custom vpnfirewall prerouting rule chain" -j prerouting_vpnfirewall_rule
  350. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  351. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  352. COMMIT
  353. # Completed on Thu Aug 5 12:16:13 2021
  354. # Generated by iptables-save v1.8.3 on Thu Aug 5 12:16:13 2021
  355. *mangle
  356. :PREROUTING ACCEPT [37166933:43179946576]
  357. :INPUT ACCEPT [16563465:21975733291]
  358. :FORWARD ACCEPT [20583701:21200176462]
  359. :OUTPUT ACCEPT [4106306:483441543]
  360. :POSTROUTING ACCEPT [24687378:21683487117]
  361. -A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  362. -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  363. -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpnfirewall MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  364. -A FORWARD -i tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpnfirewall MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  365. COMMIT
  366. # Completed on Thu Aug 5 12:16:14 2021
  367. # Generated by iptables-save v1.8.3 on Thu Aug 5 12:16:14 2021
  368. *filter
  369. :INPUT ACCEPT [0:0]
  370. :FORWARD DROP [0:0]
  371. :OUTPUT ACCEPT [0:0]
  372. :forwarding_lan_rule - [0:0]
  373. :forwarding_rule - [0:0]
  374. :forwarding_vpnfirewall_rule - [0:0]
  375. :forwarding_wan_rule - [0:0]
  376. :input_lan_rule - [0:0]
  377. :input_rule - [0:0]
  378. :input_vpnfirewall_rule - [0:0]
  379. :input_wan_rule - [0:0]
  380. :output_lan_rule - [0:0]
  381. :output_rule - [0:0]
  382. :output_vpnfirewall_rule - [0:0]
  383. :output_wan_rule - [0:0]
  384. :reject - [0:0]
  385. :syn_flood - [0:0]
  386. :zone_lan_dest_ACCEPT - [0:0]
  387. :zone_lan_forward - [0:0]
  388. :zone_lan_input - [0:0]
  389. :zone_lan_output - [0:0]
  390. :zone_lan_src_ACCEPT - [0:0]
  391. :zone_vpnfirewall_dest_ACCEPT - [0:0]
  392. :zone_vpnfirewall_dest_REJECT - [0:0]
  393. :zone_vpnfirewall_forward - [0:0]
  394. :zone_vpnfirewall_input - [0:0]
  395. :zone_vpnfirewall_output - [0:0]
  396. :zone_vpnfirewall_src_REJECT - [0:0]
  397. :zone_wan_dest_ACCEPT - [0:0]
  398. :zone_wan_dest_REJECT - [0:0]
  399. :zone_wan_forward - [0:0]
  400. :zone_wan_input - [0:0]
  401. :zone_wan_output - [0:0]
  402. :zone_wan_src_REJECT - [0:0]
  403. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  404. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  405. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  406. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  407. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  408. -A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
  409. -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_input
  410. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  411. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  412. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  413. -A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
  414. -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_forward
  415. -A FORWARD -m comment --comment "!fw3" -j reject
  416. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  417. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  418. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  419. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  420. -A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
  421. -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_output
  422. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  423. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  424. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  425. -A syn_flood -m comment --comment "!fw3" -j DROP
  426. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  427. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  428. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpnfirewall forwarding policy" -j zone_vpnfirewall_dest_ACCEPT
  429. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  430. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  431. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  432. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  433. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  434. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  435. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  436. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  437. -A zone_vpnfirewall_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  438. -A zone_vpnfirewall_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
  439. -A zone_vpnfirewall_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
  440. -A zone_vpnfirewall_forward -m comment --comment "!fw3: Custom vpnfirewall forwarding rule chain" -j forwarding_vpnfirewall_rule
  441. -A zone_vpnfirewall_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  442. -A zone_vpnfirewall_forward -m comment --comment "!fw3" -j zone_vpnfirewall_dest_REJECT
  443. -A zone_vpnfirewall_input -m comment --comment "!fw3: Custom vpnfirewall input rule chain" -j input_vpnfirewall_rule
  444. -A zone_vpnfirewall_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  445. -A zone_vpnfirewall_input -m comment --comment "!fw3" -j zone_vpnfirewall_src_REJECT
  446. -A zone_vpnfirewall_output -m comment --comment "!fw3: Custom vpnfirewall output rule chain" -j output_vpnfirewall_rule
  447. -A zone_vpnfirewall_output -m comment --comment "!fw3" -j zone_vpnfirewall_dest_ACCEPT
  448. -A zone_vpnfirewall_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
  449. -A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
  450. -A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
  451. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  452. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  453. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  454. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  455. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  456. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  457. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  458. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  459. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  460. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  461. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  462. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  463. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  464. -A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
  465. COMMIT
  466. # Completed on Thu Aug 5 12:16:14 2021
  467. # Generated by ip6tables-save v1.8.3 on Thu Aug 5 12:16:14 2021
  468. *mangle
  469. :PREROUTING ACCEPT [11768:1510478]
  470. :INPUT ACCEPT [8845:722266]
  471. :FORWARD ACCEPT [0:0]
  472. :OUTPUT ACCEPT [9079:1088321]
  473. :POSTROUTING ACCEPT [9079:1088321]
  474. -A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  475. -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  476. -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpnfirewall MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  477. -A FORWARD -i tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpnfirewall MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  478. COMMIT
  479. # Completed on Thu Aug 5 12:16:14 2021
  480. # Generated by ip6tables-save v1.8.3 on Thu Aug 5 12:16:14 2021
  481. *filter
  482. :INPUT ACCEPT [0:0]
  483. :FORWARD DROP [0:0]
  484. :OUTPUT ACCEPT [0:0]
  485. :forwarding_lan_rule - [0:0]
  486. :forwarding_rule - [0:0]
  487. :forwarding_vpnfirewall_rule - [0:0]
  488. :forwarding_wan_rule - [0:0]
  489. :input_lan_rule - [0:0]
  490. :input_rule - [0:0]
  491. :input_vpnfirewall_rule - [0:0]
  492. :input_wan_rule - [0:0]
  493. :output_lan_rule - [0:0]
  494. :output_rule - [0:0]
  495. :output_vpnfirewall_rule - [0:0]
  496. :output_wan_rule - [0:0]
  497. :reject - [0:0]
  498. :syn_flood - [0:0]
  499. :zone_lan_dest_ACCEPT - [0:0]
  500. :zone_lan_forward - [0:0]
  501. :zone_lan_input - [0:0]
  502. :zone_lan_output - [0:0]
  503. :zone_lan_src_ACCEPT - [0:0]
  504. :zone_vpnfirewall_dest_ACCEPT - [0:0]
  505. :zone_vpnfirewall_dest_REJECT - [0:0]
  506. :zone_vpnfirewall_forward - [0:0]
  507. :zone_vpnfirewall_input - [0:0]
  508. :zone_vpnfirewall_output - [0:0]
  509. :zone_vpnfirewall_src_REJECT - [0:0]
  510. :zone_wan_dest_ACCEPT - [0:0]
  511. :zone_wan_dest_REJECT - [0:0]
  512. :zone_wan_forward - [0:0]
  513. :zone_wan_input - [0:0]
  514. :zone_wan_output - [0:0]
  515. :zone_wan_src_REJECT - [0:0]
  516. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  517. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  518. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  519. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  520. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  521. -A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
  522. -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_input
  523. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  524. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  525. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  526. -A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
  527. -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_forward
  528. -A FORWARD -m comment --comment "!fw3" -j reject
  529. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  530. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  531. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  532. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  533. -A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
  534. -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_output
  535. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  536. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
  537. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  538. -A syn_flood -m comment --comment "!fw3" -j DROP
  539. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  540. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  541. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpnfirewall forwarding policy" -j zone_vpnfirewall_dest_ACCEPT
  542. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  543. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  544. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  545. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  546. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  547. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  548. -A zone_vpnfirewall_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  549. -A zone_vpnfirewall_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
  550. -A zone_vpnfirewall_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
  551. -A zone_vpnfirewall_forward -m comment --comment "!fw3: Custom vpnfirewall forwarding rule chain" -j forwarding_vpnfirewall_rule
  552. -A zone_vpnfirewall_forward -m comment --comment "!fw3" -j zone_vpnfirewall_dest_REJECT
  553. -A zone_vpnfirewall_input -m comment --comment "!fw3: Custom vpnfirewall input rule chain" -j input_vpnfirewall_rule
  554. -A zone_vpnfirewall_input -m comment --comment "!fw3" -j zone_vpnfirewall_src_REJECT
  555. -A zone_vpnfirewall_output -m comment --comment "!fw3: Custom vpnfirewall output rule chain" -j output_vpnfirewall_rule
  556. -A zone_vpnfirewall_output -m comment --comment "!fw3" -j zone_vpnfirewall_dest_ACCEPT
  557. -A zone_vpnfirewall_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
  558. -A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
  559. -A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
  560. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  561. -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  562. -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  563. -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  564. -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  565. -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  566. -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  567. -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  568. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  569. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  570. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  571. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  572. -A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
  573. -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  574. -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  575. -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  576. -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  577. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  578. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  579. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  580. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  581. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  582. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  583. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  584. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  585. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  586. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  587. -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  588. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  589. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  590. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  591. -A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
  592. COMMIT
  593. # Completed on Thu Aug 5 12:16:14 2021
  594. ==> /etc/resolv.conf <==
  595. search lan
  596. nameserver 127.0.0.1
  597.  
  598. ==> /tmp/resolv.conf <==
  599. search lan
  600. nameserver 127.0.0.1
  601.  
  602. ==> /tmp/resolv.conf.auto <==
  603. # Interface wan
  604. nameserver 208.67.222.222
  605. nameserver 208.67.220.220
  606. head: /tmp/resolv.*/*: No such file or directory
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!