Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- login as: root
- root@192.168.5.1's password:
- BusyBox v1.28.3 () built-in shell (ash)
- _______ ________ __
- | |.-----.-----.-----.| | | |.----.| |_
- | - || _ | -__| || | | || _|| _|
- |_______|| __|_____|__|__||________||__| |____|
- |__| W I R E L E S S F R E E D O M
- -----------------------------------------------------
- OpenWrt 18.06.1, r7258-5eb055306f
- -----------------------------------------------------
- root@MT300N-V2:~# uci show network; uci show firewall ; uci show openvpn; \
- > ip -4 addr; ip -4 ro; ip -4 ru; \
- > iptables-save -c
- network.loopback=interface
- network.loopback.ifname='lo'
- network.loopback.proto='static'
- network.loopback.ipaddr='127.0.0.1'
- network.loopback.netmask='255.0.0.0'
- network.globals=globals
- network.globals.ula_prefix='fdbe:e13a:0997::/48'
- network.lan=interface
- network.lan.type='bridge'
- network.lan.ifname='eth0.1'
- network.lan.proto='static'
- network.lan.netmask='255.255.255.0'
- network.lan.ip6assign='60'
- network.lan.hostname='GL-MT300N-V2-ea3'
- network.lan.ipaddr='192.168.5.1'
- network.wan=interface
- network.wan.ifname='eth0.2'
- network.wan.hostname='GL-MT300N-V2-ea3'
- network.wan.metric='10'
- network.wan.proto='static'
- network.wan.ipaddr='192.168.1.152'
- network.wan.gateway='192.168.1.1'
- network.wan.netmask='255.255.255.0'
- network.wan.peerdns='0'
- network.wan.dns='192.168.1.1 8.8.8.8'
- network.wan_dev=device
- network.wan_dev.name='eth0.2'
- network.wan_dev.macaddr='94:83:c4:00:4e:a3'
- network.wan6=interface
- network.wan6.ifname='eth0.2'
- network.wan6.proto='dhcpv6'
- network.@switch[0]=switch
- network.@switch[0].name='switch0'
- network.@switch[0].reset='1'
- network.@switch[0].enable_vlan='1'
- network.@switch_vlan[0]=switch_vlan
- network.@switch_vlan[0].device='switch0'
- network.@switch_vlan[0].vlan='1'
- network.@switch_vlan[0].ports='1 6t'
- network.@switch_vlan[1]=switch_vlan
- network.@switch_vlan[1].device='switch0'
- network.@switch_vlan[1].vlan='2'
- network.@switch_vlan[1].ports='0 6t'
- network.guest=interface
- network.guest.ifname='guest'
- network.guest.type='bridge'
- network.guest.proto='static'
- network.guest.ipaddr='192.168.9.1'
- network.guest.netmask='255.255.255.0'
- network.guest.ip6assign='60'
- network.ovpn=interface
- network.ovpn.ifname='tun0'
- network.ovpn.proto='none'
- firewall.@defaults[0]=defaults
- firewall.@defaults[0].syn_flood='1'
- firewall.@defaults[0].input='ACCEPT'
- firewall.@defaults[0].output='ACCEPT'
- firewall.@defaults[0].forward='ACCEPT'
- firewall.@zone[0]=zone
- firewall.@zone[0].name='lan'
- firewall.@zone[0].input='ACCEPT'
- firewall.@zone[0].output='ACCEPT'
- firewall.@zone[0].forward='ACCEPT'
- firewall.@zone[0].network='lan ovpn'
- firewall.@zone[1]=zone
- firewall.@zone[1].name='wan'
- firewall.@zone[1].output='ACCEPT'
- firewall.@zone[1].masq='1'
- firewall.@zone[1].mtu_fix='1'
- firewall.@zone[1].network='wan wan6'
- firewall.@zone[1].input='ACCEPT'
- firewall.@zone[1].forward='ACCEPT'
- firewall.@forwarding[0]=forwarding
- firewall.@forwarding[0].src='lan'
- firewall.@forwarding[0].dest='wan'
- firewall.@forwarding[0].enabled='0'
- firewall.@rule[0]=rule
- firewall.@rule[0].name='Allow-DHCP-Renew'
- firewall.@rule[0].src='wan'
- firewall.@rule[0].proto='udp'
- firewall.@rule[0].dest_port='68'
- firewall.@rule[0].target='ACCEPT'
- firewall.@rule[0].family='ipv4'
- firewall.@rule[1]=rule
- firewall.@rule[1].name='Allow-Ping'
- firewall.@rule[1].src='wan'
- firewall.@rule[1].proto='icmp'
- firewall.@rule[1].icmp_type='echo-request'
- firewall.@rule[1].family='ipv4'
- firewall.@rule[1].target='ACCEPT'
- firewall.@rule[2]=rule
- firewall.@rule[2].name='Allow-IGMP'
- firewall.@rule[2].src='wan'
- firewall.@rule[2].proto='igmp'
- firewall.@rule[2].family='ipv4'
- firewall.@rule[2].target='ACCEPT'
- firewall.@rule[3]=rule
- firewall.@rule[3].name='Allow-DHCPv6'
- firewall.@rule[3].src='wan'
- firewall.@rule[3].proto='udp'
- firewall.@rule[3].src_ip='fc00::/6'
- firewall.@rule[3].dest_ip='fc00::/6'
- firewall.@rule[3].dest_port='546'
- firewall.@rule[3].family='ipv6'
- firewall.@rule[3].target='ACCEPT'
- firewall.@rule[4]=rule
- firewall.@rule[4].name='Allow-MLD'
- firewall.@rule[4].src='wan'
- firewall.@rule[4].proto='icmp'
- firewall.@rule[4].src_ip='fe80::/10'
- firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
- firewall.@rule[4].family='ipv6'
- firewall.@rule[4].target='ACCEPT'
- firewall.@rule[5]=rule
- firewall.@rule[5].name='Allow-ICMPv6-Input'
- firewall.@rule[5].src='wan'
- firewall.@rule[5].proto='icmp'
- firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
- firewall.@rule[5].limit='1000/sec'
- firewall.@rule[5].family='ipv6'
- firewall.@rule[5].target='ACCEPT'
- firewall.@rule[6]=rule
- firewall.@rule[6].name='Allow-ICMPv6-Forward'
- firewall.@rule[6].src='wan'
- firewall.@rule[6].dest='*'
- firewall.@rule[6].proto='icmp'
- firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
- firewall.@rule[6].limit='1000/sec'
- firewall.@rule[6].family='ipv6'
- firewall.@rule[6].target='ACCEPT'
- firewall.@rule[7]=rule
- firewall.@rule[7].name='Allow-IPSec-ESP'
- firewall.@rule[7].src='wan'
- firewall.@rule[7].dest='lan'
- firewall.@rule[7].proto='esp'
- firewall.@rule[7].target='ACCEPT'
- firewall.@rule[8]=rule
- firewall.@rule[8].name='Allow-ISAKMP'
- firewall.@rule[8].src='wan'
- firewall.@rule[8].dest='lan'
- firewall.@rule[8].dest_port='500'
- firewall.@rule[8].proto='udp'
- firewall.@rule[8].target='ACCEPT'
- firewall.@include[0]=include
- firewall.@include[0].path='/etc/firewall.user'
- firewall.@include[0].reload='1'
- firewall.glfw=include
- firewall.glfw.type='script'
- firewall.glfw.path='/usr/bin/glfw.sh'
- firewall.glfw.reload='1'
- firewall.glqos=include
- firewall.glqos.type='script'
- firewall.glqos.path='/usr/sbin/glqos.sh'
- firewall.glqos.reload='1'
- firewall.mwan3=include
- firewall.mwan3.type='script'
- firewall.mwan3.path='/var/etc/mwan3.include'
- firewall.mwan3.reload='1'
- firewall.guestzone=zone
- firewall.guestzone.name='guestzone'
- firewall.guestzone.network='guest'
- firewall.guestzone.output='ACCEPT'
- firewall.guestzone.input='ACCEPT'
- firewall.guestzone.forward='ACCEPT'
- firewall.guestzone_fwd=forwarding
- firewall.guestzone_fwd.src='guestzone'
- firewall.guestzone_fwd.dest='wan'
- firewall.guestzone_fwd.enabled='0'
- firewall.guestzone_dhcp=rule
- firewall.guestzone_dhcp.name='guestzone_DHCP'
- firewall.guestzone_dhcp.src='guestzone'
- firewall.guestzone_dhcp.target='ACCEPT'
- firewall.guestzone_dhcp.proto='udp'
- firewall.guestzone_dhcp.dest_port='67-68'
- firewall.guestzone_dns=rule
- firewall.guestzone_dns.name='guestzone_DNS'
- firewall.guestzone_dns.src='guestzone'
- firewall.guestzone_dns.target='ACCEPT'
- firewall.guestzone_dns.proto='tcp udp'
- firewall.guestzone_dns.dest_port='53'
- firewall.glservice_rule=rule
- firewall.glservice_rule.name='glservice'
- firewall.glservice_rule.dest_port='83'
- firewall.glservice_rule.proto='tcp udp'
- firewall.glservice_rule.src='wan'
- firewall.glservice_rule.target='ACCEPT'
- firewall.glservice_rule.enabled='0'
- firewall.vpn_zone=zone
- firewall.vpn_zone.name='ovpn'
- firewall.vpn_zone.input='ACCEPT'
- firewall.vpn_zone.output='ACCEPT'
- firewall.vpn_zone.network='ovpn'
- firewall.vpn_zone.masq='1'
- firewall.vpn_zone.mtu_fix='1'
- firewall.vpn_zone.forward='ACCEPT'
- firewall.forwarding_vpn1=forwarding
- firewall.forwarding_vpn1.dest='ovpn'
- firewall.forwarding_vpn1.src='lan'
- firewall.forwarding_guest_ovpn=forwarding
- firewall.forwarding_guest_ovpn.dest='ovpn'
- firewall.forwarding_guest_ovpn.src='guestzone'
- openvpn.custom_config=openvpn
- openvpn.custom_config.enabled='0'
- openvpn.custom_config.config='/etc/openvpn/my-vpn.conf'
- openvpn.sample_server=openvpn
- openvpn.sample_server.enabled='0'
- openvpn.sample_server.port='1194'
- openvpn.sample_server.proto='udp'
- openvpn.sample_server.dev='tun'
- openvpn.sample_server.ca='/etc/openvpn/ca.crt'
- openvpn.sample_server.cert='/etc/openvpn/server.crt'
- openvpn.sample_server.key='/etc/openvpn/server.key'
- openvpn.sample_server.dh='/etc/openvpn/dh1024.pem'
- openvpn.sample_server.server='10.8.0.0 255.255.255.0'
- openvpn.sample_server.ifconfig_pool_persist='/tmp/ipp.txt'
- openvpn.sample_server.keepalive='10 120'
- openvpn.sample_server.compress='lzo'
- openvpn.sample_server.persist_key='1'
- openvpn.sample_server.persist_tun='1'
- openvpn.sample_server.user='nobody'
- openvpn.sample_server.status='/tmp/openvpn-status.log'
- openvpn.sample_server.verb='3'
- openvpn.sample_client=openvpn
- openvpn.sample_client.enabled='0'
- openvpn.sample_client.client='1'
- openvpn.sample_client.dev='tun'
- openvpn.sample_client.proto='udp'
- openvpn.sample_client.remote='my_server_1 1194'
- openvpn.sample_client.resolv_retry='infinite'
- openvpn.sample_client.nobind='1'
- openvpn.sample_client.persist_key='1'
- openvpn.sample_client.persist_tun='1'
- openvpn.sample_client.user='nobody'
- openvpn.sample_client.ca='/etc/openvpn/ca.crt'
- openvpn.sample_client.cert='/etc/openvpn/client.crt'
- openvpn.sample_client.key='/etc/openvpn/client.key'
- openvpn.sample_client.compress='lzo'
- openvpn.sample_client.verb='3'
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- 15: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
- inet 192.168.5.1/24 brd 192.168.5.255 scope global br-lan
- valid_lft forever preferred_lft forever
- 17: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
- inet 192.168.1.152/24 brd 192.168.1.255 scope global eth0.2
- valid_lft forever preferred_lft forever
- 19: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
- inet 10.8.0.3/24 brd 10.8.0.255 scope global tun0
- valid_lft forever preferred_lft forever
- 0.0.0.0/1 via 10.8.0.1 dev tun0
- default via 192.168.1.1 dev eth0.2 proto static metric 10
- 10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.3
- 79.1.192.253 via 192.168.1.1 dev eth0.2
- 128.0.0.0/1 via 10.8.0.1 dev tun0
- 192.168.1.0/24 dev eth0.2 proto static scope link metric 10
- 192.168.5.0/24 dev br-lan proto kernel scope link src 192.168.5.1
- 0: from all lookup local
- 1001: from all iif eth0.2 lookup main
- 2001: from all fwmark 0x100/0x3f00 lookup 1
- 2061: from all fwmark 0x3d00/0x3f00 blackhole
- 2062: from all fwmark 0x3e00/0x3f00 unreachable
- 32766: from all lookup main
- 32767: from all lookup default
- # Generated by iptables-save v1.6.2 on Sun Dec 8 01:18:32 2019
- *nat
- :PREROUTING ACCEPT [14996:4364956]
- :INPUT ACCEPT [3917:268993]
- :OUTPUT ACCEPT [10939:916111]
- :POSTROUTING ACCEPT [39:9028]
- :GL_SPEC_DMZ - [0:0]
- :GL_SPEC_FORWARDING - [0:0]
- :postrouting_guestzone_rule - [0:0]
- :postrouting_lan_rule - [0:0]
- :postrouting_rule - [0:0]
- :postrouting_wan_rule - [0:0]
- :prerouting_guestzone_rule - [0:0]
- :prerouting_lan_rule - [0:0]
- :prerouting_rule - [0:0]
- :prerouting_wan_rule - [0:0]
- :zone_guestzone_postrouting - [0:0]
- :zone_guestzone_prerouting - [0:0]
- :zone_lan_postrouting - [0:0]
- :zone_lan_prerouting - [0:0]
- :zone_ovpn_postrouting - [0:0]
- :zone_ovpn_prerouting - [0:0]
- :zone_wan_postrouting - [0:0]
- :zone_wan_prerouting - [0:0]
- [14996:4364956] -A PREROUTING -j GL_SPEC_DMZ
- [14996:4364956] -A PREROUTING -j GL_SPEC_FORWARDING
- [14996:4364956] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
- [5261:618632] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
- [0:0] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_lan_prerouting
- [9735:3746324] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
- [0:0] -A PREROUTING -i br-guest -m comment --comment "!fw3" -j zone_guestzone_prerouting
- [0:0] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_ovpn_prerouting
- [11680:1022010] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
- [36:8820] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
- [2130:214257] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_lan_postrouting
- [9511:798725] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
- [0:0] -A POSTROUTING -o br-guest -m comment --comment "!fw3" -j zone_guestzone_postrouting
- [2130:214257] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_ovpn_postrouting
- [0:0] -A zone_guestzone_postrouting -m comment --comment "!fw3: Custom guestzone postrouting rule chain" -j postrouting_guestzone_rule
- [0:0] -A zone_guestzone_prerouting -m comment --comment "!fw3: Custom guestzone prerouting rule chain" -j prerouting_guestzone_rule
- [2166:223077] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
- [5261:618632] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
- [2130:214257] -A zone_ovpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
- [9511:798725] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
- [9511:798725] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
- [9735:3746324] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
- COMMIT
- # Completed on Sun Dec 8 01:18:32 2019
- # Generated by iptables-save v1.6.2 on Sun Dec 8 01:18:32 2019
- *mangle
- :PREROUTING ACCEPT [302506:89020722]
- :INPUT ACCEPT [139653:41950562]
- :FORWARD ACCEPT [152515:43080096]
- :OUTPUT ACCEPT [164460:38080252]
- :POSTROUTING ACCEPT [317017:81176644]
- :mwan3_connected - [0:0]
- :mwan3_hook - [0:0]
- :mwan3_iface_in_wan - [0:0]
- :mwan3_iface_out_wan - [0:0]
- :mwan3_ifaces_in - [0:0]
- :mwan3_ifaces_out - [0:0]
- :mwan3_policy_default_poli - [0:0]
- :mwan3_rules - [0:0]
- [302506:89020722] -A PREROUTING -j mwan3_hook
- [5:260] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
- [518:26804] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone ovpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
- [164460:38080252] -A OUTPUT -j mwan3_hook
- [16229:1535815] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
- [466966:127100974] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
- [25965:5282179] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
- [16229:1535815] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
- [0:0] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
- [0:0] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
- [466966:127100974] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
- [0:0] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
- [9736:3746364] -A mwan3_iface_in_wan -i eth0.2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
- [0:0] -A mwan3_iface_in_wan -i eth0.2 -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
- [0:0] -A mwan3_iface_out_wan -o eth0.2 -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
- [25965:5282179] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wan
- [0:0] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wan
- [0:0] -A mwan3_policy_default_poli -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
- [0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_default_poli
- COMMIT
- # Completed on Sun Dec 8 01:18:32 2019
- # Generated by iptables-save v1.6.2 on Sun Dec 8 01:18:32 2019
- *filter
- :INPUT ACCEPT [1:40]
- :FORWARD ACCEPT [7:389]
- :OUTPUT ACCEPT [0:0]
- :GL_SPEC_OPENING - [0:0]
- :forwarding_guestzone_rule - [0:0]
- :forwarding_lan_rule - [0:0]
- :forwarding_rule - [0:0]
- :forwarding_wan_rule - [0:0]
- :input_guestzone_rule - [0:0]
- :input_lan_rule - [0:0]
- :input_rule - [0:0]
- :input_wan_rule - [0:0]
- :output_guestzone_rule - [0:0]
- :output_lan_rule - [0:0]
- :output_rule - [0:0]
- :output_wan_rule - [0:0]
- :reject - [0:0]
- :syn_flood - [0:0]
- :zone_guestzone_dest_ACCEPT - [0:0]
- :zone_guestzone_forward - [0:0]
- :zone_guestzone_input - [0:0]
- :zone_guestzone_output - [0:0]
- :zone_guestzone_src_ACCEPT - [0:0]
- :zone_lan_dest_ACCEPT - [0:0]
- :zone_lan_forward - [0:0]
- :zone_lan_input - [0:0]
- :zone_lan_output - [0:0]
- :zone_lan_src_ACCEPT - [0:0]
- :zone_ovpn_dest_ACCEPT - [0:0]
- :zone_ovpn_forward - [0:0]
- :zone_ovpn_input - [0:0]
- :zone_ovpn_output - [0:0]
- :zone_ovpn_src_ACCEPT - [0:0]
- :zone_wan_dest_ACCEPT - [0:0]
- :zone_wan_forward - [0:0]
- :zone_wan_input - [0:0]
- :zone_wan_output - [0:0]
- :zone_wan_src_ACCEPT - [0:0]
- [139673:41955162] -A INPUT -j GL_SPEC_OPENING
- [32:2535] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
- [139641:41952627] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
- [135164:41641016] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [946:46136] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
- [3577:246465] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
- [0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_lan_input
- [900:65146] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
- [0:0] -A INPUT -i br-guest -m comment --comment "!fw3" -j zone_guestzone_input
- [0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_ovpn_input
- [152515:43080096] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
- [147095:42744677] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [5420:335419] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
- [0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_lan_forward
- [0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
- [0:0] -A FORWARD -i br-guest -m comment --comment "!fw3" -j zone_guestzone_forward
- [0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_ovpn_forward
- [35:2775] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
- [164455:38083426] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
- [153146:37135732] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [72:17496] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
- [1733:131862] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_lan_output
- [9504:798336] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
- [0:0] -A OUTPUT -o br-guest -m comment --comment "!fw3" -j zone_guestzone_output
- [0:0] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_ovpn_output
- [0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
- [0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
- [946:46136] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
- [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
- [0:0] -A zone_guestzone_dest_ACCEPT -o br-guest -m comment --comment "!fw3" -j ACCEPT
- [0:0] -A zone_guestzone_forward -m comment --comment "!fw3: Custom guestzone forwarding rule chain" -j forwarding_guestzone_rule
- [0:0] -A zone_guestzone_forward -m comment --comment "!fw3: Zone guestzone to ovpn forwarding policy" -j zone_ovpn_dest_ACCEPT
- [0:0] -A zone_guestzone_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- [0:0] -A zone_guestzone_forward -m comment --comment "!fw3" -j zone_guestzone_dest_ACCEPT
- [0:0] -A zone_guestzone_input -m comment --comment "!fw3: Custom guestzone input rule chain" -j input_guestzone_rule
- [0:0] -A zone_guestzone_input -p udp -m udp --dport 67:68 -m comment --comment "!fw3: guestzone_DHCP" -j ACCEPT
- [0:0] -A zone_guestzone_input -p tcp -m tcp --dport 53 -m comment --comment "!fw3: guestzone_DNS" -j ACCEPT
- [0:0] -A zone_guestzone_input -p udp -m udp --dport 53 -m comment --comment "!fw3: guestzone_DNS" -j ACCEPT
- [0:0] -A zone_guestzone_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- [0:0] -A zone_guestzone_input -m comment --comment "!fw3" -j zone_guestzone_src_ACCEPT
- [0:0] -A zone_guestzone_output -m comment --comment "!fw3: Custom guestzone output rule chain" -j output_guestzone_rule
- [0:0] -A zone_guestzone_output -m comment --comment "!fw3" -j zone_guestzone_dest_ACCEPT
- [0:0] -A zone_guestzone_src_ACCEPT -i br-guest -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- [72:17496] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
- [1733:131862] -A zone_lan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
- [5420:335419] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
- [5420:335419] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to ovpn forwarding policy" -j zone_ovpn_dest_ACCEPT
- [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- [7:389] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- [3577:246465] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
- [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- [3577:246465] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
- [1805:149358] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
- [1805:149358] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- [3577:246465] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- [0:0] -A zone_lan_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- [30:1200] -A zone_ovpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
- [5383:333830] -A zone_ovpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
- [0:0] -A zone_ovpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- [0:0] -A zone_ovpn_forward -m comment --comment "!fw3" -j zone_ovpn_dest_ACCEPT
- [0:0] -A zone_ovpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- [0:0] -A zone_ovpn_input -m comment --comment "!fw3" -j zone_ovpn_src_ACCEPT
- [0:0] -A zone_ovpn_output -m comment --comment "!fw3" -j zone_ovpn_dest_ACCEPT
- [0:0] -A zone_ovpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- [0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
- [9504:798336] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
- [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
- [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
- [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
- [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
- [900:65146] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
- [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
- [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
- [193:6176] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
- [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- [707:58970] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
- [9504:798336] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
- [9504:798336] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
- [706:58930] -A zone_wan_src_ACCEPT -i eth0.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- COMMIT
- # Completed on Sun Dec 8 01:18:32 2019
- root@MT300N-V2:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement