API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 7th, 2019
1,906
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.51 KB | None | 0 0
raw download clone embed print report
  1. login as: root
  2. root@192.168.5.1's password:
  3.  
  4.  
  5. BusyBox v1.28.3 () built-in shell (ash)
  6.  
  7. _______ ________ __
  8. | |.-----.-----.-----.| | | |.----.| |_
  9. | - || _ | -__| || | | || _|| _|
  10. |_______|| __|_____|__|__||________||__| |____|
  11. |__| W I R E L E S S F R E E D O M
  12. -----------------------------------------------------
  13. OpenWrt 18.06.1, r7258-5eb055306f
  14. -----------------------------------------------------
  15. root@MT300N-V2:~# uci show network; uci show firewall ; uci show openvpn; \
  16. > ip -4 addr; ip -4 ro; ip -4 ru; \
  17. > iptables-save -c
  18. network.loopback=interface
  19. network.loopback.ifname='lo'
  20. network.loopback.proto='static'
  21. network.loopback.ipaddr='127.0.0.1'
  22. network.loopback.netmask='255.0.0.0'
  23. network.globals=globals
  24. network.globals.ula_prefix='fdbe:e13a:0997::/48'
  25. network.lan=interface
  26. network.lan.type='bridge'
  27. network.lan.ifname='eth0.1'
  28. network.lan.proto='static'
  29. network.lan.netmask='255.255.255.0'
  30. network.lan.ip6assign='60'
  31. network.lan.hostname='GL-MT300N-V2-ea3'
  32. network.lan.ipaddr='192.168.5.1'
  33. network.wan=interface
  34. network.wan.ifname='eth0.2'
  35. network.wan.hostname='GL-MT300N-V2-ea3'
  36. network.wan.metric='10'
  37. network.wan.proto='static'
  38. network.wan.ipaddr='192.168.1.152'
  39. network.wan.gateway='192.168.1.1'
  40. network.wan.netmask='255.255.255.0'
  41. network.wan.peerdns='0'
  42. network.wan.dns='192.168.1.1 8.8.8.8'
  43. network.wan_dev=device
  44. network.wan_dev.name='eth0.2'
  45. network.wan_dev.macaddr='94:83:c4:00:4e:a3'
  46. network.wan6=interface
  47. network.wan6.ifname='eth0.2'
  48. network.wan6.proto='dhcpv6'
  49. network.@switch[0]=switch
  50. network.@switch[0].name='switch0'
  51. network.@switch[0].reset='1'
  52. network.@switch[0].enable_vlan='1'
  53. network.@switch_vlan[0]=switch_vlan
  54. network.@switch_vlan[0].device='switch0'
  55. network.@switch_vlan[0].vlan='1'
  56. network.@switch_vlan[0].ports='1 6t'
  57. network.@switch_vlan[1]=switch_vlan
  58. network.@switch_vlan[1].device='switch0'
  59. network.@switch_vlan[1].vlan='2'
  60. network.@switch_vlan[1].ports='0 6t'
  61. network.guest=interface
  62. network.guest.ifname='guest'
  63. network.guest.type='bridge'
  64. network.guest.proto='static'
  65. network.guest.ipaddr='192.168.9.1'
  66. network.guest.netmask='255.255.255.0'
  67. network.guest.ip6assign='60'
  68. network.ovpn=interface
  69. network.ovpn.ifname='tun0'
  70. network.ovpn.proto='none'
  71. firewall.@defaults[0]=defaults
  72. firewall.@defaults[0].syn_flood='1'
  73. firewall.@defaults[0].input='ACCEPT'
  74. firewall.@defaults[0].output='ACCEPT'
  75. firewall.@defaults[0].forward='ACCEPT'
  76. firewall.@zone[0]=zone
  77. firewall.@zone[0].name='lan'
  78. firewall.@zone[0].input='ACCEPT'
  79. firewall.@zone[0].output='ACCEPT'
  80. firewall.@zone[0].forward='ACCEPT'
  81. firewall.@zone[0].network='lan ovpn'
  82. firewall.@zone[1]=zone
  83. firewall.@zone[1].name='wan'
  84. firewall.@zone[1].output='ACCEPT'
  85. firewall.@zone[1].masq='1'
  86. firewall.@zone[1].mtu_fix='1'
  87. firewall.@zone[1].network='wan wan6'
  88. firewall.@zone[1].input='ACCEPT'
  89. firewall.@zone[1].forward='ACCEPT'
  90. firewall.@forwarding[0]=forwarding
  91. firewall.@forwarding[0].src='lan'
  92. firewall.@forwarding[0].dest='wan'
  93. firewall.@forwarding[0].enabled='0'
  94. firewall.@rule[0]=rule
  95. firewall.@rule[0].name='Allow-DHCP-Renew'
  96. firewall.@rule[0].src='wan'
  97. firewall.@rule[0].proto='udp'
  98. firewall.@rule[0].dest_port='68'
  99. firewall.@rule[0].target='ACCEPT'
  100. firewall.@rule[0].family='ipv4'
  101. firewall.@rule[1]=rule
  102. firewall.@rule[1].name='Allow-Ping'
  103. firewall.@rule[1].src='wan'
  104. firewall.@rule[1].proto='icmp'
  105. firewall.@rule[1].icmp_type='echo-request'
  106. firewall.@rule[1].family='ipv4'
  107. firewall.@rule[1].target='ACCEPT'
  108. firewall.@rule[2]=rule
  109. firewall.@rule[2].name='Allow-IGMP'
  110. firewall.@rule[2].src='wan'
  111. firewall.@rule[2].proto='igmp'
  112. firewall.@rule[2].family='ipv4'
  113. firewall.@rule[2].target='ACCEPT'
  114. firewall.@rule[3]=rule
  115. firewall.@rule[3].name='Allow-DHCPv6'
  116. firewall.@rule[3].src='wan'
  117. firewall.@rule[3].proto='udp'
  118. firewall.@rule[3].src_ip='fc00::/6'
  119. firewall.@rule[3].dest_ip='fc00::/6'
  120. firewall.@rule[3].dest_port='546'
  121. firewall.@rule[3].family='ipv6'
  122. firewall.@rule[3].target='ACCEPT'
  123. firewall.@rule[4]=rule
  124. firewall.@rule[4].name='Allow-MLD'
  125. firewall.@rule[4].src='wan'
  126. firewall.@rule[4].proto='icmp'
  127. firewall.@rule[4].src_ip='fe80::/10'
  128. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  129. firewall.@rule[4].family='ipv6'
  130. firewall.@rule[4].target='ACCEPT'
  131. firewall.@rule[5]=rule
  132. firewall.@rule[5].name='Allow-ICMPv6-Input'
  133. firewall.@rule[5].src='wan'
  134. firewall.@rule[5].proto='icmp'
  135. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  136. firewall.@rule[5].limit='1000/sec'
  137. firewall.@rule[5].family='ipv6'
  138. firewall.@rule[5].target='ACCEPT'
  139. firewall.@rule[6]=rule
  140. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  141. firewall.@rule[6].src='wan'
  142. firewall.@rule[6].dest='*'
  143. firewall.@rule[6].proto='icmp'
  144. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  145. firewall.@rule[6].limit='1000/sec'
  146. firewall.@rule[6].family='ipv6'
  147. firewall.@rule[6].target='ACCEPT'
  148. firewall.@rule[7]=rule
  149. firewall.@rule[7].name='Allow-IPSec-ESP'
  150. firewall.@rule[7].src='wan'
  151. firewall.@rule[7].dest='lan'
  152. firewall.@rule[7].proto='esp'
  153. firewall.@rule[7].target='ACCEPT'
  154. firewall.@rule[8]=rule
  155. firewall.@rule[8].name='Allow-ISAKMP'
  156. firewall.@rule[8].src='wan'
  157. firewall.@rule[8].dest='lan'
  158. firewall.@rule[8].dest_port='500'
  159. firewall.@rule[8].proto='udp'
  160. firewall.@rule[8].target='ACCEPT'
  161. firewall.@include[0]=include
  162. firewall.@include[0].path='/etc/firewall.user'
  163. firewall.@include[0].reload='1'
  164. firewall.glfw=include
  165. firewall.glfw.type='script'
  166. firewall.glfw.path='/usr/bin/glfw.sh'
  167. firewall.glfw.reload='1'
  168. firewall.glqos=include
  169. firewall.glqos.type='script'
  170. firewall.glqos.path='/usr/sbin/glqos.sh'
  171. firewall.glqos.reload='1'
  172. firewall.mwan3=include
  173. firewall.mwan3.type='script'
  174. firewall.mwan3.path='/var/etc/mwan3.include'
  175. firewall.mwan3.reload='1'
  176. firewall.guestzone=zone
  177. firewall.guestzone.name='guestzone'
  178. firewall.guestzone.network='guest'
  179. firewall.guestzone.output='ACCEPT'
  180. firewall.guestzone.input='ACCEPT'
  181. firewall.guestzone.forward='ACCEPT'
  182. firewall.guestzone_fwd=forwarding
  183. firewall.guestzone_fwd.src='guestzone'
  184. firewall.guestzone_fwd.dest='wan'
  185. firewall.guestzone_fwd.enabled='0'
  186. firewall.guestzone_dhcp=rule
  187. firewall.guestzone_dhcp.name='guestzone_DHCP'
  188. firewall.guestzone_dhcp.src='guestzone'
  189. firewall.guestzone_dhcp.target='ACCEPT'
  190. firewall.guestzone_dhcp.proto='udp'
  191. firewall.guestzone_dhcp.dest_port='67-68'
  192. firewall.guestzone_dns=rule
  193. firewall.guestzone_dns.name='guestzone_DNS'
  194. firewall.guestzone_dns.src='guestzone'
  195. firewall.guestzone_dns.target='ACCEPT'
  196. firewall.guestzone_dns.proto='tcp udp'
  197. firewall.guestzone_dns.dest_port='53'
  198. firewall.glservice_rule=rule
  199. firewall.glservice_rule.name='glservice'
  200. firewall.glservice_rule.dest_port='83'
  201. firewall.glservice_rule.proto='tcp udp'
  202. firewall.glservice_rule.src='wan'
  203. firewall.glservice_rule.target='ACCEPT'
  204. firewall.glservice_rule.enabled='0'
  205. firewall.vpn_zone=zone
  206. firewall.vpn_zone.name='ovpn'
  207. firewall.vpn_zone.input='ACCEPT'
  208. firewall.vpn_zone.output='ACCEPT'
  209. firewall.vpn_zone.network='ovpn'
  210. firewall.vpn_zone.masq='1'
  211. firewall.vpn_zone.mtu_fix='1'
  212. firewall.vpn_zone.forward='ACCEPT'
  213. firewall.forwarding_vpn1=forwarding
  214. firewall.forwarding_vpn1.dest='ovpn'
  215. firewall.forwarding_vpn1.src='lan'
  216. firewall.forwarding_guest_ovpn=forwarding
  217. firewall.forwarding_guest_ovpn.dest='ovpn'
  218. firewall.forwarding_guest_ovpn.src='guestzone'
  219. openvpn.custom_config=openvpn
  220. openvpn.custom_config.enabled='0'
  221. openvpn.custom_config.config='/etc/openvpn/my-vpn.conf'
  222. openvpn.sample_server=openvpn
  223. openvpn.sample_server.enabled='0'
  224. openvpn.sample_server.port='1194'
  225. openvpn.sample_server.proto='udp'
  226. openvpn.sample_server.dev='tun'
  227. openvpn.sample_server.ca='/etc/openvpn/ca.crt'
  228. openvpn.sample_server.cert='/etc/openvpn/server.crt'
  229. openvpn.sample_server.key='/etc/openvpn/server.key'
  230. openvpn.sample_server.dh='/etc/openvpn/dh1024.pem'
  231. openvpn.sample_server.server='10.8.0.0 255.255.255.0'
  232. openvpn.sample_server.ifconfig_pool_persist='/tmp/ipp.txt'
  233. openvpn.sample_server.keepalive='10 120'
  234. openvpn.sample_server.compress='lzo'
  235. openvpn.sample_server.persist_key='1'
  236. openvpn.sample_server.persist_tun='1'
  237. openvpn.sample_server.user='nobody'
  238. openvpn.sample_server.status='/tmp/openvpn-status.log'
  239. openvpn.sample_server.verb='3'
  240. openvpn.sample_client=openvpn
  241. openvpn.sample_client.enabled='0'
  242. openvpn.sample_client.client='1'
  243. openvpn.sample_client.dev='tun'
  244. openvpn.sample_client.proto='udp'
  245. openvpn.sample_client.remote='my_server_1 1194'
  246. openvpn.sample_client.resolv_retry='infinite'
  247. openvpn.sample_client.nobind='1'
  248. openvpn.sample_client.persist_key='1'
  249. openvpn.sample_client.persist_tun='1'
  250. openvpn.sample_client.user='nobody'
  251. openvpn.sample_client.ca='/etc/openvpn/ca.crt'
  252. openvpn.sample_client.cert='/etc/openvpn/client.crt'
  253. openvpn.sample_client.key='/etc/openvpn/client.key'
  254. openvpn.sample_client.compress='lzo'
  255. openvpn.sample_client.verb='3'
  256. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  257. inet 127.0.0.1/8 scope host lo
  258. valid_lft forever preferred_lft forever
  259. 15: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  260. inet 192.168.5.1/24 brd 192.168.5.255 scope global br-lan
  261. valid_lft forever preferred_lft forever
  262. 17: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  263. inet 192.168.1.152/24 brd 192.168.1.255 scope global eth0.2
  264. valid_lft forever preferred_lft forever
  265. 19: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
  266. inet 10.8.0.3/24 brd 10.8.0.255 scope global tun0
  267. valid_lft forever preferred_lft forever
  268. 0.0.0.0/1 via 10.8.0.1 dev tun0
  269. default via 192.168.1.1 dev eth0.2 proto static metric 10
  270. 10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.3
  271. 79.1.192.253 via 192.168.1.1 dev eth0.2
  272. 128.0.0.0/1 via 10.8.0.1 dev tun0
  273. 192.168.1.0/24 dev eth0.2 proto static scope link metric 10
  274. 192.168.5.0/24 dev br-lan proto kernel scope link src 192.168.5.1
  275. 0: from all lookup local
  276. 1001: from all iif eth0.2 lookup main
  277. 2001: from all fwmark 0x100/0x3f00 lookup 1
  278. 2061: from all fwmark 0x3d00/0x3f00 blackhole
  279. 2062: from all fwmark 0x3e00/0x3f00 unreachable
  280. 32766: from all lookup main
  281. 32767: from all lookup default
  282. # Generated by iptables-save v1.6.2 on Sun Dec 8 01:18:32 2019
  283. *nat
  284. :PREROUTING ACCEPT [14996:4364956]
  285. :INPUT ACCEPT [3917:268993]
  286. :OUTPUT ACCEPT [10939:916111]
  287. :POSTROUTING ACCEPT [39:9028]
  288. :GL_SPEC_DMZ - [0:0]
  289. :GL_SPEC_FORWARDING - [0:0]
  290. :postrouting_guestzone_rule - [0:0]
  291. :postrouting_lan_rule - [0:0]
  292. :postrouting_rule - [0:0]
  293. :postrouting_wan_rule - [0:0]
  294. :prerouting_guestzone_rule - [0:0]
  295. :prerouting_lan_rule - [0:0]
  296. :prerouting_rule - [0:0]
  297. :prerouting_wan_rule - [0:0]
  298. :zone_guestzone_postrouting - [0:0]
  299. :zone_guestzone_prerouting - [0:0]
  300. :zone_lan_postrouting - [0:0]
  301. :zone_lan_prerouting - [0:0]
  302. :zone_ovpn_postrouting - [0:0]
  303. :zone_ovpn_prerouting - [0:0]
  304. :zone_wan_postrouting - [0:0]
  305. :zone_wan_prerouting - [0:0]
  306. [14996:4364956] -A PREROUTING -j GL_SPEC_DMZ
  307. [14996:4364956] -A PREROUTING -j GL_SPEC_FORWARDING
  308. [14996:4364956] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  309. [5261:618632] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  310. [0:0] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_lan_prerouting
  311. [9735:3746324] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
  312. [0:0] -A PREROUTING -i br-guest -m comment --comment "!fw3" -j zone_guestzone_prerouting
  313. [0:0] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_ovpn_prerouting
  314. [11680:1022010] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  315. [36:8820] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  316. [2130:214257] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_lan_postrouting
  317. [9511:798725] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
  318. [0:0] -A POSTROUTING -o br-guest -m comment --comment "!fw3" -j zone_guestzone_postrouting
  319. [2130:214257] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_ovpn_postrouting
  320. [0:0] -A zone_guestzone_postrouting -m comment --comment "!fw3: Custom guestzone postrouting rule chain" -j postrouting_guestzone_rule
  321. [0:0] -A zone_guestzone_prerouting -m comment --comment "!fw3: Custom guestzone prerouting rule chain" -j prerouting_guestzone_rule
  322. [2166:223077] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  323. [5261:618632] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  324. [2130:214257] -A zone_ovpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
  325. [9511:798725] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  326. [9511:798725] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  327. [9735:3746324] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  328. COMMIT
  329. # Completed on Sun Dec 8 01:18:32 2019
  330. # Generated by iptables-save v1.6.2 on Sun Dec 8 01:18:32 2019
  331. *mangle
  332. :PREROUTING ACCEPT [302506:89020722]
  333. :INPUT ACCEPT [139653:41950562]
  334. :FORWARD ACCEPT [152515:43080096]
  335. :OUTPUT ACCEPT [164460:38080252]
  336. :POSTROUTING ACCEPT [317017:81176644]
  337. :mwan3_connected - [0:0]
  338. :mwan3_hook - [0:0]
  339. :mwan3_iface_in_wan - [0:0]
  340. :mwan3_iface_out_wan - [0:0]
  341. :mwan3_ifaces_in - [0:0]
  342. :mwan3_ifaces_out - [0:0]
  343. :mwan3_policy_default_poli - [0:0]
  344. :mwan3_rules - [0:0]
  345. [302506:89020722] -A PREROUTING -j mwan3_hook
  346. [5:260] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  347. [518:26804] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone ovpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  348. [164460:38080252] -A OUTPUT -j mwan3_hook
  349. [16229:1535815] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
  350. [466966:127100974] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
  351. [25965:5282179] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
  352. [16229:1535815] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
  353. [0:0] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
  354. [0:0] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
  355. [466966:127100974] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
  356. [0:0] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
  357. [9736:3746364] -A mwan3_iface_in_wan -i eth0.2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
  358. [0:0] -A mwan3_iface_in_wan -i eth0.2 -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
  359. [0:0] -A mwan3_iface_out_wan -o eth0.2 -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
  360. [25965:5282179] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wan
  361. [0:0] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wan
  362. [0:0] -A mwan3_policy_default_poli -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
  363. [0:0] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_default_poli
  364. COMMIT
  365. # Completed on Sun Dec 8 01:18:32 2019
  366. # Generated by iptables-save v1.6.2 on Sun Dec 8 01:18:32 2019
  367. *filter
  368. :INPUT ACCEPT [1:40]
  369. :FORWARD ACCEPT [7:389]
  370. :OUTPUT ACCEPT [0:0]
  371. :GL_SPEC_OPENING - [0:0]
  372. :forwarding_guestzone_rule - [0:0]
  373. :forwarding_lan_rule - [0:0]
  374. :forwarding_rule - [0:0]
  375. :forwarding_wan_rule - [0:0]
  376. :input_guestzone_rule - [0:0]
  377. :input_lan_rule - [0:0]
  378. :input_rule - [0:0]
  379. :input_wan_rule - [0:0]
  380. :output_guestzone_rule - [0:0]
  381. :output_lan_rule - [0:0]
  382. :output_rule - [0:0]
  383. :output_wan_rule - [0:0]
  384. :reject - [0:0]
  385. :syn_flood - [0:0]
  386. :zone_guestzone_dest_ACCEPT - [0:0]
  387. :zone_guestzone_forward - [0:0]
  388. :zone_guestzone_input - [0:0]
  389. :zone_guestzone_output - [0:0]
  390. :zone_guestzone_src_ACCEPT - [0:0]
  391. :zone_lan_dest_ACCEPT - [0:0]
  392. :zone_lan_forward - [0:0]
  393. :zone_lan_input - [0:0]
  394. :zone_lan_output - [0:0]
  395. :zone_lan_src_ACCEPT - [0:0]
  396. :zone_ovpn_dest_ACCEPT - [0:0]
  397. :zone_ovpn_forward - [0:0]
  398. :zone_ovpn_input - [0:0]
  399. :zone_ovpn_output - [0:0]
  400. :zone_ovpn_src_ACCEPT - [0:0]
  401. :zone_wan_dest_ACCEPT - [0:0]
  402. :zone_wan_forward - [0:0]
  403. :zone_wan_input - [0:0]
  404. :zone_wan_output - [0:0]
  405. :zone_wan_src_ACCEPT - [0:0]
  406. [139673:41955162] -A INPUT -j GL_SPEC_OPENING
  407. [32:2535] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  408. [139641:41952627] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  409. [135164:41641016] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  410. [946:46136] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  411. [3577:246465] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  412. [0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_lan_input
  413. [900:65146] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  414. [0:0] -A INPUT -i br-guest -m comment --comment "!fw3" -j zone_guestzone_input
  415. [0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_ovpn_input
  416. [152515:43080096] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  417. [147095:42744677] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  418. [5420:335419] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  419. [0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_lan_forward
  420. [0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  421. [0:0] -A FORWARD -i br-guest -m comment --comment "!fw3" -j zone_guestzone_forward
  422. [0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_ovpn_forward
  423. [35:2775] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  424. [164455:38083426] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  425. [153146:37135732] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  426. [72:17496] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  427. [1733:131862] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_lan_output
  428. [9504:798336] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  429. [0:0] -A OUTPUT -o br-guest -m comment --comment "!fw3" -j zone_guestzone_output
  430. [0:0] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_ovpn_output
  431. [0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  432. [0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  433. [946:46136] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  434. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
  435. [0:0] -A zone_guestzone_dest_ACCEPT -o br-guest -m comment --comment "!fw3" -j ACCEPT
  436. [0:0] -A zone_guestzone_forward -m comment --comment "!fw3: Custom guestzone forwarding rule chain" -j forwarding_guestzone_rule
  437. [0:0] -A zone_guestzone_forward -m comment --comment "!fw3: Zone guestzone to ovpn forwarding policy" -j zone_ovpn_dest_ACCEPT
  438. [0:0] -A zone_guestzone_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  439. [0:0] -A zone_guestzone_forward -m comment --comment "!fw3" -j zone_guestzone_dest_ACCEPT
  440. [0:0] -A zone_guestzone_input -m comment --comment "!fw3: Custom guestzone input rule chain" -j input_guestzone_rule
  441. [0:0] -A zone_guestzone_input -p udp -m udp --dport 67:68 -m comment --comment "!fw3: guestzone_DHCP" -j ACCEPT
  442. [0:0] -A zone_guestzone_input -p tcp -m tcp --dport 53 -m comment --comment "!fw3: guestzone_DNS" -j ACCEPT
  443. [0:0] -A zone_guestzone_input -p udp -m udp --dport 53 -m comment --comment "!fw3: guestzone_DNS" -j ACCEPT
  444. [0:0] -A zone_guestzone_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  445. [0:0] -A zone_guestzone_input -m comment --comment "!fw3" -j zone_guestzone_src_ACCEPT
  446. [0:0] -A zone_guestzone_output -m comment --comment "!fw3: Custom guestzone output rule chain" -j output_guestzone_rule
  447. [0:0] -A zone_guestzone_output -m comment --comment "!fw3" -j zone_guestzone_dest_ACCEPT
  448. [0:0] -A zone_guestzone_src_ACCEPT -i br-guest -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  449. [72:17496] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  450. [1733:131862] -A zone_lan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
  451. [5420:335419] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  452. [5420:335419] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to ovpn forwarding policy" -j zone_ovpn_dest_ACCEPT
  453. [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  454. [7:389] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  455. [3577:246465] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  456. [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  457. [3577:246465] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  458. [1805:149358] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  459. [1805:149358] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  460. [3577:246465] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  461. [0:0] -A zone_lan_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  462. [30:1200] -A zone_ovpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  463. [5383:333830] -A zone_ovpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
  464. [0:0] -A zone_ovpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  465. [0:0] -A zone_ovpn_forward -m comment --comment "!fw3" -j zone_ovpn_dest_ACCEPT
  466. [0:0] -A zone_ovpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  467. [0:0] -A zone_ovpn_input -m comment --comment "!fw3" -j zone_ovpn_src_ACCEPT
  468. [0:0] -A zone_ovpn_output -m comment --comment "!fw3" -j zone_ovpn_dest_ACCEPT
  469. [0:0] -A zone_ovpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  470. [0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  471. [9504:798336] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  472. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  473. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  474. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  475. [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  476. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  477. [900:65146] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  478. [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  479. [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  480. [193:6176] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  481. [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  482. [707:58970] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
  483. [9504:798336] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  484. [9504:798336] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  485. [706:58930] -A zone_wan_src_ACCEPT -i eth0.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  486. COMMIT
  487. # Completed on Sun Dec 8 01:18:32 2019
  488. root@MT300N-V2:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!