API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 16th, 2021
64
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.44 KB | None | 0 0
raw download clone embed print report
  1. uci show firewall; iptables-save -c; ip6tables-save -c
  2. firewall.@defaults[0]=defaults
  3. firewall.@defaults[0].input='ACCEPT'
  4. firewall.@defaults[0].output='ACCEPT'
  5. firewall.@defaults[0].synflood_protect='1'
  6. firewall.@defaults[0].forward='ACCEPT'
  7. firewall.@zone[0]=zone
  8. firewall.@zone[0].name='lan'
  9. firewall.@zone[0].input='ACCEPT'
  10. firewall.@zone[0].output='ACCEPT'
  11. firewall.@zone[0].forward='ACCEPT'
  12. firewall.@zone[0].network='lan'
  13. firewall.@zone[1]=zone
  14. firewall.@zone[1].name='wan'
  15. firewall.@zone[1].output='ACCEPT'
  16. firewall.@zone[1].masq='1'
  17. firewall.@zone[1].mtu_fix='1'
  18. firewall.@zone[1].network='wan' 'wan6' 'wwan'
  19. firewall.@zone[1].input='ACCEPT'
  20. firewall.@zone[1].forward='ACCEPT'
  21. firewall.@forwarding[0]=forwarding
  22. firewall.@forwarding[0].src='lan'
  23. firewall.@forwarding[0].dest='wan'
  24. firewall.@rule[0]=rule
  25. firewall.@rule[0].name='Allow-DHCP-Renew'
  26. firewall.@rule[0].src='wan'
  27. firewall.@rule[0].proto='udp'
  28. firewall.@rule[0].dest_port='68'
  29. firewall.@rule[0].target='ACCEPT'
  30. firewall.@rule[0].family='ipv4'
  31. firewall.@rule[1]=rule
  32. firewall.@rule[1].name='Allow-Ping'
  33. firewall.@rule[1].src='wan'
  34. firewall.@rule[1].proto='icmp'
  35. firewall.@rule[1].icmp_type='echo-request'
  36. firewall.@rule[1].family='ipv4'
  37. firewall.@rule[1].target='ACCEPT'
  38. firewall.@rule[2]=rule
  39. firewall.@rule[2].name='Allow-IGMP'
  40. firewall.@rule[2].src='wan'
  41. firewall.@rule[2].proto='igmp'
  42. firewall.@rule[2].family='ipv4'
  43. firewall.@rule[2].target='ACCEPT'
  44. firewall.@rule[3]=rule
  45. firewall.@rule[3].name='Allow-DHCPv6'
  46. firewall.@rule[3].src='wan'
  47. firewall.@rule[3].proto='udp'
  48. firewall.@rule[3].src_ip='fc00::/6'
  49. firewall.@rule[3].dest_ip='fc00::/6'
  50. firewall.@rule[3].dest_port='546'
  51. firewall.@rule[3].family='ipv6'
  52. firewall.@rule[3].target='ACCEPT'
  53. firewall.@rule[4]=rule
  54. firewall.@rule[4].name='Allow-MLD'
  55. firewall.@rule[4].src='wan'
  56. firewall.@rule[4].proto='icmp'
  57. firewall.@rule[4].src_ip='fe80::/10'
  58. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  59. firewall.@rule[4].family='ipv6'
  60. firewall.@rule[4].target='ACCEPT'
  61. firewall.@rule[5]=rule
  62. firewall.@rule[5].name='Allow-ICMPv6-Input'
  63. firewall.@rule[5].src='wan'
  64. firewall.@rule[5].proto='icmp'
  65. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  66. firewall.@rule[5].limit='1000/sec'
  67. firewall.@rule[5].family='ipv6'
  68. firewall.@rule[5].target='ACCEPT'
  69. firewall.@rule[6]=rule
  70. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  71. firewall.@rule[6].src='wan'
  72. firewall.@rule[6].dest='*'
  73. firewall.@rule[6].proto='icmp'
  74. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  75. firewall.@rule[6].limit='1000/sec'
  76. firewall.@rule[6].family='ipv6'
  77. firewall.@rule[6].target='ACCEPT'
  78. firewall.@rule[7]=rule
  79. firewall.@rule[7].name='Allow-IPSec-ESP'
  80. firewall.@rule[7].src='wan'
  81. firewall.@rule[7].dest='lan'
  82. firewall.@rule[7].proto='esp'
  83. firewall.@rule[7].target='ACCEPT'
  84. firewall.@rule[8]=rule
  85. firewall.@rule[8].name='Allow-ISAKMP'
  86. firewall.@rule[8].src='wan'
  87. firewall.@rule[8].dest='lan'
  88. firewall.@rule[8].dest_port='500'
  89. firewall.@rule[8].proto='udp'
  90. firewall.@rule[8].target='ACCEPT'
  91. firewall.@rule[9]=rule
  92. firewall.@rule[9].name='Support-UDP-Traceroute'
  93. firewall.@rule[9].src='wan'
  94. firewall.@rule[9].dest_port='33434:33689'
  95. firewall.@rule[9].proto='udp'
  96. firewall.@rule[9].family='ipv4'
  97. firewall.@rule[9].target='REJECT'
  98. firewall.@rule[9].enabled='0'
  99. firewall.@include[0]=include
  100. firewall.@include[0].path='/etc/firewall.user'
  101. firewall.@redirect[0]=redirect
  102. firewall.@redirect[0].target='DNAT'
  103. firewall.@redirect[0].name='Transparent Proxy Redirect'
  104. firewall.@redirect[0].src='lan'
  105. firewall.@redirect[0].proto='tcp'
  106. firewall.@redirect[0].dest_port='8888'
  107. firewall.@redirect[0].src_dport='80'
  108. firewall.@redirect[0].src_dip='!192.168.1.1'
  109. firewall.@redirect[0].dest='guest'
  110. firewall.@redirect[0].dest_ip='192.168.1.1'
  111. firewall.nat6=include
  112. firewall.nat6.path='/etc/firewall.nat6'
  113. firewall.nat6.reload='1'
  114. firewall.doh=ipset
  115. firewall.doh.name='doh'
  116. firewall.doh.family='ipv4'
  117. firewall.doh.storage='hash'
  118. firewall.doh.match='ip'
  119. firewall.doh6=ipset
  120. firewall.doh6.name='doh6'
  121. firewall.doh6.family='ipv6'
  122. firewall.doh6.storage='hash'
  123. firewall.doh6.match='ip'
  124. firewall.doh_fwd=rule
  125. firewall.doh_fwd.name='Deny-DoH'
  126. firewall.doh_fwd.src='lan'
  127. firewall.doh_fwd.dest='wan'
  128. firewall.doh_fwd.dest_port='443'
  129. firewall.doh_fwd.proto='tcp udp'
  130. firewall.doh_fwd.family='ipv4'
  131. firewall.doh_fwd.ipset='doh dest'
  132. firewall.doh_fwd.target='REJECT'
  133. firewall.doh6_fwd=rule
  134. firewall.doh6_fwd.name='Deny-DoH'
  135. firewall.doh6_fwd.src='lan'
  136. firewall.doh6_fwd.dest='wan'
  137. firewall.doh6_fwd.dest_port='443'
  138. firewall.doh6_fwd.proto='tcp udp'
  139. firewall.doh6_fwd.family='ipv6'
  140. firewall.doh6_fwd.ipset='doh6 dest'
  141. firewall.doh6_fwd.target='REJECT'
  142. firewall.dot_fwd=rule
  143. firewall.dot_fwd.name='Deny-DoT'
  144. firewall.dot_fwd.src='lan'
  145. firewall.dot_fwd.dest='wan'
  146. firewall.dot_fwd.dest_port='853'
  147. firewall.dot_fwd.proto='tcp udp'
  148. firewall.dot_fwd.target='REJECT'
  149. firewall.dns_masq=nat
  150. firewall.dns_masq.name='Masquerade-DNS'
  151. firewall.dns_masq.src='lan'
  152. firewall.dns_masq.dest_ip='192.168.1.96'
  153. firewall.dns_masq.dest_port='53'
  154. firewall.dns_masq.proto='tcp udp'
  155. firewall.dns_masq.target='MASQUERADE'
  156. firewall.guest=zone
  157. firewall.guest.name='guest'
  158. firewall.guest.network='guest'
  159. firewall.guest.output='ACCEPT'
  160. firewall.guest.input='ACCEPT'
  161. firewall.guest.forward='ACCEPT'
  162. firewall.guest_wan=forwarding
  163. firewall.guest_wan.src='guest'
  164. firewall.guest_wan.dest='wan'
  165. firewall.guest_wan.enabled='1'
  166. firewall.guest_dns=rule
  167. firewall.guest_dns.name='Allow-DNS-Guest'
  168. firewall.guest_dns.src='guest'
  169. firewall.guest_dns.dest_port='53'
  170. firewall.guest_dns.proto='tcp udp'
  171. firewall.guest_dns.target='ACCEPT'
  172. firewall.guest_dhcp=rule
  173. firewall.guest_dhcp.name='Allow-DHCP-Guest'
  174. firewall.guest_dhcp.src='guest'
  175. firewall.guest_dhcp.dest_port='67'
  176. firewall.guest_dhcp.proto='udp'
  177. firewall.guest_dhcp.family='ipv4'
  178. firewall.guest_dhcp.target='ACCEPT'
  179. firewall.tor=ipset
  180. firewall.tor.name='tor'
  181. firewall.tor.family='ipv4'
  182. firewall.tor.storage='hash'
  183. firewall.tor.match='net'
  184. firewall.tor.entry='127.0.0.0/8 nomatch' '192.168.2.1/24 nomatch' '0.0.0.0/1' '128.0.0.0/1'
  185. firewall.tor6=ipset
  186. firewall.tor6.name='tor6'
  187. firewall.tor6.family='ipv6'
  188. firewall.tor6.storage='hash'
  189. firewall.tor6.match='net'
  190. firewall.tor6.entry='::1/128 nomatch' 'fe80::/10 nomatch' ' nomatch' '::/1' '8000::/1'
  191. firewall.tcp_int=redirect
  192. firewall.tcp_int.name='Intercept-TCP'
  193. firewall.tcp_int.src='guest'
  194. firewall.tcp_int.dest_port='9040'
  195. firewall.tcp_int.proto='tcp'
  196. firewall.tcp_int.extra='--syn'
  197. firewall.tcp_int.ipset='tor dest'
  198. firewall.tcp_int.target='DNAT'
  199. firewall.@rule[15]=rule
  200. firewall.@rule[15].name='Allow-IGMP-Guest'
  201. firewall.@rule[15].src='guest'
  202. firewall.@rule[15].target='ACCEPT'
  203. firewall.@rule[15].proto='igmp'
  204. firewall.@rule[15].family='ipv4'
  205. firewall.miniupnpd=include
  206. firewall.miniupnpd.type='script'
  207. firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
  208. firewall.miniupnpd.family='any'
  209. firewall.miniupnpd.reload='1'
  210. firewall.proxy=ipset
  211. firewall.proxy.name='tor'
  212. firewall.proxy.family='ipv4'
  213. firewall.proxy.storage='hash'
  214. firewall.proxy.match='net'
  215. firewall.proxy.entry='127.0.0.0/8 nomatch' '192.168.1.1/24 nomatch' '0.0.0.0/1' '128.0.0.0/1'
  216. firewall.proxy6=ipset
  217. firewall.proxy6.name='tor6'
  218. firewall.proxy6.family='ipv6'
  219. firewall.proxy6.storage='hash'
  220. firewall.proxy6.match='net'
  221. firewall.proxy6.entry='::1/128 nomatch' 'fe80::/10 nomatch' 'fdb2:4498:a235::1/60 nomatch' '::/1' '8000::/1'
  222. firewall.proxy_int=redirect
  223. firewall.proxy_int.name='Proxy-Intercept'
  224. firewall.proxy_int.src='lan'
  225. firewall.proxy_int.dest_port='8888'
  226. firewall.proxy_int.proto='tcp'
  227. firewall.proxy_int.ipset='proxy dest'
  228. firewall.proxy_int.target='DNAT'
  229. # Generated by iptables-save v1.8.7 on Thu Sep 16 17:00:16 2021
  230. *nat
  231. :PREROUTING ACCEPT [476:77626]
  232. :INPUT ACCEPT [582:36421]
  233. :OUTPUT ACCEPT [161:16152]
  234. :POSTROUTING ACCEPT [140:12022]
  235. :postrouting_guest_rule - [0:0]
  236. :postrouting_lan_rule - [0:0]
  237. :postrouting_rule - [0:0]
  238. :postrouting_wan_rule - [0:0]
  239. :prerouting_guest_rule - [0:0]
  240. :prerouting_lan_rule - [0:0]
  241. :prerouting_rule - [0:0]
  242. :prerouting_wan_rule - [0:0]
  243. :zone_guest_postrouting - [0:0]
  244. :zone_guest_prerouting - [0:0]
  245. :zone_lan_postrouting - [0:0]
  246. :zone_lan_prerouting - [0:0]
  247. :zone_wan_postrouting - [0:0]
  248. :zone_wan_prerouting - [0:0]
  249. [835:96342] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  250. [5:266] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  251. [0:0] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
  252. [302:63378] -A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_wan_prerouting
  253. [528:32698] -A PREROUTING -i br-guest -m comment --comment "!fw3" -j zone_guest_prerouting
  254. [175:16184] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  255. [12:827] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  256. [0:0] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
  257. [25:4955] -A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_wan_postrouting
  258. [6:1192] -A POSTROUTING -o br-guest -m comment --comment "!fw3" -j zone_guest_postrouting
  259. [6:1192] -A zone_guest_postrouting -m comment --comment "!fw3: Custom guest postrouting rule chain" -j postrouting_guest_rule
  260. [528:32698] -A zone_guest_prerouting -m comment --comment "!fw3: Custom guest prerouting rule chain" -j prerouting_guest_rule
  261. [359:18716] -A zone_guest_prerouting -p tcp -m set --match-set tor dst -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3: Intercept-TCP" -j REDIRECT --to-ports 9040
  262. [12:827] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  263. [0:0] -A zone_lan_postrouting -d 192.168.1.96/32 -p tcp -m tcp --dport 53 -m comment --comment "!fw3: Masquerade-DNS" -j MASQUERADE
  264. [12:827] -A zone_lan_postrouting -d 192.168.1.96/32 -p udp -m udp --dport 53 -m comment --comment "!fw3: Masquerade-DNS" -j MASQUERADE
  265. [5:266] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  266. [0:0] -A zone_lan_prerouting ! -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Transparent Proxy Redirect" -j DNAT --to-destination 192.168.1.1:8888
  267. [25:4955] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  268. [25:4955] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  269. [302:63378] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  270. COMMIT
  271. # Completed on Thu Sep 16 17:00:16 2021
  272. # Generated by iptables-save v1.8.7 on Thu Sep 16 17:00:16 2021
  273. *mangle
  274. :PREROUTING ACCEPT [5256:1134084]
  275. :INPUT ACCEPT [4416:940486]
  276. :FORWARD ACCEPT [616:136005]
  277. :OUTPUT ACCEPT [4053:1591340]
  278. :POSTROUTING ACCEPT [4632:1725505]
  279. [0:0] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  280. [0:0] -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  281. [1:60] -A FORWARD -o wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  282. [3:180] -A FORWARD -i wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  283. COMMIT
  284. # Completed on Thu Sep 16 17:00:16 2021
  285. # Generated by iptables-save v1.8.7 on Thu Sep 16 17:00:16 2021
  286. *filter
  287. :INPUT ACCEPT [12:564]
  288. :FORWARD ACCEPT [0:0]
  289. :OUTPUT ACCEPT [0:0]
  290. :forwarding_guest_rule - [0:0]
  291. :forwarding_lan_rule - [0:0]
  292. :forwarding_rule - [0:0]
  293. :forwarding_wan_rule - [0:0]
  294. :input_guest_rule - [0:0]
  295. :input_lan_rule - [0:0]
  296. :input_rule - [0:0]
  297. :input_wan_rule - [0:0]
  298. :output_guest_rule - [0:0]
  299. :output_lan_rule - [0:0]
  300. :output_rule - [0:0]
  301. :output_wan_rule - [0:0]
  302. :reject - [0:0]
  303. :syn_flood - [0:0]
  304. :zone_guest_dest_ACCEPT - [0:0]
  305. :zone_guest_forward - [0:0]
  306. :zone_guest_input - [0:0]
  307. :zone_guest_output - [0:0]
  308. :zone_guest_src_ACCEPT - [0:0]
  309. :zone_lan_dest_ACCEPT - [0:0]
  310. :zone_lan_forward - [0:0]
  311. :zone_lan_input - [0:0]
  312. :zone_lan_output - [0:0]
  313. :zone_lan_src_ACCEPT - [0:0]
  314. :zone_wan_dest_ACCEPT - [0:0]
  315. :zone_wan_dest_REJECT - [0:0]
  316. :zone_wan_forward - [0:0]
  317. :zone_wan_input - [0:0]
  318. :zone_wan_output - [0:0]
  319. :zone_wan_src_ACCEPT - [0:0]
  320. [1127:461626] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  321. [3337:483216] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  322. [2719:434463] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  323. [491:25580] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  324. [0:0] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  325. [0:0] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  326. [86:6181] -A INPUT -i wlan0 -m comment --comment "!fw3" -j zone_wan_input
  327. [519:41896] -A INPUT -i br-guest -m comment --comment "!fw3" -j zone_guest_input
  328. [616:136005] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  329. [595:133768] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  330. [7:482] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  331. [0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  332. [0:0] -A FORWARD -i wlan0 -m comment --comment "!fw3" -j zone_wan_forward
  333. [14:1755] -A FORWARD -i br-guest -m comment --comment "!fw3" -j zone_guest_forward
  334. [1127:461626] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  335. [2975:1135826] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  336. [2898:1123691] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  337. [17:1160] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  338. [0:0] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  339. [48:8083] -A OUTPUT -o wlan0 -m comment --comment "!fw3" -j zone_wan_output
  340. [12:2892] -A OUTPUT -o br-guest -m comment --comment "!fw3" -j zone_guest_output
  341. [0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  342. [0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  343. [478:24904] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  344. [13:676] -A syn_flood -m comment --comment "!fw3" -j DROP
  345. [12:2892] -A zone_guest_dest_ACCEPT -o br-guest -m comment --comment "!fw3" -j ACCEPT
  346. [14:1755] -A zone_guest_forward -m comment --comment "!fw3: Custom guest forwarding rule chain" -j forwarding_guest_rule
  347. [14:1755] -A zone_guest_forward -m comment --comment "!fw3: Zone guest to wan forwarding policy" -j zone_wan_dest_ACCEPT
  348. [0:0] -A zone_guest_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  349. [0:0] -A zone_guest_forward -m comment --comment "!fw3" -j zone_guest_dest_ACCEPT
  350. [519:41896] -A zone_guest_input -m comment --comment "!fw3: Custom guest input rule chain" -j input_guest_rule
  351. [0:0] -A zone_guest_input -p tcp -m tcp --dport 53 -m comment --comment "!fw3: Allow-DNS-Guest" -j ACCEPT
  352. [16:1090] -A zone_guest_input -p udp -m udp --dport 53 -m comment --comment "!fw3: Allow-DNS-Guest" -j ACCEPT
  353. [0:0] -A zone_guest_input -p udp -m udp --dport 67 -m comment --comment "!fw3: Allow-DHCP-Guest" -j ACCEPT
  354. [0:0] -A zone_guest_input -p igmp -m comment --comment "!fw3: Allow-IGMP-Guest" -j ACCEPT
  355. [347:18092] -A zone_guest_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  356. [156:22714] -A zone_guest_input -m comment --comment "!fw3" -j zone_guest_src_ACCEPT
  357. [12:2892] -A zone_guest_output -m comment --comment "!fw3: Custom guest output rule chain" -j output_guest_rule
  358. [12:2892] -A zone_guest_output -m comment --comment "!fw3" -j zone_guest_dest_ACCEPT
  359. [151:22514] -A zone_guest_src_ACCEPT -i br-guest -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  360. [17:1160] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  361. [7:482] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  362. [0:0] -A zone_lan_forward -p tcp -m tcp --dport 443 -m set --match-set doh dst -m comment --comment "!fw3: Deny-DoH" -j zone_wan_dest_REJECT
  363. [0:0] -A zone_lan_forward -p udp -m udp --dport 443 -m set --match-set doh dst -m comment --comment "!fw3: Deny-DoH" -j zone_wan_dest_REJECT
  364. [0:0] -A zone_lan_forward -p tcp -m tcp --dport 853 -m comment --comment "!fw3: Deny-DoT" -j zone_wan_dest_REJECT
  365. [0:0] -A zone_lan_forward -p udp -m udp --dport 853 -m comment --comment "!fw3: Deny-DoT" -j zone_wan_dest_REJECT
  366. [7:482] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  367. [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  368. [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  369. [0:0] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  370. [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  371. [0:0] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  372. [17:1160] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  373. [17:1160] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  374. [0:0] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  375. [0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  376. [0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  377. [37:1840] -A zone_wan_dest_ACCEPT -o wlan0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  378. [32:8480] -A zone_wan_dest_ACCEPT -o wlan0 -m comment --comment "!fw3" -j ACCEPT
  379. [0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
  380. [0:0] -A zone_wan_dest_REJECT -o wlan0 -m comment --comment "!fw3" -j reject
  381. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  382. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  383. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  384. [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  385. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  386. [86:6181] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  387. [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  388. [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  389. [2:64] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  390. [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  391. [84:6117] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
  392. [48:8083] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  393. [48:8083] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  394. [0:0] -A zone_wan_src_ACCEPT -i eth0.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  395. [77:5753] -A zone_wan_src_ACCEPT -i wlan0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  396. COMMIT
  397. # Completed on Thu Sep 16 17:00:16 2021
  398. # Generated by ip6tables-save v1.8.7 on Thu Sep 16 17:00:16 2021
  399. *nat
  400. :PREROUTING ACCEPT [122:91881]
  401. :INPUT ACCEPT [0:0]
  402. :OUTPUT ACCEPT [137:12396]
  403. :POSTROUTING ACCEPT [137:12396]
  404. :postrouting_guest_rule - [0:0]
  405. :postrouting_lan_rule - [0:0]
  406. :postrouting_rule - [0:0]
  407. :postrouting_wan_rule - [0:0]
  408. :prerouting_guest_rule - [0:0]
  409. :prerouting_lan_rule - [0:0]
  410. :prerouting_rule - [0:0]
  411. :prerouting_wan_rule - [0:0]
  412. :zone_guest_postrouting - [0:0]
  413. :zone_guest_prerouting - [0:0]
  414. :zone_lan_postrouting - [0:0]
  415. :zone_lan_prerouting - [0:0]
  416. :zone_wan_postrouting - [0:0]
  417. :zone_wan_prerouting - [0:0]
  418. [122:91881] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  419. [0:0] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  420. [0:0] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
  421. [66:31105] -A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_wan_prerouting
  422. [56:60776] -A PREROUTING -i br-guest -m comment --comment "!fw3" -j zone_guest_prerouting
  423. [137:12396] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  424. [0:0] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  425. [2:296] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
  426. [0:0] -A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_wan_postrouting
  427. [0:0] -A POSTROUTING -o br-guest -m comment --comment "!fw3" -j zone_guest_postrouting
  428. [0:0] -A zone_guest_postrouting -m comment --comment "!fw3: Custom guest postrouting rule chain" -j postrouting_guest_rule
  429. [56:60776] -A zone_guest_prerouting -m comment --comment "!fw3: Custom guest prerouting rule chain" -j prerouting_guest_rule
  430. [0:0] -A zone_guest_prerouting -p tcp -m set --match-set tor6 dst -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3: Intercept-TCP" -j REDIRECT --to-ports 9040
  431. [0:0] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  432. [0:0] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  433. [2:296] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  434. [66:31105] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  435. COMMIT
  436. # Completed on Thu Sep 16 17:00:16 2021
  437. # Generated by ip6tables-save v1.8.7 on Thu Sep 16 17:00:16 2021
  438. *mangle
  439. :PREROUTING ACCEPT [402:117017]
  440. :INPUT ACCEPT [276:24832]
  441. :FORWARD ACCEPT [0:0]
  442. :OUTPUT ACCEPT [278:25128]
  443. :POSTROUTING ACCEPT [278:25128]
  444. [0:0] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  445. [0:0] -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  446. [0:0] -A FORWARD -o wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  447. [0:0] -A FORWARD -i wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  448. COMMIT
  449. # Completed on Thu Sep 16 17:00:16 2021
  450. # Generated by ip6tables-save v1.8.7 on Thu Sep 16 17:00:16 2021
  451. *filter
  452. :INPUT ACCEPT [0:0]
  453. :FORWARD ACCEPT [0:0]
  454. :OUTPUT ACCEPT [0:0]
  455. :forwarding_guest_rule - [0:0]
  456. :forwarding_lan_rule - [0:0]
  457. :forwarding_rule - [0:0]
  458. :forwarding_wan_rule - [0:0]
  459. :input_guest_rule - [0:0]
  460. :input_lan_rule - [0:0]
  461. :input_rule - [0:0]
  462. :input_wan_rule - [0:0]
  463. :output_guest_rule - [0:0]
  464. :output_lan_rule - [0:0]
  465. :output_rule - [0:0]
  466. :output_wan_rule - [0:0]
  467. :reject - [0:0]
  468. :syn_flood - [0:0]
  469. :zone_guest_dest_ACCEPT - [0:0]
  470. :zone_guest_forward - [0:0]
  471. :zone_guest_input - [0:0]
  472. :zone_guest_output - [0:0]
  473. :zone_guest_src_ACCEPT - [0:0]
  474. :zone_lan_dest_ACCEPT - [0:0]
  475. :zone_lan_forward - [0:0]
  476. :zone_lan_input - [0:0]
  477. :zone_lan_output - [0:0]
  478. :zone_lan_src_ACCEPT - [0:0]
  479. :zone_wan_dest_ACCEPT - [0:0]
  480. :zone_wan_dest_REJECT - [0:0]
  481. :zone_wan_forward - [0:0]
  482. :zone_wan_input - [0:0]
  483. :zone_wan_output - [0:0]
  484. :zone_wan_src_ACCEPT - [0:0]
  485. [276:24832] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  486. [0:0] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  487. [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  488. [0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  489. [0:0] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  490. [0:0] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  491. [0:0] -A INPUT -i wlan0 -m comment --comment "!fw3" -j zone_wan_input
  492. [0:0] -A INPUT -i br-guest -m comment --comment "!fw3" -j zone_guest_input
  493. [0:0] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  494. [0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  495. [0:0] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  496. [0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  497. [0:0] -A FORWARD -i wlan0 -m comment --comment "!fw3" -j zone_wan_forward
  498. [0:0] -A FORWARD -i br-guest -m comment --comment "!fw3" -j zone_guest_forward
  499. [276:24832] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  500. [2:296] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  501. [0:0] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  502. [0:0] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  503. [2:296] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  504. [0:0] -A OUTPUT -o wlan0 -m comment --comment "!fw3" -j zone_wan_output
  505. [0:0] -A OUTPUT -o br-guest -m comment --comment "!fw3" -j zone_guest_output
  506. [0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  507. [0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
  508. [0:0] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  509. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
  510. [0:0] -A zone_guest_dest_ACCEPT -o br-guest -m comment --comment "!fw3" -j ACCEPT
  511. [0:0] -A zone_guest_forward -m comment --comment "!fw3: Custom guest forwarding rule chain" -j forwarding_guest_rule
  512. [0:0] -A zone_guest_forward -m comment --comment "!fw3: Zone guest to wan forwarding policy" -j zone_wan_dest_ACCEPT
  513. [0:0] -A zone_guest_forward -m comment --comment "!fw3" -j zone_guest_dest_ACCEPT
  514. [0:0] -A zone_guest_input -m comment --comment "!fw3: Custom guest input rule chain" -j input_guest_rule
  515. [0:0] -A zone_guest_input -p tcp -m tcp --dport 53 -m comment --comment "!fw3: Allow-DNS-Guest" -j ACCEPT
  516. [0:0] -A zone_guest_input -p udp -m udp --dport 53 -m comment --comment "!fw3: Allow-DNS-Guest" -j ACCEPT
  517. [0:0] -A zone_guest_input -m comment --comment "!fw3" -j zone_guest_src_ACCEPT
  518. [0:0] -A zone_guest_output -m comment --comment "!fw3: Custom guest output rule chain" -j output_guest_rule
  519. [0:0] -A zone_guest_output -m comment --comment "!fw3" -j zone_guest_dest_ACCEPT
  520. [0:0] -A zone_guest_src_ACCEPT -i br-guest -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  521. [0:0] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  522. [0:0] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  523. [0:0] -A zone_lan_forward -p tcp -m tcp --dport 443 -m set --match-set doh6 dst -m comment --comment "!fw3: Deny-DoH" -j zone_wan_dest_REJECT
  524. [0:0] -A zone_lan_forward -p udp -m udp --dport 443 -m set --match-set doh6 dst -m comment --comment "!fw3: Deny-DoH" -j zone_wan_dest_REJECT
  525. [0:0] -A zone_lan_forward -p tcp -m tcp --dport 853 -m comment --comment "!fw3: Deny-DoT" -j zone_wan_dest_REJECT
  526. [0:0] -A zone_lan_forward -p udp -m udp --dport 853 -m comment --comment "!fw3: Deny-DoT" -j zone_wan_dest_REJECT
  527. [0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  528. [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  529. [0:0] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  530. [0:0] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  531. [0:0] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  532. [0:0] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  533. [0:0] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  534. [0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  535. [2:296] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  536. [0:0] -A zone_wan_dest_ACCEPT -o wlan0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  537. [0:0] -A zone_wan_dest_ACCEPT -o wlan0 -m comment --comment "!fw3" -j ACCEPT
  538. [0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
  539. [0:0] -A zone_wan_dest_REJECT -o wlan0 -m comment --comment "!fw3" -j reject
  540. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  541. [0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  542. [0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  543. [0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  544. [0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  545. [0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  546. [0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  547. [0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
  548. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  549. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  550. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  551. [0:0] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  552. [0:0] -A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
  553. [0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  554. [0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  555. [0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  556. [0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  557. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  558. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  559. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  560. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  561. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  562. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  563. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  564. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  565. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  566. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  567. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  568. [0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
  569. [2:296] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  570. [2:296] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  571. [0:0] -A zone_wan_src_ACCEPT -i eth0.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  572. [0:0] -A zone_wan_src_ACCEPT -i wlan0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  573. COMMIT
  574. # Completed on Thu Sep 16 17:00:16 2021
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!