Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- uci show network
- network.loopback=interface
- network.loopback.ifname='lo'
- network.loopback.proto='static'
- network.loopback.ipaddr='127.0.0.1'
- network.loopback.netmask='255.0.0.0'
- network.globals=globals
- network.globals.ula_prefix='fd1e:0106:18d6::/48'
- network.lan=interface
- network.lan.type='bridge'
- network.lan.ifname='eth0.1'
- network.lan.proto='static'
- network.lan.netmask='255.255.255.0'
- network.lan.ipaddr='192.168.12.1'
- network.lan.ip6assign='64'
- network.lan_eth0_1_dev=device
- network.lan_eth0_1_dev.name='eth0.1'
- network.lan_eth0_1_dev.macaddr='3c:84:6a:d1:77:4b'
- network.wan=interface
- network.wan.ifname='eth0.2'
- network.wan.proto='dhcp'
- network.wan_eth0_2_dev=device
- network.wan_eth0_2_dev.name='eth0.2'
- network.wan_eth0_2_dev.macaddr='3c:84:6a:d1:77:4c'
- network.wan6=interface
- network.wan6.ifname='eth0.2'
- network.wan6.proto='dhcpv6'
- network.@switch[0]=switch
- network.@switch[0].name='switch0'
- network.@switch[0].reset='1'
- network.@switch[0].enable_vlan='1'
- network.@switch_vlan[0]=switch_vlan
- network.@switch_vlan[0].device='switch0'
- network.@switch_vlan[0].vlan='1'
- network.@switch_vlan[0].ports='1 2 3 4 6t'
- network.@switch_vlan[1]=switch_vlan
- network.@switch_vlan[1].device='switch0'
- network.@switch_vlan[1].vlan='2'
- network.@switch_vlan[1].ports='0 6t'
- uci show dhcp
- dhcp.@dnsmasq[0]=dnsmasq
- dhcp.@dnsmasq[0].domainneeded='1'
- dhcp.@dnsmasq[0].boguspriv='1'
- dhcp.@dnsmasq[0].filterwin2k='0'
- dhcp.@dnsmasq[0].localise_queries='1'
- dhcp.@dnsmasq[0].rebind_protection='1'
- dhcp.@dnsmasq[0].rebind_localhost='1'
- dhcp.@dnsmasq[0].local='/lan/'
- dhcp.@dnsmasq[0].domain='lan'
- dhcp.@dnsmasq[0].expandhosts='1'
- dhcp.@dnsmasq[0].nonegcache='0'
- dhcp.@dnsmasq[0].authoritative='1'
- dhcp.@dnsmasq[0].readethers='1'
- dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
- dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
- dhcp.@dnsmasq[0].nonwildcard='1'
- dhcp.@dnsmasq[0].localservice='1'
- dhcp.lan=dhcp
- dhcp.lan.interface='lan'
- dhcp.lan.start='100'
- dhcp.lan.limit='150'
- dhcp.lan.leasetime='12h'
- dhcp.lan.dhcpv6='server'
- dhcp.lan.ra='server'
- dhcp.lan.ra_management='1'
- dhcp.wan=dhcp
- dhcp.wan.interface='wan'
- dhcp.wan.ignore='1'
- dhcp.odhcpd=odhcpd
- dhcp.odhcpd.maindhcp='0'
- dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
- dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
- dhcp.odhcpd.loglevel='4'
- uci show firewall
- firewall.@defaults[0]=defaults
- firewall.@defaults[0].syn_flood='1'
- firewall.@defaults[0].input='ACCEPT'
- firewall.@defaults[0].output='ACCEPT'
- firewall.@defaults[0].forward='REJECT'
- firewall.@zone[0]=zone
- firewall.@zone[0].name='lan'
- firewall.@zone[0].network='lan'
- firewall.@zone[0].input='ACCEPT'
- firewall.@zone[0].output='ACCEPT'
- firewall.@zone[0].forward='ACCEPT'
- firewall.@zone[1]=zone
- firewall.@zone[1].name='wan'
- firewall.@zone[1].network='wan' 'wan6'
- firewall.@zone[1].input='REJECT'
- firewall.@zone[1].output='ACCEPT'
- firewall.@zone[1].forward='REJECT'
- firewall.@zone[1].masq='1'
- firewall.@zone[1].mtu_fix='1'
- firewall.@forwarding[0]=forwarding
- firewall.@forwarding[0].src='lan'
- firewall.@forwarding[0].dest='wan'
- firewall.@rule[0]=rule
- firewall.@rule[0].name='Allow-DHCP-Renew'
- firewall.@rule[0].src='wan'
- firewall.@rule[0].proto='udp'
- firewall.@rule[0].dest_port='68'
- firewall.@rule[0].target='ACCEPT'
- firewall.@rule[0].family='ipv4'
- firewall.@rule[1]=rule
- firewall.@rule[1].name='Allow-Ping'
- firewall.@rule[1].src='wan'
- firewall.@rule[1].proto='icmp'
- firewall.@rule[1].icmp_type='echo-request'
- firewall.@rule[1].family='ipv4'
- firewall.@rule[1].target='ACCEPT'
- firewall.@rule[2]=rule
- firewall.@rule[2].name='Allow-IGMP'
- firewall.@rule[2].src='wan'
- firewall.@rule[2].proto='igmp'
- firewall.@rule[2].family='ipv4'
- firewall.@rule[2].target='ACCEPT'
- firewall.@rule[3]=rule
- firewall.@rule[3].name='Allow-DHCPv6'
- firewall.@rule[3].src='wan'
- firewall.@rule[3].proto='udp'
- firewall.@rule[3].src_ip='fc00::/6'
- firewall.@rule[3].dest_ip='fc00::/6'
- firewall.@rule[3].dest_port='546'
- firewall.@rule[3].family='ipv6'
- firewall.@rule[3].target='ACCEPT'
- firewall.@rule[4]=rule
- firewall.@rule[4].name='Allow-MLD'
- firewall.@rule[4].src='wan'
- firewall.@rule[4].proto='icmp'
- firewall.@rule[4].src_ip='fe80::/10'
- firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
- firewall.@rule[4].family='ipv6'
- firewall.@rule[4].target='ACCEPT'
- firewall.@rule[5]=rule
- firewall.@rule[5].name='Allow-ICMPv6-Input'
- firewall.@rule[5].src='wan'
- firewall.@rule[5].proto='icmp'
- firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
- firewall.@rule[5].limit='1000/sec'
- firewall.@rule[5].family='ipv6'
- firewall.@rule[5].target='ACCEPT'
- firewall.@rule[6]=rule
- firewall.@rule[6].name='Allow-ICMPv6-Forward'
- firewall.@rule[6].src='wan'
- firewall.@rule[6].dest='*'
- firewall.@rule[6].proto='icmp'
- firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
- firewall.@rule[6].limit='1000/sec'
- firewall.@rule[6].family='ipv6'
- firewall.@rule[6].target='ACCEPT'
- firewall.@rule[7]=rule
- firewall.@rule[7].name='Allow-IPSec-ESP'
- firewall.@rule[7].src='wan'
- firewall.@rule[7].dest='lan'
- firewall.@rule[7].proto='esp'
- firewall.@rule[7].target='ACCEPT'
- firewall.@rule[8]=rule
- firewall.@rule[8].name='Allow-ISAKMP'
- firewall.@rule[8].src='wan'
- firewall.@rule[8].dest='lan'
- firewall.@rule[8].dest_port='500'
- firewall.@rule[8].proto='udp'
- firewall.@rule[8].target='ACCEPT'
- firewall.@include[0]=include
- firewall.@include[0].path='/etc/firewall.user'
- firewall.@redirect[0]=redirect
- firewall.@redirect[0].src='wan'
- firewall.@redirect[0].name='Mc java'
- firewall.@redirect[0].src_dport='25565'
- firewall.@redirect[0].target='DNAT'
- firewall.@redirect[0].dest_ip='192.168.12.117'
- firewall.@redirect[0].dest='lan'
- ifstatus wan6
- {
- "up": true,
- "pending": false,
- "available": true,
- "autostart": true,
- "dynamic": false,
- "uptime": 71012,
- "l3_device": "eth0.2",
- "proto": "dhcpv6",
- "device": "eth0.2",
- "metric": 0,
- "dns_metric": 0,
- "delegation": true,
- "ipv4-address": [
- ],
- "ipv6-address": [
- {
- "address": "2001:1670:c:4787:3e84:6aff:fed1:774c",
- "mask": 64,
- "preferred": 0,
- "valid": 4502
- },
- {
- "address": "2001:1670:c:5e10:3e84:6aff:fed1:774c",
- "mask": 64,
- "preferred": 172663,
- "valid": 259063
- },
- {
- "address": "2001:1670:c:4787::1",
- "mask": 128,
- "preferred": 101778,
- "valid": 188178
- }
- ],
- "ipv6-prefix": [
- {
- "address": "2001:1670:c:4787::",
- "mask": 64,
- "preferred": 101778,
- "valid": 188178,
- "class": "wan6",
- "assigned": {
- "lan": {
- "address": "2001:1670:c:4787::",
- "mask": 64
- }
- }
- }
- ],
- "ipv6-prefix-assignment": [
- ],
- "route": [
- {
- "target": "2001:1670:c:4787::",
- "mask": 64,
- "nexthop": "::",
- "metric": 256,
- "valid": 256163,
- "source": "::/0"
- },
- {
- "target": "2001:1670:c:5e10::",
- "mask": 64,
- "nexthop": "::",
- "metric": 256,
- "valid": 259063,
- "source": "::/0"
- },
- {
- "target": "::",
- "mask": 0,
- "nexthop": "fe80::1",
- "metric": 512,
- "valid": 1663,
- "source": "2001:1670:c:4787::/64"
- },
- {
- "target": "::",
- "mask": 0,
- "nexthop": "fe80::1",
- "metric": 512,
- "valid": 1663,
- "source": "2001:1670:c:4787:3e84:6aff:fed1:774c/64"
- },
- {
- "target": "::",
- "mask": 0,
- "nexthop": "fe80::1",
- "metric": 512,
- "valid": 1663,
- "source": "2001:1670:c:5e10:3e84:6aff:fed1:774c/64"
- },
- {
- "target": "::",
- "mask": 0,
- "nexthop": "fe80::1",
- "metric": 512,
- "valid": 1663,
- "source": "2001:1670:c:4787::1/128"
- }
- ],
- "dns-server": [
- "fe80::1"
- ],
- "dns-search": [
- ],
- "neighbors": [
- ],
- "inactive": {
- "ipv4-address": [
- ],
- "ipv6-address": [
- ],
- "route": [
- ],
- "dns-server": [
- ],
- "dns-search": [
- ],
- "neighbors": [
- ]
- },
- "data": {
- "passthru": "00170010fe800000000000000000000000000001"
- }
- }
- \ip address show
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
- link/ether 3c:84:6a:d1:77:4b brd ff:ff:ff:ff:ff:ff
- inet6 fe80::3e84:6aff:fed1:774b/64 scope link
- valid_lft forever preferred_lft forever
- 4: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
- link/ether 3c:84:6a:d1:77:4a brd ff:ff:ff:ff:ff:ff
- 7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
- link/ether 3c:84:6a:d1:77:4c brd ff:ff:ff:ff:ff:ff
- inet 192.168.100.71/24 brd 192.168.100.255 scope global eth0.2
- valid_lft forever preferred_lft forever
- inet6 2001:1670:c:5e10:3e84:6aff:fed1:774c/64 scope global dynamic
- valid_lft 258976sec preferred_lft 172576sec
- inet6 2001:1670:c:4787:3e84:6aff:fed1:774c/64 scope global deprecated dynamic
- valid_lft 4415sec preferred_lft 0sec
- inet6 2001:1670:c:4787::1/128 scope global dynamic
- valid_lft 188092sec preferred_lft 101692sec
- inet6 fe80::3e84:6aff:fed1:774c/64 scope link
- valid_lft forever preferred_lft forever
- 8: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
- link/ether 3c:84:6a:d1:77:4b brd ff:ff:ff:ff:ff:ff
- inet6 fe80::3e84:6aff:fed1:774b/64 scope link
- valid_lft forever preferred_lft forever
- 9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
- link/ether 3c:84:6a:d1:77:4b brd ff:ff:ff:ff:ff:ff
- inet 192.168.12.1/24 brd 192.168.12.255 scope global br-lan
- valid_lft forever preferred_lft forever
- inet6 fd1e:106:18d6::1/60 scope global
- valid_lft forever preferred_lft forever
- inet6 2001:1670:c:4787::1/64 scope global dynamic
- valid_lft 188091sec preferred_lft 101691sec
- inet6 fe80::3e84:6aff:fed1:774b/64 scope link
- valid_lft forever preferred_lft forever
- 10: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
- link/ether 3c:84:6a:d1:77:4b brd ff:ff:ff:ff:ff:ff
- ip route show table all
- default via 192.168.100.1 dev eth0.2 src 192.168.100.71
- 192.168.12.0/24 dev br-lan scope link src 192.168.12.1
- 192.168.100.0/24 dev eth0.2 scope link src 192.168.100.71
- broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
- local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
- local 127.0.0.1 dev lo table local scope host src 127.0.0.1
- broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
- broadcast 192.168.12.0 dev br-lan table local scope link src 192.168.12.1
- local 192.168.12.1 dev br-lan table local scope host src 192.168.12.1
- broadcast 192.168.12.255 dev br-lan table local scope link src 192.168.12.1
- broadcast 192.168.100.0 dev eth0.2 table local scope link src 192.168.100.71
- local 192.168.100.71 dev eth0.2 table local scope host src 192.168.100.71
- broadcast 192.168.100.255 dev eth0.2 table local scope link src 192.168.100.71
- default from 2001:1670:c:4787::1 via fe80::1 dev eth0.2 metric 512
- default from 2001:1670:c:4787::/64 via fe80::1 dev eth0.2 metric 512
- default from 2001:1670:c:5e10::/64 via fe80::1 dev eth0.2 metric 512
- 2001:1670:c:4787::/64 dev eth0.2 metric 256
- 2001:1670:c:4787::/64 dev br-lan metric 1024
- unreachable 2001:1670:c:4787::/64 dev lo metric 2147483647 error -148
- 2001:1670:c:5e10::/64 dev eth0.2 metric 256
- unreachable 2001:1670:c:5e10::/64 dev lo metric 2147483647 error -148
- fd1e:106:18d6::/64 dev br-lan metric 1024
- unreachable fd1e:106:18d6::/48 dev lo metric 2147483647 error -148
- fe80::/64 dev eth0 metric 256
- fe80::/64 dev eth0.2 metric 256
- fe80::/64 dev wlan0 metric 256
- fe80::/64 dev br-lan metric 256
- local ::1 dev lo table local metric 0
- anycast 2001:1670:c:4787:: dev eth0.2 table local metric 0
- anycast 2001:1670:c:4787:: dev br-lan table local metric 0
- local 2001:1670:c:4787::1 dev eth0.2 table local metric 0
- local 2001:1670:c:4787::1 dev br-lan table local metric 0
- local 2001:1670:c:4787:3e84:6aff:fed1:774c dev eth0.2 table local metric 0
- anycast 2001:1670:c:5e10:: dev eth0.2 table local metric 0
- local 2001:1670:c:5e10:3e84:6aff:fed1:774c dev eth0.2 table local metric 0
- anycast fd1e:106:18d6:: dev br-lan table local metric 0
- local fd1e:106:18d6::1 dev br-lan table local metric 0
- anycast fe80:: dev eth0.2 table local metric 0
- anycast fe80:: dev eth0 table local metric 0
- anycast fe80:: dev wlan0 table local metric 0
- anycast fe80:: dev br-lan table local metric 0
- local fe80::3e84:6aff:fed1:774b dev eth0 table local metric 0
- local fe80::3e84:6aff:fed1:774b dev wlan0 table local metric 0
- local fe80::3e84:6aff:fed1:774b dev br-lan table local metric 0
- local fe80::3e84:6aff:fed1:774c dev eth0.2 table local metric 0
- ff00::/8 dev eth0 table local metric 256
- ff00::/8 dev eth0.2 table local metric 256
- ff00::/8 dev wlan0 table local metric 256
- ff00::/8 dev br-lan table local metric 256
- root@Archer_C50:~# ip rule show
- 0: from all lookup local
- 32766: from all lookup main
- 32767: from all lookup default
- ip route show table all
- default via 192.168.100.1 dev eth0.2 src 192.168.100.71
- 192.168.12.0/24 dev br-lan scope link src 192.168.12.1
- 192.168.100.0/24 dev eth0.2 scope link src 192.168.100.71
- broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
- local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
- local 127.0.0.1 dev lo table local scope host src 127.0.0.1
- broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
- broadcast 192.168.12.0 dev br-lan table local scope link src 192.168.12.1
- local 192.168.12.1 dev br-lan table local scope host src 192.168.12.1
- broadcast 192.168.12.255 dev br-lan table local scope link src 192.168.12.1
- broadcast 192.168.100.0 dev eth0.2 table local scope link src 192.168.100.71
- local 192.168.100.71 dev eth0.2 table local scope host src 192.168.100.71
- broadcast 192.168.100.255 dev eth0.2 table local scope link src 192.168.100.71
- default from 2001:1670:c:4787::1 via fe80::1 dev eth0.2 metric 512
- default from 2001:1670:c:4787::/64 via fe80::1 dev eth0.2 metric 512
- default from 2001:1670:c:5e10::/64 via fe80::1 dev eth0.2 metric 512
- 2001:1670:c:4787::/64 dev eth0.2 metric 256
- 2001:1670:c:4787::/64 dev br-lan metric 1024
- unreachable 2001:1670:c:4787::/64 dev lo metric 2147483647 error -148
- 2001:1670:c:5e10::/64 dev eth0.2 metric 256
- unreachable 2001:1670:c:5e10::/64 dev lo metric 2147483647 error -148
- fd1e:106:18d6::/64 dev br-lan metric 1024
- unreachable fd1e:106:18d6::/48 dev lo metric 2147483647 error -148
- fe80::/64 dev eth0 metric 256
- fe80::/64 dev eth0.2 metric 256
- fe80::/64 dev wlan0 metric 256
- fe80::/64 dev br-lan metric 256
- local ::1 dev lo table local metric 0
- anycast 2001:1670:c:4787:: dev eth0.2 table local metric 0
- anycast 2001:1670:c:4787:: dev br-lan table local metric 0
- local 2001:1670:c:4787::1 dev eth0.2 table local metric 0
- local 2001:1670:c:4787::1 dev br-lan table local metric 0
- local 2001:1670:c:4787:3e84:6aff:fed1:774c dev eth0.2 table local metric 0
- anycast 2001:1670:c:5e10:: dev eth0.2 table local metric 0
- local 2001:1670:c:5e10:3e84:6aff:fed1:774c dev eth0.2 table local metric 0
- anycast fd1e:106:18d6:: dev br-lan table local metric 0
- local fd1e:106:18d6::1 dev br-lan table local metric 0
- anycast fe80:: dev eth0.2 table local metric 0
- anycast fe80:: dev eth0 table local metric 0
- anycast fe80:: dev wlan0 table local metric 0
- anycast fe80:: dev br-lan table local metric 0
- local fe80::3e84:6aff:fed1:774b dev eth0 table local metric 0
- local fe80::3e84:6aff:fed1:774b dev wlan0 table local metric 0
- local fe80::3e84:6aff:fed1:774b dev br-lan table local metric 0
- local fe80::3e84:6aff:fed1:774c dev eth0.2 table local metric 0
- ff00::/8 dev eth0 table local metric 256
- ff00::/8 dev eth0.2 table local metric 256
- ff00::/8 dev wlan0 table local metric 256
- ff00::/8 dev br-lan table local metric 256
- root@Archer_C50:~# ip rule show
- 0: from all lookup local
- 32766: from all lookup main
- 32767: from all lookup default
- iptables-save -c
- # Generated by iptables-save v1.8.3 on Mon May 10 06:46:50 2021
- *nat
- :PREROUTING ACCEPT [1247:177624]
- :INPUT ACCEPT [56:4720]
- :OUTPUT ACCEPT [649:45730]
- :POSTROUTING ACCEPT [2:677]
- :postrouting_lan_rule - [0:0]
- :postrouting_rule - [0:0]
- :postrouting_wan_rule - [0:0]
- :prerouting_lan_rule - [0:0]
- :prerouting_rule - [0:0]
- :prerouting_wan_rule - [0:0]
- :zone_lan_postrouting - [0:0]
- :zone_lan_prerouting - [0:0]
- :zone_wan_postrouting - [0:0]
- :zone_wan_prerouting - [0:0]
- [1247:177624] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
- [976:114622] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
- [271:63002] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
- [1229:93884] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
- [2:677] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
- [1227:93207] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
- [2:677] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
- [0:0] -A zone_lan_postrouting -s 192.168.12.0/24 -d 192.168.12.117/32 -p tcp -m tcp --dport 25565 -m comment --comment "!fw3: Mc java (reflection)" -j SNAT --to-source 192.168.12.1
- [0:0] -A zone_lan_postrouting -s 192.168.12.0/24 -d 192.168.12.117/32 -p udp -m udp --dport 25565 -m comment --comment "!fw3: Mc java (reflection)" -j SNAT --to-source 192.168.12.1
- [976:114622] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
- [0:0] -A zone_lan_prerouting -s 192.168.12.0/24 -d 192.168.100.71/32 -p tcp -m tcp --dport 25565 -m comment --comment "!fw3: Mc java (reflection)" -j DNAT --to-destination 192.168.12.117:25565
- [0:0] -A zone_lan_prerouting -s 192.168.12.0/24 -d 192.168.100.71/32 -p udp -m udp --dport 25565 -m comment --comment "!fw3: Mc java (reflection)" -j DNAT --to-destination 192.168.12.117:25565
- [1227:93207] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
- [1227:93207] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
- [271:63002] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
- [0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 25565 -m comment --comment "!fw3: Mc java" -j DNAT --to-destination 192.168.12.117:25565
- [0:0] -A zone_wan_prerouting -p udp -m udp --dport 25565 -m comment --comment "!fw3: Mc java" -j DNAT --to-destination 192.168.12.117:25565
- COMMIT
- # Completed on Mon May 10 06:46:50 2021
- # Generated by iptables-save v1.8.3 on Mon May 10 06:46:50 2021
- *mangle
- :PREROUTING ACCEPT [59516:36825578]
- :INPUT ACCEPT [1107:143655]
- :FORWARD ACCEPT [57841:36561567]
- :OUTPUT ACCEPT [1012:112826]
- :POSTROUTING ACCEPT [58835:36673486]
- [560:33520] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
- [566:32136] -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
- COMMIT
- # Completed on Mon May 10 06:46:50 2021
- # Generated by iptables-save v1.8.3 on Mon May 10 06:46:50 2021
- *filter
- :INPUT ACCEPT [1:52]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- :forwarding_lan_rule - [0:0]
- :forwarding_rule - [0:0]
- :forwarding_wan_rule - [0:0]
- :input_lan_rule - [0:0]
- :input_rule - [0:0]
- :input_wan_rule - [0:0]
- :output_lan_rule - [0:0]
- :output_rule - [0:0]
- :output_wan_rule - [0:0]
- :reject - [0:0]
- :syn_flood - [0:0]
- :zone_lan_dest_ACCEPT - [0:0]
- :zone_lan_forward - [0:0]
- :zone_lan_input - [0:0]
- :zone_lan_output - [0:0]
- :zone_lan_src_ACCEPT - [0:0]
- :zone_wan_dest_ACCEPT - [0:0]
- :zone_wan_dest_REJECT - [0:0]
- :zone_wan_forward - [0:0]
- :zone_wan_input - [0:0]
- :zone_wan_output - [0:0]
- :zone_wan_src_REJECT - [0:0]
- [0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
- [1108:143695] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
- [949:129807] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [4:216] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
- [107:9134] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
- [52:4754] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
- [57841:36561567] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
- [57180:36508853] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [661:52714] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
- [0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
- [0:0] -A FORWARD -m comment --comment "!fw3" -j reject
- [0:0] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
- [1015:113714] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
- [364:67616] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [4:1045] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
- [647:45053] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
- [9:360] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
- [43:4394] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
- [4:216] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
- [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
- [4:1045] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
- [661:52714] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
- [661:52714] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
- [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- [107:9134] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
- [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- [107:9134] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
- [4:1045] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
- [4:1045] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- [106:9082] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- [18:907] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
- [1290:96860] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
- [0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
- [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
- [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
- [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
- [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
- [52:4754] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
- [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
- [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
- [0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
- [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- [52:4754] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
- [647:45053] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
- [647:45053] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
- [52:4754] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
- COMMIT
- # Completed on Mon May 10 06:46:50 2021
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement