Advertisement
AlastorCrimson

Untitled

Apr 10th, 2021
35
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.84 KB | None | 0 0
  1. network.loopback=interface
  2. network.loopback.ifname='lo'
  3. network.loopback.proto='static'
  4. network.loopback.ipaddr='127.0.0.1'
  5. network.loopback.netmask='255.0.0.0'
  6. network.globals=globals
  7. network.globals.ula_prefix='fd46:e7ae:7619::/48'
  8. network.lan=interface
  9. network.lan.type='bridge'
  10. network.lan.proto='static'
  11. network.lan.ipaddr='192.168.1.1'
  12. network.lan.netmask='255.255.255.0'
  13. network.lan.ip6assign='60'
  14. network.lan.ifname='eth0'
  15. network.wan=interface
  16. network.wan.type='bridge'
  17. network.wan.netmask='255.255.255.0'
  18. network.wan.gateway='192.168.0.1'
  19. network.wan.ipv6='auto'
  20. network.wan.proto='dhcp'
  21. network.wan.ifname='eth1'
  22. network.wwan=interface
  23. network.wwan.type='bridge'
  24. network.wwan.ipaddr='192.168.2.1'
  25. network.wwan.netmask='255.255.255.0'
  26. network.wwan.proto='static'
  27. network.@device[0]=device
  28. network.@device[0].name='radio0.network1'
  29. network.vpn=interface
  30. network.vpn.proto='none'
  31. network.vpn.ifname='tun0'
  32. wireless.radio0=wifi-device
  33. wireless.radio0.type='mac80211'
  34. wireless.radio0.path='platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
  35. wireless.radio0.hwmode='11g'
  36. wireless.radio0.channel='11'
  37. wireless.radio0.country='BR'
  38. wireless.radio0.cell_density='0'
  39. wireless.default_radio0=wifi-iface
  40. wireless.default_radio0.device='radio0'
  41. wireless.default_radio0.mode='ap'
  42. wireless.default_radio0.ssid='normalssid'
  43. wireless.default_radio0.encryption='psk2+ccmp'
  44. wireless.default_radio0.key='secretkey'
  45. wireless.default_radio0.network='wwan'
  46. firewall.@defaults[0]=defaults
  47. firewall.@defaults[0].input='ACCEPT'
  48. firewall.@defaults[0].output='ACCEPT'
  49. firewall.@defaults[0].forward='REJECT'
  50. firewall.@defaults[0].synflood_protect='1'
  51. firewall.lan=zone
  52. firewall.lan.name='lan'
  53. firewall.lan.input='ACCEPT'
  54. firewall.lan.output='ACCEPT'
  55. firewall.lan.forward='ACCEPT'
  56. firewall.lan.network='lan'
  57. firewall.wan=zone
  58. firewall.wan.name='wan'
  59. firewall.wan.output='ACCEPT'
  60. firewall.wan.forward='REJECT'
  61. firewall.wan.masq='1'
  62. firewall.wan.mtu_fix='1'
  63. firewall.wan.network='wan'
  64. firewall.wan.input='ACCEPT'
  65. firewall.wwan=zone
  66. firewall.wwan.name='wwan'
  67. firewall.wwan.network='wwan'
  68. firewall.wwan.input='ACCEPT'
  69. firewall.wwan.forward='REJECT'
  70. firewall.wwan.output='ACCEPT'
  71. firewall.wwan.device='wlan0'
  72. firewall.@rule[0]=rule
  73. firewall.@rule[0].name='Allow-DHCP-Renew'
  74. firewall.@rule[0].src='wan'
  75. firewall.@rule[0].proto='udp'
  76. firewall.@rule[0].dest_port='68'
  77. firewall.@rule[0].target='ACCEPT'
  78. firewall.@rule[0].family='ipv4'
  79. firewall.@rule[1]=rule
  80. firewall.@rule[1].name='Allow-Ping'
  81. firewall.@rule[1].src='wan'
  82. firewall.@rule[1].proto='icmp'
  83. firewall.@rule[1].icmp_type='echo-request'
  84. firewall.@rule[1].family='ipv4'
  85. firewall.@rule[1].target='ACCEPT'
  86. firewall.@rule[2]=rule
  87. firewall.@rule[2].name='Allow-IGMP'
  88. firewall.@rule[2].src='wan'
  89. firewall.@rule[2].proto='igmp'
  90. firewall.@rule[2].family='ipv4'
  91. firewall.@rule[2].target='ACCEPT'
  92. firewall.@rule[3]=rule
  93. firewall.@rule[3].name='Allow-DHCPv6'
  94. firewall.@rule[3].src='wan'
  95. firewall.@rule[3].proto='udp'
  96. firewall.@rule[3].src_ip='fc00::/6'
  97. firewall.@rule[3].dest_ip='fc00::/6'
  98. firewall.@rule[3].dest_port='546'
  99. firewall.@rule[3].family='ipv6'
  100. firewall.@rule[3].target='ACCEPT'
  101. firewall.@rule[4]=rule
  102. firewall.@rule[4].name='Allow-MLD'
  103. firewall.@rule[4].src='wan'
  104. firewall.@rule[4].proto='icmp'
  105. firewall.@rule[4].src_ip='fe80::/10'
  106. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  107. firewall.@rule[4].family='ipv6'
  108. firewall.@rule[4].target='ACCEPT'
  109. firewall.@rule[5]=rule
  110. firewall.@rule[5].name='Allow-ICMPv6-Input'
  111. firewall.@rule[5].src='wan'
  112. firewall.@rule[5].proto='icmp'
  113. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  114. firewall.@rule[5].limit='1000/sec'
  115. firewall.@rule[5].family='ipv6'
  116. firewall.@rule[5].target='ACCEPT'
  117. firewall.@rule[6]=rule
  118. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  119. firewall.@rule[6].src='wan'
  120. firewall.@rule[6].dest='*'
  121. firewall.@rule[6].proto='icmp'
  122. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  123. firewall.@rule[6].limit='1000/sec'
  124. firewall.@rule[6].family='ipv6'
  125. firewall.@rule[6].target='ACCEPT'
  126. firewall.@rule[7]=rule
  127. firewall.@rule[7].name='Allow-IPSec-ESP'
  128. firewall.@rule[7].src='wan'
  129. firewall.@rule[7].dest='lan'
  130. firewall.@rule[7].proto='esp'
  131. firewall.@rule[7].target='ACCEPT'
  132. firewall.@rule[8]=rule
  133. firewall.@rule[8].name='Allow-ISAKMP'
  134. firewall.@rule[8].src='wan'
  135. firewall.@rule[8].dest='lan'
  136. firewall.@rule[8].dest_port='500'
  137. firewall.@rule[8].proto='udp'
  138. firewall.@rule[8].target='ACCEPT'
  139. firewall.@rule[9]=rule
  140. firewall.@rule[9].name='Support-UDP-Traceroute'
  141. firewall.@rule[9].src='wan'
  142. firewall.@rule[9].dest_port='33434:33689'
  143. firewall.@rule[9].proto='udp'
  144. firewall.@rule[9].family='ipv4'
  145. firewall.@rule[9].target='REJECT'
  146. firewall.@rule[9].enabled='false'
  147. firewall.@include[0]=include
  148. firewall.@include[0].path='/etc/firewall.user'
  149. firewall.@forwarding[0]=forwarding
  150. firewall.@forwarding[0].src='wwan'
  151. firewall.@forwarding[0].dest='wan'
  152. firewall.vpn=zone
  153. firewall.vpn.name='vpn'
  154. firewall.vpn.output='ACCEPT'
  155. firewall.vpn.forward='REJECT'
  156. firewall.vpn.masq='1'
  157. firewall.vpn.mtu_fix='1'
  158. firewall.vpn.device='tun+'
  159. firewall.vpn.input='REJECT'
  160. firewall.vpn.network='vpn'
  161. firewall.@forwarding[1]=forwarding
  162. firewall.@forwarding[1].src='lan'
  163. firewall.@forwarding[1].dest='vpn'
  164. firewall.@forwarding[2]=forwarding
  165. firewall.@forwarding[2].src='vpn'
  166. firewall.@forwarding[2].dest='wan'
  167. dhcp.@dnsmasq[0]=dnsmasq
  168. dhcp.@dnsmasq[0].domainneeded='1'
  169. dhcp.@dnsmasq[0].localise_queries='1'
  170. dhcp.@dnsmasq[0].rebind_localhost='1'
  171. dhcp.@dnsmasq[0].local='/lan/'
  172. dhcp.@dnsmasq[0].domain='lan'
  173. dhcp.@dnsmasq[0].expandhosts='1'
  174. dhcp.@dnsmasq[0].readethers='1'
  175. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  176. dhcp.@dnsmasq[0].ednspacket_max='1232'
  177. dhcp.@dnsmasq[0].logqueries='1'
  178. dhcp.@dnsmasq[0].authoritative='1'
  179. dhcp.@dnsmasq[0].confdir='/tmp/dnsmasq.d'
  180. dhcp.@dnsmasq[0].rebind_protection='1'
  181. dhcp.@dnsmasq[0].localservice='0'
  182. dhcp.@dnsmasq[0].noresolv='1'
  183. dhcp.@dnsmasq[0].server='208.67.222.222' '208.67.220.220'
  184. dhcp.lan=dhcp
  185. dhcp.lan.interface='lan'
  186. dhcp.lan.start='100'
  187. dhcp.lan.limit='150'
  188. dhcp.lan.leasetime='12h'
  189. dhcp.lan.dhcpv4='server'
  190. dhcp.lan.dhcpv6='server'
  191. dhcp.lan.ra='server'
  192. dhcp.lan.ra_slaac='1'
  193. dhcp.lan.ra_flags='managed-config' 'other-config'
  194. dhcp.lan.ra_management='1'
  195. dhcp.wan=dhcp
  196. dhcp.wan.interface='wan'
  197. dhcp.wan.ignore='1'
  198. dhcp.odhcpd=odhcpd
  199. dhcp.odhcpd.maindhcp='0'
  200. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  201. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  202. dhcp.odhcpd.loglevel='4'
  203. dhcp.wwan=dhcp
  204. dhcp.wwan.interface='wwan'
  205. dhcp.wwan.start='100'
  206. dhcp.wwan.limit='150'
  207. dhcp.wwan.leasetime='12h'
  208. dhcp.wwan.dhcpv4='server'
  209. dhcp.wwan.dhcpv6='server'
  210. dhcp.wwan.ra_management='1'
  211. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  212. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  213. inet 127.0.0.1/8 scope host lo
  214. valid_lft forever preferred_lft forever
  215. inet6 ::1/128 scope host
  216. valid_lft forever preferred_lft forever
  217. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
  218. link/ether dc:a6:32:56:b3:22 brd ff:ff:ff:ff:ff:ff
  219. 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-wan state UP group default qlen 1000
  220. link/ether 00:0e:c8:9e:8c:6e brd ff:ff:ff:ff:ff:ff
  221. 4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-wwan state UP group default qlen 1000
  222. link/ether dc:a6:32:56:b3:23 brd ff:ff:ff:ff:ff:ff
  223. inet6 fe80::dea6:32ff:fe56:b323/64 scope link
  224. valid_lft forever preferred_lft forever
  225. 5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  226. link/ether dc:a6:32:56:b3:22 brd ff:ff:ff:ff:ff:ff
  227. inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
  228. valid_lft forever preferred_lft forever
  229. inet6 fd46:e7ae:7619::1/60 scope global noprefixroute
  230. valid_lft forever preferred_lft forever
  231. inet6 fe80::dea6:32ff:fe56:b322/64 scope link
  232. valid_lft forever preferred_lft forever
  233. 6: br-wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  234. link/ether 00:0e:c8:9e:8c:6e brd ff:ff:ff:ff:ff:ff
  235. inet 192.168.0.108/24 brd 192.168.0.255 scope global br-wan
  236. valid_lft forever preferred_lft forever
  237. inet6 fe80::20e:c8ff:fe9e:8c6e/64 scope link
  238. valid_lft forever preferred_lft forever
  239. 7: br-wwan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  240. link/ether dc:a6:32:56:b3:23 brd ff:ff:ff:ff:ff:ff
  241. inet 192.168.2.1/24 brd 192.168.2.255 scope global br-wwan
  242. valid_lft forever preferred_lft forever
  243. inet6 fe80::dea6:32ff:fe56:b323/64 scope link
  244. valid_lft forever preferred_lft forever
  245. 8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
  246. link/none
  247. inet 10.172.0.122 peer 10.172.0.121/32 scope global tun0
  248. valid_lft forever preferred_lft forever
  249. inet6 fe80::1728:b972:7984:e31e/64 scope link stable-privacy
  250. valid_lft forever preferred_lft forever
  251. default via 192.168.0.1 dev br-wan table wan
  252. 192.168.0.0/24 dev br-wan table wan proto kernel scope link src 192.168.0.108
  253. 192.168.1.0/24 dev br-lan table wan proto kernel scope link src 192.168.1.1
  254. 192.168.2.0/24 dev br-wwan table wan proto kernel scope link src 192.168.2.1
  255. default via 192.168.2.1 dev br-wwan table wwan
  256. 192.168.0.0/24 dev br-wan table wwan proto kernel scope link src 192.168.0.108
  257. 192.168.1.0/24 dev br-lan table wwan proto kernel scope link src 192.168.1.1
  258. 192.168.2.0/24 dev br-wwan table wwan proto kernel scope link src 192.168.2.1
  259. default via 10.172.0.122 dev tun0 table vpn
  260. 45.56.156.8 via 192.168.0.1 dev br-wan table vpn
  261. 192.168.0.0/24 dev br-wan table vpn proto kernel scope link src 192.168.0.108
  262. 192.168.1.0/24 dev br-lan table vpn proto kernel scope link src 192.168.1.1
  263. 192.168.2.0/24 dev br-wwan table vpn proto kernel scope link src 192.168.2.1
  264. 0.0.0.0/1 via 10.172.0.121 dev tun0
  265. default via 192.168.0.1 dev br-wan proto static src 192.168.0.108
  266. 10.172.0.1 via 10.172.0.121 dev tun0
  267. 10.172.0.121 dev tun0 proto kernel scope link src 10.172.0.122
  268. 45.56.156.8 via 192.168.0.1 dev br-wan
  269. 128.0.0.0/1 via 10.172.0.121 dev tun0
  270. 192.168.0.0/24 dev br-wan proto kernel scope link src 192.168.0.108
  271. 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
  272. 192.168.2.0/24 dev br-wwan proto kernel scope link src 192.168.2.1
  273. local 10.172.0.122 dev tun0 table local proto kernel scope host src 10.172.0.122
  274. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  275. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  276. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  277. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  278. broadcast 192.168.0.0 dev br-wan table local proto kernel scope link src 192.168.0.108
  279. local 192.168.0.108 dev br-wan table local proto kernel scope host src 192.168.0.108
  280. broadcast 192.168.0.255 dev br-wan table local proto kernel scope link src 192.168.0.108
  281. broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
  282. local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
  283. broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
  284. broadcast 192.168.2.0 dev br-wwan table local proto kernel scope link src 192.168.2.1
  285. local 192.168.2.1 dev br-wwan table local proto kernel scope host src 192.168.2.1
  286. broadcast 192.168.2.255 dev br-wwan table local proto kernel scope link src 192.168.2.1
  287. fe80::/64 dev br-wan table wan proto kernel metric 256 pref medium
  288. fe80::/64 dev br-wwan table wwan proto kernel metric 256 pref medium
  289. fe80::/64 dev tun0 table vpn proto kernel metric 256 pref medium
  290. fd46:e7ae:7619::/64 dev br-lan proto static metric 1024 pref medium
  291. unreachable fd46:e7ae:7619::/48 dev lo proto static metric 2147483647 pref medium
  292. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  293. fe80::/64 dev wlan0 proto kernel metric 256 pref medium
  294. fe80::/64 dev br-wwan proto kernel metric 256 pref medium
  295. fe80::/64 dev br-wan proto kernel metric 256 pref medium
  296. fe80::/64 dev tun0 proto kernel metric 256 pref medium
  297. local ::1 dev lo table local proto kernel metric 0 pref medium
  298. anycast fd46:e7ae:7619:: dev br-lan table local proto kernel metric 0 pref medium
  299. local fd46:e7ae:7619::1 dev br-lan table local proto kernel metric 0 pref medium
  300. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  301. anycast fe80:: dev br-wwan table local proto kernel metric 0 pref medium
  302. anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
  303. anycast fe80:: dev br-wan table local proto kernel metric 0 pref medium
  304. anycast fe80:: dev tun0 table local proto kernel metric 0 pref medium
  305. local fe80::20e:c8ff:fe9e:8c6e dev br-wan table local proto kernel metric 0 pref medium
  306. local fe80::1728:b972:7984:e31e dev tun0 table local proto kernel metric 0 pref medium
  307. local fe80::dea6:32ff:fe56:b322 dev br-lan table local proto kernel metric 0 pref medium
  308. local fe80::dea6:32ff:fe56:b323 dev br-wwan table local proto kernel metric 0 pref medium
  309. local fe80::dea6:32ff:fe56:b323 dev wlan0 table local proto kernel metric 0 pref medium
  310. multicast ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
  311. multicast ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
  312. multicast ff00::/8 dev br-wwan table local proto kernel metric 256 pref medium
  313. multicast ff00::/8 dev br-wan table local proto kernel metric 256 pref medium
  314. multicast ff00::/8 dev tun0 table local proto kernel metric 256 pref medium
  315. 0: from all lookup local
  316. 32760: from all fwmark 0x30000/0xff0000 lookup vpn
  317. 32761: from all fwmark 0x20000/0xff0000 lookup wwan
  318. 32762: from all fwmark 0x10000/0xff0000 lookup wan
  319. 32766: from all lookup main
  320. 32767: from all lookup default
  321. # Generated by iptables-save v1.8.7 on Sun Apr 11 04:42:49 2021
  322. *nat
  323. :PREROUTING ACCEPT [282:37471]
  324. :INPUT ACCEPT [25:2498]
  325. :OUTPUT ACCEPT [67:5242]
  326. :POSTROUTING ACCEPT [136:5728]
  327. :postrouting_lan_rule - [0:0]
  328. :postrouting_rule - [0:0]
  329. :postrouting_vpn_rule - [0:0]
  330. :postrouting_wan_rule - [0:0]
  331. :postrouting_wwan_rule - [0:0]
  332. :prerouting_lan_rule - [0:0]
  333. :prerouting_rule - [0:0]
  334. :prerouting_vpn_rule - [0:0]
  335. :prerouting_wan_rule - [0:0]
  336. :prerouting_wwan_rule - [0:0]
  337. :zone_lan_postrouting - [0:0]
  338. :zone_lan_prerouting - [0:0]
  339. :zone_vpn_postrouting - [0:0]
  340. :zone_vpn_prerouting - [0:0]
  341. :zone_wan_postrouting - [0:0]
  342. :zone_wan_prerouting - [0:0]
  343. :zone_wwan_postrouting - [0:0]
  344. :zone_wwan_prerouting - [0:0]
  345. [282:37471] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  346. [100:20927] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  347. [36:7475] -A PREROUTING -i br-wan -m comment --comment "!fw3" -j zone_wan_prerouting
  348. [0:0] -A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_wwan_prerouting
  349. [146:9069] -A PREROUTING -i br-wwan -m comment --comment "!fw3" -j zone_wwan_prerouting
  350. [0:0] -A PREROUTING -i tun+ -m comment --comment "!fw3" -j zone_vpn_prerouting
  351. [0:0] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
  352. [279:28215] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  353. [1:40] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  354. [5:333] -A POSTROUTING -o br-wan -m comment --comment "!fw3" -j zone_wan_postrouting
  355. [0:0] -A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_wwan_postrouting
  356. [135:5688] -A POSTROUTING -o br-wwan -m comment --comment "!fw3" -j zone_wwan_postrouting
  357. [138:22154] -A POSTROUTING -o tun+ -m comment --comment "!fw3" -j zone_vpn_postrouting
  358. [0:0] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
  359. [1:40] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  360. [100:20927] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  361. [138:22154] -A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
  362. [138:22154] -A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
  363. [0:0] -A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
  364. [5:333] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  365. [5:333] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  366. [36:7475] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  367. [135:5688] -A zone_wwan_postrouting -m comment --comment "!fw3: Custom wwan postrouting rule chain" -j postrouting_wwan_rule
  368. [146:9069] -A zone_wwan_prerouting -m comment --comment "!fw3: Custom wwan prerouting rule chain" -j prerouting_wwan_rule
  369. COMMIT
  370. # Completed on Sun Apr 11 04:42:49 2021
  371. # Generated by iptables-save v1.8.7 on Sun Apr 11 04:42:49 2021
  372. *mangle
  373. :PREROUTING ACCEPT [3411:867714]
  374. :INPUT ACCEPT [1524:405888]
  375. :FORWARD ACCEPT [1846:453082]
  376. :OUTPUT ACCEPT [1614:309102]
  377. :POSTROUTING ACCEPT [3323:754024]
  378. :VPR_MARK0x010000 - [0:0]
  379. :VPR_MARK0x020000 - [0:0]
  380. :VPR_MARK0x030000 - [0:0]
  381. :VPR_PREROUTING - [0:0]
  382. [3419:868852] -A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
  383. [1:52] -A FORWARD -o br-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  384. [0:0] -A FORWARD -i br-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  385. [196:11264] -A FORWARD -o tun+ -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  386. [62:3224] -A FORWARD -i tun+ -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  387. [196:11264] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  388. [62:3224] -A FORWARD -i tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  389. [0:0] -A VPR_MARK0x010000 -j MARK --set-xmark 0x10000/0xff0000
  390. [0:0] -A VPR_MARK0x010000 -j RETURN
  391. [0:0] -A VPR_MARK0x020000 -j MARK --set-xmark 0x20000/0xff0000
  392. [0:0] -A VPR_MARK0x020000 -j RETURN
  393. [787:160104] -A VPR_MARK0x030000 -j MARK --set-xmark 0x30000/0xff0000
  394. [787:160104] -A VPR_MARK0x030000 -j RETURN
  395. [787:160104] -A VPR_PREROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -m comment --comment lan_vpn -g VPR_MARK0x030000
  396. COMMIT
  397. # Completed on Sun Apr 11 04:42:49 2021
  398. # Generated by iptables-save v1.8.7 on Sun Apr 11 04:42:49 2021
  399. *filter
  400. :INPUT ACCEPT [2:104]
  401. :FORWARD DROP [0:0]
  402. :OUTPUT ACCEPT [0:0]
  403. :forwarding_lan_rule - [0:0]
  404. :forwarding_rule - [0:0]
  405. :forwarding_vpn_rule - [0:0]
  406. :forwarding_wan_rule - [0:0]
  407. :forwarding_wwan_rule - [0:0]
  408. :input_lan_rule - [0:0]
  409. :input_rule - [0:0]
  410. :input_vpn_rule - [0:0]
  411. :input_wan_rule - [0:0]
  412. :input_wwan_rule - [0:0]
  413. :output_lan_rule - [0:0]
  414. :output_rule - [0:0]
  415. :output_vpn_rule - [0:0]
  416. :output_wan_rule - [0:0]
  417. :output_wwan_rule - [0:0]
  418. :reject - [0:0]
  419. :syn_flood - [0:0]
  420. :zone_lan_dest_ACCEPT - [0:0]
  421. :zone_lan_forward - [0:0]
  422. :zone_lan_input - [0:0]
  423. :zone_lan_output - [0:0]
  424. :zone_lan_src_ACCEPT - [0:0]
  425. :zone_vpn_dest_ACCEPT - [0:0]
  426. :zone_vpn_dest_REJECT - [0:0]
  427. :zone_vpn_forward - [0:0]
  428. :zone_vpn_input - [0:0]
  429. :zone_vpn_output - [0:0]
  430. :zone_vpn_src_REJECT - [0:0]
  431. :zone_wan_dest_ACCEPT - [0:0]
  432. :zone_wan_dest_REJECT - [0:0]
  433. :zone_wan_forward - [0:0]
  434. :zone_wan_input - [0:0]
  435. :zone_wan_output - [0:0]
  436. :zone_wan_src_ACCEPT - [0:0]
  437. :zone_wwan_dest_ACCEPT - [0:0]
  438. :zone_wwan_dest_REJECT - [0:0]
  439. :zone_wwan_forward - [0:0]
  440. :zone_wwan_input - [0:0]
  441. :zone_wwan_output - [0:0]
  442. :zone_wwan_src_ACCEPT - [0:0]
  443. [0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  444. [1541:408393] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  445. [1344:376498] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  446. [2:112] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  447. [11:1192] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  448. [174:29674] -A INPUT -i br-wan -m comment --comment "!fw3" -j zone_wan_input
  449. [0:0] -A INPUT -i wlan0 -m comment --comment "!fw3" -j zone_wwan_input
  450. [12:1029] -A INPUT -i br-wwan -m comment --comment "!fw3" -j zone_wwan_input
  451. [0:0] -A INPUT -i tun+ -m comment --comment "!fw3" -j zone_vpn_input
  452. [0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
  453. [1849:453315] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  454. [1636:427610] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  455. [79:17665] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  456. [0:0] -A FORWARD -i br-wan -m comment --comment "!fw3" -j zone_wan_forward
  457. [0:0] -A FORWARD -i wlan0 -m comment --comment "!fw3" -j zone_wwan_forward
  458. [134:8040] -A FORWARD -i br-wwan -m comment --comment "!fw3" -j zone_wwan_forward
  459. [0:0] -A FORWARD -i tun+ -m comment --comment "!fw3" -j zone_vpn_forward
  460. [0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
  461. [135:8092] -A FORWARD -m comment --comment "!fw3" -j reject
  462. [0:0] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  463. [1645:314727] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  464. [1575:309348] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  465. [0:0] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  466. [6:390] -A OUTPUT -o br-wan -m comment --comment "!fw3" -j zone_wan_output
  467. [0:0] -A OUTPUT -o wlan0 -m comment --comment "!fw3" -j zone_wwan_output
  468. [1:328] -A OUTPUT -o br-wwan -m comment --comment "!fw3" -j zone_wwan_output
  469. [63:4661] -A OUTPUT -o tun+ -m comment --comment "!fw3" -j zone_vpn_output
  470. [0:0] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
  471. [135:8092] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  472. [0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  473. [2:112] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  474. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
  475. [0:0] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  476. [79:17665] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  477. [79:17665] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
  478. [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  479. [1:52] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  480. [11:1192] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  481. [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  482. [11:1192] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  483. [0:0] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  484. [0:0] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  485. [11:1192] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  486. [3:120] -A zone_vpn_dest_ACCEPT -o tun+ -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  487. [138:22154] -A zone_vpn_dest_ACCEPT -o tun+ -m comment --comment "!fw3" -j ACCEPT
  488. [0:0] -A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  489. [0:0] -A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
  490. [0:0] -A zone_vpn_dest_REJECT -o tun+ -m comment --comment "!fw3" -j reject
  491. [0:0] -A zone_vpn_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
  492. [0:0] -A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
  493. [0:0] -A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
  494. [0:0] -A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  495. [0:0] -A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_REJECT
  496. [0:0] -A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
  497. [0:0] -A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  498. [0:0] -A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_REJECT
  499. [63:4661] -A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
  500. [63:4661] -A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
  501. [0:0] -A zone_vpn_src_REJECT -i tun+ -m comment --comment "!fw3" -j reject
  502. [0:0] -A zone_vpn_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
  503. [0:0] -A zone_wan_dest_ACCEPT -o br-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  504. [6:390] -A zone_wan_dest_ACCEPT -o br-wan -m comment --comment "!fw3" -j ACCEPT
  505. [0:0] -A zone_wan_dest_REJECT -o br-wan -m comment --comment "!fw3" -j reject
  506. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  507. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  508. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  509. [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  510. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  511. [174:29674] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  512. [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  513. [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  514. [2:64] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  515. [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  516. [172:29610] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
  517. [6:390] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  518. [6:390] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  519. [170:29506] -A zone_wan_src_ACCEPT -i br-wan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  520. [0:0] -A zone_wwan_dest_ACCEPT -o wlan0 -m comment --comment "!fw3" -j ACCEPT
  521. [1:328] -A zone_wwan_dest_ACCEPT -o br-wwan -m comment --comment "!fw3" -j ACCEPT
  522. [0:0] -A zone_wwan_dest_REJECT -o wlan0 -m comment --comment "!fw3" -j reject
  523. [0:0] -A zone_wwan_dest_REJECT -o br-wwan -m comment --comment "!fw3" -j reject
  524. [134:8040] -A zone_wwan_forward -m comment --comment "!fw3: Custom wwan forwarding rule chain" -j forwarding_wwan_rule
  525. [134:8040] -A zone_wwan_forward -m comment --comment "!fw3: Zone wwan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  526. [0:0] -A zone_wwan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  527. [134:8040] -A zone_wwan_forward -m comment --comment "!fw3" -j zone_wwan_dest_REJECT
  528. [12:1029] -A zone_wwan_input -m comment --comment "!fw3: Custom wwan input rule chain" -j input_wwan_rule
  529. [0:0] -A zone_wwan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  530. [12:1029] -A zone_wwan_input -m comment --comment "!fw3" -j zone_wwan_src_ACCEPT
  531. [1:328] -A zone_wwan_output -m comment --comment "!fw3: Custom wwan output rule chain" -j output_wwan_rule
  532. [1:328] -A zone_wwan_output -m comment --comment "!fw3" -j zone_wwan_dest_ACCEPT
  533. [0:0] -A zone_wwan_src_ACCEPT -i wlan0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  534. [12:1029] -A zone_wwan_src_ACCEPT -i br-wwan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  535. COMMIT
  536. # Completed on Sun Apr 11 04:42:49 2021
  537. ==> /etc/resolv.conf <==
  538. # Interface wan
  539. nameserver 192.168.0.1
  540.  
  541. ==> /tmp/resolv.conf <==
  542. # Interface wan
  543. nameserver 192.168.0.1
  544.  
  545. ==> /tmp/resolv.conf.d <==
  546. head: /tmp/resolv.conf.d: I/O error
  547.  
  548. ==> /tmp/resolv.conf.d/resolv.conf.auto <==
  549. # Interface wan
  550. nameserver 192.168.0.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement