Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- input_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
- zone_lan_input all -- anywhere anywhere /* !fw3 */
- zone_wan_input all -- anywhere anywhere /* !fw3 */
- zone_wan_input all -- anywhere anywhere /* !fw3 */
- Chain FORWARD (policy DROP)
- target prot opt source destination
- forwarding_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- zone_lan_forward all -- anywhere anywhere /* !fw3 */
- zone_wan_forward all -- anywhere anywhere /* !fw3 */
- zone_wan_forward all -- anywhere anywhere /* !fw3 */
- reject all -- anywhere anywhere /* !fw3 */
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- output_rule all -- anywhere anywhere /* !fw3: user chain for output */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- zone_lan_output all -- anywhere anywhere /* !fw3 */
- zone_wan_output all -- anywhere anywhere /* !fw3 */
- zone_wan_output all -- anywhere anywhere /* !fw3 */
- Chain forwarding_lan_rule (1 references)
- target prot opt source destination
- Chain forwarding_rule (1 references)
- target prot opt source destination
- Chain forwarding_wan_rule (1 references)
- target prot opt source destination
- Chain input_lan_rule (1 references)
- target prot opt source destination
- Chain input_rule (1 references)
- target prot opt source destination
- Chain input_wan_rule (1 references)
- target prot opt source destination
- Chain output_lan_rule (1 references)
- target prot opt source destination
- Chain output_rule (1 references)
- target prot opt source destination
- Chain output_wan_rule (1 references)
- target prot opt source destination
- Chain reject (5 references)
- target prot opt source destination
- REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
- REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
- Chain syn_flood (1 references)
- target prot opt source destination
- RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
- DROP all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_dest_ACCEPT (5 references)
- target prot opt source destination
- DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_forward (1 references)
- target prot opt source destination
- forwarding_lan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding lan -> wan */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_input (1 references)
- target prot opt source destination
- input_lan_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_output (1 references)
- target prot opt source destination
- output_lan_rule all -- anywhere anywhere /* !fw3: user chain for output */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_src_ACCEPT (1 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
- Chain zone_wan_dest_ACCEPT (2 references)
- target prot opt source destination
- DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
- ACCEPT all -- anywhere anywhere /* !fw3 */
- DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_dest_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere /* !fw3 */
- reject all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_forward (2 references)
- target prot opt source destination
- forwarding_wan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: @rule[7] */
- zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: @rule[8] */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding wan -> lan */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_input (2 references)
- target prot opt source destination
- input_wan_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
- ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
- ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_output (2 references)
- target prot opt source destination
- output_wan_rule all -- anywhere anywhere /* !fw3: user chain for output */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_src_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere /* !fw3 */
- reject all -- anywhere anywhere /* !fw3 */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement