API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 7th, 2019
363
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.69 KB | None | 0 0
raw download clone embed print report
  1. login as: root
  2. root@192.168.8.1's password:
  3.  
  4.  
  5. BusyBox v1.28.3 () built-in shell (ash)
  6.  
  7. _______ ________ __
  8. | |.-----.-----.-----.| | | |.----.| |_
  9. | - || _ | -__| || | | || _|| _|
  10. |_______|| __|_____|__|__||________||__| |____|
  11. |__| W I R E L E S S F R E E D O M
  12. -----------------------------------------------------
  13. OpenWrt 18.06.1, r7258-5eb055306f
  14. -----------------------------------------------------
  15. root@MT300N-V2:~# uci show network; uci show firewall ; uci show openvpn; \
  16. > ip -4 addr; ip -4 ro; ip -4 ru; \
  17. > iptables-save -c
  18. network.loopback=interface
  19. network.loopback.ifname='lo'
  20. network.loopback.proto='static'
  21. network.loopback.ipaddr='127.0.0.1'
  22. network.loopback.netmask='255.0.0.0'
  23. network.globals=globals
  24. network.globals.ula_prefix='fd56:cbbe:53dd::/48'
  25. network.lan=interface
  26. network.lan.type='bridge'
  27. network.lan.ifname='eth0.1'
  28. network.lan.proto='static'
  29. network.lan.netmask='255.255.255.0'
  30. network.lan.ip6assign='60'
  31. network.lan.hostname='GL-MT300N-V2-1f6'
  32. network.lan.ipaddr='192.168.8.1'
  33. network.wan=interface
  34. network.wan.ifname='eth0.2'
  35. network.wan.hostname='GL-MT300N-V2-1f6'
  36. network.wan.metric='10'
  37. network.wan.proto='static'
  38. network.wan.ipaddr='192.168.1.160'
  39. network.wan.gateway='192.168.1.1'
  40. network.wan.netmask='255.255.255.0'
  41. network.wan.peerdns='0'
  42. network.wan.dns='192.168.1.1 8.8.8.8'
  43. network.wan_dev=device
  44. network.wan_dev.name='eth0.2'
  45. network.wan_dev.macaddr='94:83:c4:00:c1:f6'
  46. network.wan6=interface
  47. network.wan6.ifname='eth0.2'
  48. network.wan6.proto='dhcpv6'
  49. network.@switch[0]=switch
  50. network.@switch[0].name='switch0'
  51. network.@switch[0].reset='1'
  52. network.@switch[0].enable_vlan='1'
  53. network.@switch_vlan[0]=switch_vlan
  54. network.@switch_vlan[0].device='switch0'
  55. network.@switch_vlan[0].vlan='1'
  56. network.@switch_vlan[0].ports='1 6t'
  57. network.@switch_vlan[1]=switch_vlan
  58. network.@switch_vlan[1].device='switch0'
  59. network.@switch_vlan[1].vlan='2'
  60. network.@switch_vlan[1].ports='0 6t'
  61. network.guest=interface
  62. network.guest.ifname='guest'
  63. network.guest.type='bridge'
  64. network.guest.proto='static'
  65. network.guest.ipaddr='192.168.9.1'
  66. network.guest.netmask='255.255.255.0'
  67. network.guest.ip6assign='60'
  68. firewall.@defaults[0]=defaults
  69. firewall.@defaults[0].syn_flood='1'
  70. firewall.@defaults[0].input='ACCEPT'
  71. firewall.@defaults[0].output='ACCEPT'
  72. firewall.@defaults[0].forward='ACCEPT'
  73. firewall.@zone[0]=zone
  74. firewall.@zone[0].name='lan'
  75. firewall.@zone[0].network='lan'
  76. firewall.@zone[0].input='ACCEPT'
  77. firewall.@zone[0].output='ACCEPT'
  78. firewall.@zone[0].forward='ACCEPT'
  79. firewall.@zone[1]=zone
  80. firewall.@zone[1].name='wan'
  81. firewall.@zone[1].output='ACCEPT'
  82. firewall.@zone[1].masq='1'
  83. firewall.@zone[1].mtu_fix='1'
  84. firewall.@zone[1].input='ACCEPT'
  85. firewall.@zone[1].forward='ACCEPT'
  86. firewall.@zone[1].network='wan wan6'
  87. firewall.@forwarding[0]=forwarding
  88. firewall.@forwarding[0].src='lan'
  89. firewall.@forwarding[0].dest='wan'
  90. firewall.@rule[0]=rule
  91. firewall.@rule[0].name='Allow-DHCP-Renew'
  92. firewall.@rule[0].src='wan'
  93. firewall.@rule[0].proto='udp'
  94. firewall.@rule[0].dest_port='68'
  95. firewall.@rule[0].target='ACCEPT'
  96. firewall.@rule[0].family='ipv4'
  97. firewall.@rule[1]=rule
  98. firewall.@rule[1].name='Allow-Ping'
  99. firewall.@rule[1].src='wan'
  100. firewall.@rule[1].proto='icmp'
  101. firewall.@rule[1].icmp_type='echo-request'
  102. firewall.@rule[1].family='ipv4'
  103. firewall.@rule[1].target='ACCEPT'
  104. firewall.@rule[2]=rule
  105. firewall.@rule[2].name='Allow-IGMP'
  106. firewall.@rule[2].src='wan'
  107. firewall.@rule[2].proto='igmp'
  108. firewall.@rule[2].family='ipv4'
  109. firewall.@rule[2].target='ACCEPT'
  110. firewall.@rule[3]=rule
  111. firewall.@rule[3].name='Allow-DHCPv6'
  112. firewall.@rule[3].src='wan'
  113. firewall.@rule[3].proto='udp'
  114. firewall.@rule[3].src_ip='fc00::/6'
  115. firewall.@rule[3].dest_ip='fc00::/6'
  116. firewall.@rule[3].dest_port='546'
  117. firewall.@rule[3].family='ipv6'
  118. firewall.@rule[3].target='ACCEPT'
  119. firewall.@rule[4]=rule
  120. firewall.@rule[4].name='Allow-MLD'
  121. firewall.@rule[4].src='wan'
  122. firewall.@rule[4].proto='icmp'
  123. firewall.@rule[4].src_ip='fe80::/10'
  124. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  125. firewall.@rule[4].family='ipv6'
  126. firewall.@rule[4].target='ACCEPT'
  127. firewall.@rule[5]=rule
  128. firewall.@rule[5].name='Allow-ICMPv6-Input'
  129. firewall.@rule[5].src='wan'
  130. firewall.@rule[5].proto='icmp'
  131. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  132. firewall.@rule[5].limit='1000/sec'
  133. firewall.@rule[5].family='ipv6'
  134. firewall.@rule[5].target='ACCEPT'
  135. firewall.@rule[6]=rule
  136. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  137. firewall.@rule[6].src='wan'
  138. firewall.@rule[6].dest='*'
  139. firewall.@rule[6].proto='icmp'
  140. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  141. firewall.@rule[6].limit='1000/sec'
  142. firewall.@rule[6].family='ipv6'
  143. firewall.@rule[6].target='ACCEPT'
  144. firewall.@rule[7]=rule
  145. firewall.@rule[7].name='Allow-IPSec-ESP'
  146. firewall.@rule[7].src='wan'
  147. firewall.@rule[7].dest='lan'
  148. firewall.@rule[7].proto='esp'
  149. firewall.@rule[7].target='ACCEPT'
  150. firewall.@rule[8]=rule
  151. firewall.@rule[8].name='Allow-ISAKMP'
  152. firewall.@rule[8].src='wan'
  153. firewall.@rule[8].dest='lan'
  154. firewall.@rule[8].dest_port='500'
  155. firewall.@rule[8].proto='udp'
  156. firewall.@rule[8].target='ACCEPT'
  157. firewall.@include[0]=include
  158. firewall.@include[0].path='/etc/firewall.user'
  159. firewall.@include[0].reload='1'
  160. firewall.glfw=include
  161. firewall.glfw.type='script'
  162. firewall.glfw.path='/usr/bin/glfw.sh'
  163. firewall.glfw.reload='1'
  164. firewall.glqos=include
  165. firewall.glqos.type='script'
  166. firewall.glqos.path='/usr/sbin/glqos.sh'
  167. firewall.glqos.reload='1'
  168. firewall.mwan3=include
  169. firewall.mwan3.type='script'
  170. firewall.mwan3.path='/var/etc/mwan3.include'
  171. firewall.mwan3.reload='1'
  172. firewall.guestzone=zone
  173. firewall.guestzone.name='guestzone'
  174. firewall.guestzone.network='guest'
  175. firewall.guestzone.output='ACCEPT'
  176. firewall.guestzone.input='ACCEPT'
  177. firewall.guestzone.forward='ACCEPT'
  178. firewall.guestzone_fwd=forwarding
  179. firewall.guestzone_fwd.src='guestzone'
  180. firewall.guestzone_fwd.dest='wan'
  181. firewall.guestzone_dhcp=rule
  182. firewall.guestzone_dhcp.name='guestzone_DHCP'
  183. firewall.guestzone_dhcp.src='guestzone'
  184. firewall.guestzone_dhcp.target='ACCEPT'
  185. firewall.guestzone_dhcp.proto='udp'
  186. firewall.guestzone_dhcp.dest_port='67-68'
  187. firewall.guestzone_dns=rule
  188. firewall.guestzone_dns.name='guestzone_DNS'
  189. firewall.guestzone_dns.src='guestzone'
  190. firewall.guestzone_dns.target='ACCEPT'
  191. firewall.guestzone_dns.proto='tcp udp'
  192. firewall.guestzone_dns.dest_port='53'
  193. firewall.glservice_rule=rule
  194. firewall.glservice_rule.name='glservice'
  195. firewall.glservice_rule.dest_port='83'
  196. firewall.glservice_rule.proto='tcp udp'
  197. firewall.glservice_rule.src='wan'
  198. firewall.glservice_rule.target='ACCEPT'
  199. firewall.glservice_rule.enabled='0'
  200. firewall.vpn_server_rule=rule
  201. firewall.vpn_server_rule.name='Allow-OpenVPN-Inbound'
  202. firewall.vpn_server_rule.target='ACCEPT'
  203. firewall.vpn_server_rule.src='wan'
  204. firewall.vpn_server_rule.proto='udp'
  205. firewall.vpn_server_rule.dest_port='1194'
  206. firewall.vpn_server_zone=zone
  207. firewall.vpn_server_zone.name='vpn-server'
  208. firewall.vpn_server_zone.input='ACCEPT'
  209. firewall.vpn_server_zone.output='ACCEPT'
  210. firewall.vpn_server_zone.masq='1'
  211. firewall.vpn_server_zone.mtu_fix='1'
  212. firewall.vpn_server_zone.device='tun-SERVER'
  213. firewall.vpn_server_zone.forward='ACCEPT'
  214. firewall.vpn_server_wan=forwarding
  215. firewall.vpn_server_wan.src='vpn-server'
  216. firewall.vpn_server_wan.dest='wan'
  217. firewall.vpn_server_lan=forwarding
  218. firewall.vpn_server_lan.src='vpn-server'
  219. firewall.vpn_server_lan.dest='lan'
  220. firewall.vpn_server_guest=forwarding
  221. firewall.vpn_server_guest.src='vpn-server'
  222. firewall.vpn_server_guest.dest='guestzone'
  223. openvpn.custom_config=openvpn
  224. openvpn.custom_config.enabled='0'
  225. openvpn.custom_config.config='/etc/openvpn/my-vpn.conf'
  226. openvpn.sample_server=openvpn
  227. openvpn.sample_server.enabled='0'
  228. openvpn.sample_server.port='1194'
  229. openvpn.sample_server.proto='udp'
  230. openvpn.sample_server.dev='tun'
  231. openvpn.sample_server.ca='/etc/openvpn/ca.crt'
  232. openvpn.sample_server.cert='/etc/openvpn/server.crt'
  233. openvpn.sample_server.key='/etc/openvpn/server.key'
  234. openvpn.sample_server.dh='/etc/openvpn/dh1024.pem'
  235. openvpn.sample_server.server='10.8.0.0 255.255.255.0'
  236. openvpn.sample_server.ifconfig_pool_persist='/tmp/ipp.txt'
  237. openvpn.sample_server.keepalive='10 120'
  238. openvpn.sample_server.compress='lzo'
  239. openvpn.sample_server.persist_key='1'
  240. openvpn.sample_server.persist_tun='1'
  241. openvpn.sample_server.user='nobody'
  242. openvpn.sample_server.status='/tmp/openvpn-status.log'
  243. openvpn.sample_server.verb='3'
  244. openvpn.sample_client=openvpn
  245. openvpn.sample_client.enabled='0'
  246. openvpn.sample_client.client='1'
  247. openvpn.sample_client.dev='tun'
  248. openvpn.sample_client.proto='udp'
  249. openvpn.sample_client.remote='my_server_1 1194'
  250. openvpn.sample_client.resolv_retry='infinite'
  251. openvpn.sample_client.nobind='1'
  252. openvpn.sample_client.persist_key='1'
  253. openvpn.sample_client.persist_tun='1'
  254. openvpn.sample_client.user='nobody'
  255. openvpn.sample_client.ca='/etc/openvpn/ca.crt'
  256. openvpn.sample_client.cert='/etc/openvpn/client.crt'
  257. openvpn.sample_client.key='/etc/openvpn/client.key'
  258. openvpn.sample_client.compress='lzo'
  259. openvpn.sample_client.verb='3'
  260. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  261. inet 127.0.0.1/8 scope host lo
  262. valid_lft forever preferred_lft forever
  263. 12: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  264. inet 192.168.8.1/24 brd 192.168.8.255 scope global br-lan
  265. valid_lft forever preferred_lft forever
  266. 14: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  267. inet 192.168.1.160/24 brd 192.168.1.255 scope global eth0.2
  268. valid_lft forever preferred_lft forever
  269. 15: tun-SERVER: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
  270. inet 10.8.0.1/24 brd 10.8.0.255 scope global tun-SERVER
  271. valid_lft forever preferred_lft forever
  272. default via 192.168.1.1 dev eth0.2 proto static metric 10
  273. 10.8.0.0/24 dev tun-SERVER proto kernel scope link src 10.8.0.1
  274. 192.168.1.0/24 dev eth0.2 proto static scope link metric 10
  275. 192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
  276. 0: from all lookup local
  277. 1001: from all iif eth0.2 lookup main
  278. 2001: from all fwmark 0x100/0x3f00 lookup 1
  279. 2061: from all fwmark 0x3d00/0x3f00 blackhole
  280. 2062: from all fwmark 0x3e00/0x3f00 unreachable
  281. 32766: from all lookup main
  282. 32767: from all lookup default
  283. # Generated by iptables-save v1.6.2 on Sun Dec 8 01:15:05 2019
  284. *nat
  285. :PREROUTING ACCEPT [595:121337]
  286. :INPUT ACCEPT [161:10498]
  287. :OUTPUT ACCEPT [389:32891]
  288. :POSTROUTING ACCEPT [3:901]
  289. :GL_SPEC_DMZ - [0:0]
  290. :GL_SPEC_FORWARDING - [0:0]
  291. :postrouting_guestzone_rule - [0:0]
  292. :postrouting_lan_rule - [0:0]
  293. :postrouting_rule - [0:0]
  294. :postrouting_wan_rule - [0:0]
  295. :prerouting_guestzone_rule - [0:0]
  296. :prerouting_lan_rule - [0:0]
  297. :prerouting_rule - [0:0]
  298. :prerouting_wan_rule - [0:0]
  299. :zone_guestzone_postrouting - [0:0]
  300. :zone_guestzone_prerouting - [0:0]
  301. :zone_lan_postrouting - [0:0]
  302. :zone_lan_prerouting - [0:0]
  303. :zone_vpn-server_postrouting - [0:0]
  304. :zone_vpn-server_prerouting - [0:0]
  305. :zone_wan_postrouting - [0:0]
  306. :zone_wan_prerouting - [0:0]
  307. [595:121337] -A PREROUTING -j GL_SPEC_DMZ
  308. [595:121337] -A PREROUTING -j GL_SPEC_FORWARDING
  309. [596:121378] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  310. [206:14841] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  311. [324:101142] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
  312. [0:0] -A PREROUTING -i br-guest -m comment --comment "!fw3" -j zone_guestzone_prerouting
  313. [66:5395] -A PREROUTING -i tun-SERVER -m comment --comment "!fw3" -j zone_vpn-server_prerouting
  314. [497:41178] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  315. [3:901] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  316. [494:40277] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
  317. [0:0] -A POSTROUTING -o br-guest -m comment --comment "!fw3" -j zone_guestzone_postrouting
  318. [0:0] -A POSTROUTING -o tun-SERVER -m comment --comment "!fw3" -j zone_vpn-server_postrouting
  319. [0:0] -A zone_guestzone_postrouting -m comment --comment "!fw3: Custom guestzone postrouting rule chain" -j postrouting_guestzone_rule
  320. [0:0] -A zone_guestzone_prerouting -m comment --comment "!fw3: Custom guestzone prerouting rule chain" -j prerouting_guestzone_rule
  321. [3:901] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  322. [206:14841] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  323. [0:0] -A zone_vpn-server_postrouting -m comment --comment "!fw3" -j MASQUERADE
  324. [494:40277] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  325. [494:40277] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  326. [324:101142] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  327. COMMIT
  328. # Completed on Sun Dec 8 01:15:05 2019
  329. # Generated by iptables-save v1.6.2 on Sun Dec 8 01:15:05 2019
  330. *mangle
  331. :PREROUTING ACCEPT [46106:17298637]
  332. :INPUT ACCEPT [16570:8462633]
  333. :FORWARD ACCEPT [29209:8733411]
  334. :OUTPUT ACCEPT [14971:1879972]
  335. :POSTROUTING ACCEPT [44182:10613869]
  336. :mwan3_connected - [0:0]
  337. :mwan3_hook - [0:0]
  338. :mwan3_iface_in_wan - [0:0]
  339. :mwan3_iface_out_wan - [0:0]
  340. :mwan3_ifaces_in - [0:0]
  341. :mwan3_ifaces_out - [0:0]
  342. :mwan3_policy_default_poli - [0:0]
  343. :mwan3_rules - [0:0]
  344. [46106:17298637] -A PREROUTING -j mwan3_hook
  345. [3:152] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  346. [1:52] -A FORWARD -o tun-SERVER -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn-server MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  347. [14971:1879972] -A OUTPUT -j mwan3_hook
  348. [15816:8321775] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
  349. [61077:19178609] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
  350. [983:154144] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
  351. [659:53002] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
  352. [480:39361] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
  353. [106:8162] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
  354. [61077:19178609] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
  355. [29665:9978870] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
  356. [324:101142] -A mwan3_iface_in_wan -i eth0.2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
  357. [0:0] -A mwan3_iface_in_wan -i eth0.2 -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
  358. [374:31199] -A mwan3_iface_out_wan -o eth0.2 -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
  359. [983:154144] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wan
  360. [480:39361] -A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wan
  361. [106:8162] -A mwan3_policy_default_poli -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
  362. [106:8162] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_default_poli
  363. COMMIT
  364. # Completed on Sun Dec 8 01:15:05 2019
  365. # Generated by iptables-save v1.6.2 on Sun Dec 8 01:15:05 2019
  366. *filter
  367. :INPUT ACCEPT [0:0]
  368. :FORWARD ACCEPT [0:0]
  369. :OUTPUT ACCEPT [0:0]
  370. :GL_SPEC_OPENING - [0:0]
  371. :forwarding_guestzone_rule - [0:0]
  372. :forwarding_lan_rule - [0:0]
  373. :forwarding_rule - [0:0]
  374. :forwarding_wan_rule - [0:0]
  375. :input_guestzone_rule - [0:0]
  376. :input_lan_rule - [0:0]
  377. :input_rule - [0:0]
  378. :input_wan_rule - [0:0]
  379. :output_guestzone_rule - [0:0]
  380. :output_lan_rule - [0:0]
  381. :output_rule - [0:0]
  382. :output_wan_rule - [0:0]
  383. :reject - [0:0]
  384. :syn_flood - [0:0]
  385. :zone_guestzone_dest_ACCEPT - [0:0]
  386. :zone_guestzone_forward - [0:0]
  387. :zone_guestzone_input - [0:0]
  388. :zone_guestzone_output - [0:0]
  389. :zone_guestzone_src_ACCEPT - [0:0]
  390. :zone_lan_dest_ACCEPT - [0:0]
  391. :zone_lan_forward - [0:0]
  392. :zone_lan_input - [0:0]
  393. :zone_lan_output - [0:0]
  394. :zone_lan_src_ACCEPT - [0:0]
  395. :zone_vpn-server_dest_ACCEPT - [0:0]
  396. :zone_vpn-server_forward - [0:0]
  397. :zone_vpn-server_input - [0:0]
  398. :zone_vpn-server_output - [0:0]
  399. :zone_vpn-server_src_ACCEPT - [0:0]
  400. :zone_wan_dest_ACCEPT - [0:0]
  401. :zone_wan_forward - [0:0]
  402. :zone_wan_input - [0:0]
  403. :zone_wan_output - [0:0]
  404. :zone_wan_src_ACCEPT - [0:0]
  405. [16582:8463617] -A INPUT -j GL_SPEC_OPENING
  406. [0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  407. [16597:8466997] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  408. [16387:8454365] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  409. [69:4404] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  410. [164:11088] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  411. [45:1492] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  412. [0:0] -A INPUT -i br-guest -m comment --comment "!fw3" -j zone_guestzone_input
  413. [1:52] -A INPUT -i tun-SERVER -m comment --comment "!fw3" -j zone_vpn-server_input
  414. [29229:8735307] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  415. [28244:8340620] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  416. [759:382410] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  417. [0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  418. [0:0] -A FORWARD -i br-guest -m comment --comment "!fw3" -j zone_guestzone_forward
  419. [226:12277] -A FORWARD -i tun-SERVER -m comment --comment "!fw3" -j zone_vpn-server_forward
  420. [151:77419] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  421. [14873:1815810] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  422. [14483:1782678] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  423. [4:1142] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  424. [386:31990] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  425. [0:0] -A OUTPUT -o br-guest -m comment --comment "!fw3" -j zone_guestzone_output
  426. [0:0] -A OUTPUT -o tun-SERVER -m comment --comment "!fw3" -j zone_vpn-server_output
  427. [0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  428. [0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  429. [69:4404] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  430. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
  431. [0:0] -A zone_guestzone_dest_ACCEPT -o br-guest -m comment --comment "!fw3" -j ACCEPT
  432. [0:0] -A zone_guestzone_forward -m comment --comment "!fw3: Custom guestzone forwarding rule chain" -j forwarding_guestzone_rule
  433. [0:0] -A zone_guestzone_forward -m comment --comment "!fw3: Zone guestzone to wan forwarding policy" -j zone_wan_dest_ACCEPT
  434. [0:0] -A zone_guestzone_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  435. [0:0] -A zone_guestzone_forward -m comment --comment "!fw3" -j zone_guestzone_dest_ACCEPT
  436. [0:0] -A zone_guestzone_input -m comment --comment "!fw3: Custom guestzone input rule chain" -j input_guestzone_rule
  437. [0:0] -A zone_guestzone_input -p udp -m udp --dport 67:68 -m comment --comment "!fw3: guestzone_DHCP" -j ACCEPT
  438. [0:0] -A zone_guestzone_input -p tcp -m tcp --dport 53 -m comment --comment "!fw3: guestzone_DNS" -j ACCEPT
  439. [0:0] -A zone_guestzone_input -p udp -m udp --dport 53 -m comment --comment "!fw3: guestzone_DNS" -j ACCEPT
  440. [0:0] -A zone_guestzone_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  441. [0:0] -A zone_guestzone_input -m comment --comment "!fw3" -j zone_guestzone_src_ACCEPT
  442. [0:0] -A zone_guestzone_output -m comment --comment "!fw3: Custom guestzone output rule chain" -j output_guestzone_rule
  443. [0:0] -A zone_guestzone_output -m comment --comment "!fw3" -j zone_guestzone_dest_ACCEPT
  444. [0:0] -A zone_guestzone_src_ACCEPT -i br-guest -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  445. [139:6812] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  446. [759:382410] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  447. [759:382410] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  448. [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  449. [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  450. [164:11088] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  451. [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  452. [164:11088] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  453. [4:1142] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  454. [4:1142] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  455. [164:11088] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  456. [0:0] -A zone_vpn-server_dest_ACCEPT -o tun-SERVER -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  457. [0:0] -A zone_vpn-server_dest_ACCEPT -o tun-SERVER -m comment --comment "!fw3" -j ACCEPT
  458. [226:12277] -A zone_vpn-server_forward -m comment --comment "!fw3: Zone vpn-server to wan forwarding policy" -j zone_wan_dest_ACCEPT
  459. [135:5670] -A zone_vpn-server_forward -m comment --comment "!fw3: Zone vpn-server to lan forwarding policy" -j zone_lan_dest_ACCEPT
  460. [0:0] -A zone_vpn-server_forward -m comment --comment "!fw3: Zone vpn-server to guestzone forwarding policy" -j zone_guestzone_dest_ACCEPT
  461. [0:0] -A zone_vpn-server_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  462. [0:0] -A zone_vpn-server_forward -m comment --comment "!fw3" -j zone_vpn-server_dest_ACCEPT
  463. [0:0] -A zone_vpn-server_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  464. [1:52] -A zone_vpn-server_input -m comment --comment "!fw3" -j zone_vpn-server_src_ACCEPT
  465. [0:0] -A zone_vpn-server_output -m comment --comment "!fw3" -j zone_vpn-server_dest_ACCEPT
  466. [1:52] -A zone_vpn-server_src_ACCEPT -i tun-SERVER -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  467. [0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  468. [1236:421007] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  469. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  470. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  471. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  472. [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  473. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  474. [45:1492] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  475. [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  476. [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  477. [13:468] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  478. [0:0] -A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: Allow-OpenVPN-Inbound" -j ACCEPT
  479. [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  480. [32:1024] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
  481. [386:31990] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  482. [386:31990] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  483. [32:1024] -A zone_wan_src_ACCEPT -i eth0.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  484. COMMIT
  485. # Completed on Sun Dec 8 01:15:05 2019
  486. root@MT300N-V2:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!