API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 12th, 2013
762
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.94 KB | None | 0 0
raw download clone embed print report
  1. Warning: Unable to locate ipset utility, disabling ipset support
  2. Warning: Section @zone[0] (lan) has no device, network, subnet or extra options
  3. Warning: Section @zone[0] (lan) has no device, network, subnet or extra options
  4. iptables -t filter -P INPUT ACCEPT
  5. iptables -t filter -P OUTPUT ACCEPT
  6. iptables -t filter -P FORWARD DROP
  7. iptables -t filter -N delegate_input
  8. iptables -t filter -N delegate_output
  9. iptables -t filter -N delegate_forward
  10. iptables -t filter -N reject
  11. iptables -t filter -N input_rule
  12. iptables -t filter -N output_rule
  13. iptables -t filter -N forwarding_rule
  14. iptables -t filter -N syn_flood
  15. iptables -t filter -N zone_lan_input
  16. iptables -t filter -N zone_lan_output
  17. iptables -t filter -N zone_lan_forward
  18. iptables -t filter -N zone_lan_src_ACCEPT
  19. iptables -t filter -N zone_lan_src_REJECT
  20. iptables -t filter -N zone_lan_dest_ACCEPT
  21. iptables -t filter -N input_lan_rule
  22. iptables -t filter -N output_lan_rule
  23. iptables -t filter -N forwarding_lan_rule
  24. iptables -t filter -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
  25. iptables -t filter -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
  26. iptables -t filter -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
  27. iptables -t filter -N zone_wan_input
  28. iptables -t filter -N zone_wan_output
  29. iptables -t filter -N zone_wan_forward
  30. iptables -t filter -N zone_wan_src_REJECT
  31. iptables -t filter -N zone_wan_dest_ACCEPT
  32. iptables -t filter -N input_wan_rule
  33. iptables -t filter -N output_wan_rule
  34. iptables -t filter -N forwarding_wan_rule
  35. iptables -t filter -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
  36. iptables -t filter -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
  37. iptables -t filter -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
  38. iptables -t filter -D INPUT -j delegate_input
  39. iptables -t filter -A INPUT -j delegate_input
  40. iptables -t filter -D OUTPUT -j delegate_output
  41. iptables -t filter -A OUTPUT -j delegate_output
  42. iptables -t filter -D FORWARD -j delegate_forward
  43. iptables -t filter -A FORWARD -j delegate_forward
  44. iptables -t filter -A delegate_input -i lo -j ACCEPT
  45. iptables -t filter -A delegate_output -o lo -j ACCEPT
  46. iptables -t filter -A delegate_input -m comment --comment "user chain for input" -j input_rule
  47. iptables -t filter -A delegate_output -m comment --comment "user chain for output" -j output_rule
  48. iptables -t filter -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
  49. iptables -t filter -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  50. iptables -t filter -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  51. iptables -t filter -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  52. iptables -t filter -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
  53. iptables -t filter -A syn_flood -j DROP
  54. iptables -t filter -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
  55. iptables -t filter -A reject -p tcp -j REJECT --reject-with tcp-reset
  56. iptables -t filter -A reject -j REJECT --reject-with icmp-port-unreachable
  57. iptables -t filter -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "@rule[0]" -j ACCEPT
  58. iptables -t filter -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "@rule[1]" -j ACCEPT
  59. iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
  60. iptables -t filter -A zone_lan_input -j zone_lan_src_ACCEPT
  61. iptables -t filter -A zone_lan_forward -j zone_lan_src_REJECT
  62. iptables -t filter -A zone_lan_output -j zone_lan_dest_ACCEPT
  63. iptables -t filter -A zone_wan_input -j zone_wan_src_REJECT
  64. iptables -t filter -A zone_wan_forward -j zone_wan_src_REJECT
  65. iptables -t filter -A zone_wan_output -j zone_wan_dest_ACCEPT
  66. iptables -t filter -A zone_wan_dest_ACCEPT -o wwan0 -j ACCEPT
  67. iptables -t filter -A zone_wan_src_REJECT -i wwan0 -j reject
  68. iptables -t filter -A delegate_input -i wwan0 -j zone_wan_input
  69. iptables -t filter -A delegate_output -o wwan0 -j zone_wan_output
  70. iptables -t filter -A delegate_forward -i wwan0 -j zone_wan_forward
  71. iptables -t filter -A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
  72. iptables -t filter -A zone_wan_src_REJECT -i eth1 -j reject
  73. iptables -t filter -A delegate_input -i eth1 -j zone_wan_input
  74. iptables -t filter -A delegate_output -o eth1 -j zone_wan_output
  75. iptables -t filter -A delegate_forward -i eth1 -j zone_wan_forward
  76. iptables -t filter -A delegate_forward -j reject
  77. iptables -t nat -N delegate_prerouting
  78. iptables -t nat -N delegate_postrouting
  79. iptables -t nat -N prerouting_rule
  80. iptables -t nat -N postrouting_rule
  81. iptables -t nat -N zone_lan_postrouting
  82. iptables -t nat -N zone_lan_prerouting
  83. iptables -t nat -N prerouting_lan_rule
  84. iptables -t nat -N postrouting_lan_rule
  85. iptables -t nat -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
  86. iptables -t nat -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
  87. iptables -t nat -N zone_wan_postrouting
  88. iptables -t nat -N zone_wan_prerouting
  89. iptables -t nat -N prerouting_wan_rule
  90. iptables -t nat -N postrouting_wan_rule
  91. iptables -t nat -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
  92. iptables -t nat -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
  93. iptables -t nat -D PREROUTING -j delegate_prerouting
  94. iptables -t nat -A PREROUTING -j delegate_prerouting
  95. iptables -t nat -D POSTROUTING -j delegate_postrouting
  96. iptables -t nat -A POSTROUTING -j delegate_postrouting
  97. iptables -t nat -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
  98. iptables -t nat -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
  99. iptables -t nat -A zone_wan_postrouting -j MASQUERADE
  100. iptables -t nat -A delegate_prerouting -i wwan0 -j zone_wan_prerouting
  101. iptables -t nat -A delegate_postrouting -o wwan0 -j zone_wan_postrouting
  102. iptables -t nat -A delegate_prerouting -i eth1 -j zone_wan_prerouting
  103. iptables -t nat -A delegate_postrouting -o eth1 -j zone_wan_postrouting
  104. iptables -t mangle -N mssfix
  105. iptables -t mangle -N fwmark
  106. iptables -t mangle -D FORWARD -j mssfix
  107. iptables -t mangle -A FORWARD -j mssfix
  108. iptables -t mangle -D PREROUTING -j fwmark
  109. iptables -t mangle -A PREROUTING -j fwmark
  110. iptables -t mangle -A mssfix -p tcp -o wwan0 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
  111. iptables -t mangle -A mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
  112. iptables -t raw -N delegate_notrack
  113. iptables -t raw -D PREROUTING -j delegate_notrack
  114. iptables -t raw -A PREROUTING -j delegate_notrack
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!