API tools faq
paste
Advertisement
Audioctor

IPv6 Diagnostics for OpenWRT on Netgear R6220 with mwan3

Audioctor
May 12th, 2021
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 36.77 KB | None | 0 0
raw download clone embed print report
  1.  
  2. root@OpenWrt:~# ubus call system board
  3. {
  4. "kernel": "4.14.209",
  5. "hostname": "OpenWrt",
  6. "system": "MediaTek MT7621 ver:1 eco:3",
  7. "model": "Netgear R6220",
  8. "board_name": "r6220",
  9. "release": {
  10. "distribution": "OpenWrt",
  11. "version": "19.07.5",
  12. "revision": "r11257-5090152ae3",
  13. "target": "ramips/mt7621",
  14. "description": "OpenWrt 19.07.5 r11257-5090152ae3"
  15. }
  16. }
  17. root@OpenWrt:~# uci show network
  18. network.loopback=interface
  19. network.loopback.ifname='lo'
  20. network.loopback.proto='static'
  21. network.loopback.ipaddr='127.0.0.1'
  22. network.loopback.netmask='255.0.0.0'
  23. network.globals=globals
  24. network.globals.ula_prefix='dd4e:2271:c462::/48'
  25. network.lan=interface
  26. network.lan.type='bridge'
  27. network.lan.ifname='eth0.1'
  28. network.lan.proto='static'
  29. network.lan.netmask='255.255.255.0'
  30. network.lan.ip6assign='60'
  31. network.lan.ipaddr='192.168.0.1'
  32. network.lan_eth0_1_dev=device
  33. network.lan_eth0_1_dev.name='eth0.1'
  34. network.lan_eth0_1_dev.macaddr='08:02:8e:e6:43:e8'
  35. network.wan=interface
  36. network.wan.ifname='eth0.2'
  37. network.wan.proto='dhcp'
  38. network.wan.metric='10'
  39. network.wan.delegate='0'
  40. network.wan_eth0_2_dev=device
  41. network.wan_eth0_2_dev.name='eth0.2'
  42. network.wan_eth0_2_dev.macaddr='08:02:8e:e6:43:e9'
  43. network.wan6=interface
  44. network.wan6.ifname='eth0.2'
  45. network.wan6.proto='dhcpv6'
  46. network.wan6.reqaddress='try'
  47. network.wan6.reqprefix='auto'
  48. network.wan6.metric='10'
  49. network.@switch[0]=switch
  50. network.@switch[0].name='switch0'
  51. network.@switch[0].reset='1'
  52. network.@switch[0].enable_vlan='1'
  53. network.@switch_vlan[0]=switch_vlan
  54. network.@switch_vlan[0].device='switch0'
  55. network.@switch_vlan[0].vlan='1'
  56. network.@switch_vlan[0].vid='1'
  57. network.@switch_vlan[0].ports='6t 1 0'
  58. network.@switch_vlan[1]=switch_vlan
  59. network.@switch_vlan[1].device='switch0'
  60. network.@switch_vlan[1].vlan='2'
  61. network.@switch_vlan[1].vid='2'
  62. network.@switch_vlan[1].ports='6t 4'
  63. network.@switch_vlan[2]=switch_vlan
  64. network.@switch_vlan[2].device='switch0'
  65. network.@switch_vlan[2].vlan='3'
  66. network.@switch_vlan[2].vid='3'
  67. network.@switch_vlan[2].ports='6t 3'
  68. network.wanb=interface
  69. network.wanb.ifname='eth0.3'
  70. network.wanb.proto='static'
  71. network.wanb.netmask='255.255.255.0'
  72. network.wanb.ipaddr='192.168.4.4'
  73. network.wanb.gateway='192.168.4.1'
  74. network.wanb.metric='20'
  75. network.wanb.macaddr='08:02:8e:e6:43:e7'
  76. network.wanb.force_link='0'
  77. network.wanb.delegate='0'
  78. network.wanb6=interface
  79. network.wanb6.ifname='eth0.3'
  80. network.wanb6.proto='dhcpv6'
  81. network.wanb6.reqaddress='try'
  82. network.wanb6.reqprefix='auto'
  83. network.wanb6.macaddr='08:02:8e:e6:43:e7'
  84. network.wanb6.metric='20'
  85. network.@switch_vlan[3]=switch_vlan
  86. network.@switch_vlan[3].device='switch0'
  87. network.@switch_vlan[3].vlan='5'
  88. network.@switch_vlan[3].vid='131'
  89. network.@switch_vlan[3].ports='6t 2t'
  90. network.@switch_vlan[4]=switch_vlan
  91. network.@switch_vlan[4].device='switch0'
  92. network.@switch_vlan[4].vlan='6'
  93. network.@switch_vlan[4].vid='1849'
  94. network.@switch_vlan[4].ports='6t 2t'
  95. network.@switch_vlan[5]=switch_vlan
  96. network.@switch_vlan[5].device='switch0'
  97. network.@switch_vlan[5].vlan='7'
  98. network.@switch_vlan[5].ports='6t 2'
  99. network.@switch_vlan[5].vid='4'
  100. network.wanc=interface
  101. network.wanc.ifname='eth0.4'
  102. network.wanc.proto='static'
  103. network.wanc.netmask='255.255.255.0'
  104. network.wanc.ipaddr='192.168.100.2'
  105. network.wanc.gateway='192.168.100.1'
  106. network.wanc.metric='30'
  107. network.wanc.delegate='0'
  108. network.wancvirtual=interface
  109. network.wancvirtual.ifname='eth0.4'
  110. network.wancvirtual.proto='static'
  111. network.wancvirtual.netmask='255.255.255.0'
  112. network.wancvirtual.ipaddr='192.168.100.4'
  113. network.wancvirtual.gateway='192.168.100.1'
  114. network.wancvirtual.metric='35'
  115. network.wancvirtual.macaddr='7c:a9:6b:37:28:2d'
  116. network.wanc6=interface
  117. network.wanc6.proto='dhcpv6'
  118. network.wanc6.reqprefix='auto'
  119. network.wanc6.reqaddress='try'
  120. network.wanc6.mtu='1492'
  121. network.wanc6.macaddr='7c:a9:6b:37:28:2e'
  122. network.wanc6.ifname='eth0.4'
  123. network.wanc6.metric='30'
  124. root@OpenWrt:~# uci show dhcp
  125. dhcp.@dnsmasq[0]=dnsmasq
  126. dhcp.@dnsmasq[0].domainneeded='1'
  127. dhcp.@dnsmasq[0].boguspriv='1'
  128. dhcp.@dnsmasq[0].filterwin2k='0'
  129. dhcp.@dnsmasq[0].localise_queries='1'
  130. dhcp.@dnsmasq[0].rebind_protection='1'
  131. dhcp.@dnsmasq[0].rebind_localhost='1'
  132. dhcp.@dnsmasq[0].local='/lan/'
  133. dhcp.@dnsmasq[0].domain='lan'
  134. dhcp.@dnsmasq[0].expandhosts='1'
  135. dhcp.@dnsmasq[0].nonegcache='0'
  136. dhcp.@dnsmasq[0].authoritative='1'
  137. dhcp.@dnsmasq[0].readethers='1'
  138. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  139. dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
  140. dhcp.@dnsmasq[0].nonwildcard='1'
  141. dhcp.@dnsmasq[0].localservice='1'
  142. dhcp.lan=dhcp
  143. dhcp.lan.interface='lan'
  144. dhcp.lan.start='100'
  145. dhcp.lan.limit='150'
  146. dhcp.lan.leasetime='12h'
  147. dhcp.lan.ra='server'
  148. dhcp.lan.dhcpv6='server'
  149. dhcp.lan.ra_management='1'
  150. dhcp.wan=dhcp
  151. dhcp.wan.interface='wan'
  152. dhcp.wan.ignore='1'
  153. dhcp.odhcpd=odhcpd
  154. dhcp.odhcpd.maindhcp='0'
  155. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  156. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  157. dhcp.odhcpd.loglevel='4'
  158. root@OpenWrt:~# uci show firewall
  159. firewall.@defaults[0]=defaults
  160. firewall.@defaults[0].input='ACCEPT'
  161. firewall.@defaults[0].output='ACCEPT'
  162. firewall.@defaults[0].synflood_protect='1'
  163. firewall.@defaults[0].forward='ACCEPT'
  164. firewall.@zone[0]=zone
  165. firewall.@zone[0].name='lan'
  166. firewall.@zone[0].input='ACCEPT'
  167. firewall.@zone[0].output='ACCEPT'
  168. firewall.@zone[0].forward='ACCEPT'
  169. firewall.@zone[0].network='lan'
  170. firewall.@zone[1]=zone
  171. firewall.@zone[1].name='wan'
  172. firewall.@zone[1].input='REJECT'
  173. firewall.@zone[1].output='ACCEPT'
  174. firewall.@zone[1].forward='REJECT'
  175. firewall.@zone[1].mtu_fix='1'
  176. firewall.@zone[1].masq='1'
  177. firewall.@zone[1].network='wan wan6 wanb wanb6 wanc wancvirtual wanc6'
  178. firewall.@zone[1].masq6=''\''1'\'''
  179. firewall.@forwarding[0]=forwarding
  180. firewall.@forwarding[0].src='lan'
  181. firewall.@forwarding[0].dest='wan'
  182. firewall.@rule[0]=rule
  183. firewall.@rule[0].name='Allow-DHCP-Renew'
  184. firewall.@rule[0].src='wan'
  185. firewall.@rule[0].proto='udp'
  186. firewall.@rule[0].dest_port='68'
  187. firewall.@rule[0].target='ACCEPT'
  188. firewall.@rule[0].family='ipv4'
  189. firewall.@rule[1]=rule
  190. firewall.@rule[1].name='Allow-Ping'
  191. firewall.@rule[1].src='wan'
  192. firewall.@rule[1].proto='icmp'
  193. firewall.@rule[1].icmp_type='echo-request'
  194. firewall.@rule[1].family='ipv4'
  195. firewall.@rule[1].target='ACCEPT'
  196. firewall.@rule[2]=rule
  197. firewall.@rule[2].name='Allow-IGMP'
  198. firewall.@rule[2].src='wan'
  199. firewall.@rule[2].proto='igmp'
  200. firewall.@rule[2].family='ipv4'
  201. firewall.@rule[2].target='ACCEPT'
  202. firewall.@rule[3]=rule
  203. firewall.@rule[3].name='Allow-DHCPv6'
  204. firewall.@rule[3].src='wan'
  205. firewall.@rule[3].proto='udp'
  206. firewall.@rule[3].src_ip='fc00::/6'
  207. firewall.@rule[3].dest_ip='fc00::/6'
  208. firewall.@rule[3].dest_port='546'
  209. firewall.@rule[3].family='ipv6'
  210. firewall.@rule[3].target='ACCEPT'
  211. firewall.@rule[4]=rule
  212. firewall.@rule[4].name='Allow-MLD'
  213. firewall.@rule[4].src='wan'
  214. firewall.@rule[4].proto='icmp'
  215. firewall.@rule[4].src_ip='fe80::/10'
  216. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  217. firewall.@rule[4].family='ipv6'
  218. firewall.@rule[4].target='ACCEPT'
  219. firewall.@rule[5]=rule
  220. firewall.@rule[5].name='Allow-ICMPv6-Input'
  221. firewall.@rule[5].src='wan'
  222. firewall.@rule[5].proto='icmp'
  223. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  224. firewall.@rule[5].limit='1000/sec'
  225. firewall.@rule[5].family='ipv6'
  226. firewall.@rule[5].target='ACCEPT'
  227. firewall.@rule[6]=rule
  228. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  229. firewall.@rule[6].src='wan'
  230. firewall.@rule[6].dest='*'
  231. firewall.@rule[6].proto='icmp'
  232. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  233. firewall.@rule[6].limit='1000/sec'
  234. firewall.@rule[6].family='ipv6'
  235. firewall.@rule[6].target='ACCEPT'
  236. firewall.@rule[6].enabled=''\''0'\'''
  237. firewall.@rule[7]=rule
  238. firewall.@rule[7].name='Allow-IPSec-ESP'
  239. firewall.@rule[7].src='wan'
  240. firewall.@rule[7].dest='lan'
  241. firewall.@rule[7].proto='esp'
  242. firewall.@rule[7].target='ACCEPT'
  243. firewall.@rule[8]=rule
  244. firewall.@rule[8].name='Allow-ISAKMP'
  245. firewall.@rule[8].src='wan'
  246. firewall.@rule[8].dest='lan'
  247. firewall.@rule[8].dest_port='500'
  248. firewall.@rule[8].proto='udp'
  249. firewall.@rule[8].target='ACCEPT'
  250. firewall.@include[0]=include
  251. firewall.@include[0].path='/etc/firewall.user'
  252. firewall.@forwarding[1]=forwarding
  253. firewall.@forwarding[1].dest='lan'
  254. firewall.@forwarding[1].src='wan'
  255. firewall.@redirect[0]=redirect
  256. firewall.@redirect[0].dest_port='21'
  257. firewall.@redirect[0].src='wan'
  258. firewall.@redirect[0].name='Linphone'
  259. firewall.@redirect[0].src_dport='21'
  260. firewall.@redirect[0].target='DNAT'
  261. firewall.@redirect[0].dest_ip='192.168.0.187'
  262. firewall.@redirect[0].dest='lan'
  263. firewall.@redirect[0].proto='udp'
  264. firewall.@redirect[0].src_ip='192.168.4.1'
  265. firewall.@redirect[0].src_mac='B4:6E:08:93:57:C2'
  266. root@OpenWrt:~# \
  267. > ip address show
  268. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  269. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  270. inet 127.0.0.1/8 scope host lo
  271. valid_lft forever preferred_lft forever
  272. inet6 ::1/128 scope host
  273. valid_lft forever preferred_lft forever
  274. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
  275. link/ether 08:02:8e:e6:43:e8 brd ff:ff:ff:ff:ff:ff
  276. inet6 fe80::a02:8eff:fee6:43e8/64 scope link
  277. valid_lft forever preferred_lft forever
  278. 5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  279. link/ether 08:02:8e:e6:43:e8 brd ff:ff:ff:ff:ff:ff
  280. inet 192.168.0.1/24 brd 192.168.0.255 scope global br-lan
  281. valid_lft forever preferred_lft forever
  282. inet6 2001:4490:4409:5010::1/64 scope global dynamic noprefixroute
  283. valid_lft 82985sec preferred_lft 82985sec
  284. inet6 2001:4490:4409:4ea6::1/64 scope global dynamic noprefixroute
  285. valid_lft 39783sec preferred_lft 39783sec
  286. inet6 dd4e:2271:c462::1/60 scope global noprefixroute
  287. valid_lft forever preferred_lft forever
  288. inet6 fe80::a02:8eff:fee6:43e8/64 scope link
  289. valid_lft forever preferred_lft forever
  290. 6: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  291. link/ether 08:02:8e:e6:43:e8 brd ff:ff:ff:ff:ff:ff
  292. 7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  293. link/ether 08:02:8e:e6:43:e9 brd ff:ff:ff:ff:ff:ff
  294. inet 192.168.29.13/24 brd 192.168.29.255 scope global eth0.2
  295. valid_lft forever preferred_lft forever
  296. inet6 2405:201:300f:d4:a02:8eff:fee6:43e9/64 scope global dynamic noprefixroute
  297. valid_lft 3593sec preferred_lft 3593sec
  298. inet6 fe80::a02:8eff:fee6:43e9/64 scope link
  299. valid_lft forever preferred_lft forever
  300. 8: eth0.3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  301. link/ether 08:02:8e:e6:43:e7 brd ff:ff:ff:ff:ff:ff
  302. inet 192.168.4.4/24 brd 192.168.4.255 scope global eth0.3
  303. valid_lft forever preferred_lft forever
  304. inet6 fdb4:6e08:9357:c200:a02:8eff:fee6:43e7/64 scope global dynamic noprefixroute
  305. valid_lft 6742sec preferred_lft 3142sec
  306. inet6 fe80::a02:8eff:fee6:43e7/64 scope link
  307. valid_lft forever preferred_lft forever
  308. 9: eth0.4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc noqueue state UP group default qlen 1000
  309. link/ether 7c:a9:6b:37:28:2e brd ff:ff:ff:ff:ff:ff
  310. inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0.4
  311. valid_lft forever preferred_lft forever
  312. inet 192.168.100.4/24 brd 192.168.100.255 scope global secondary eth0.4
  313. valid_lft forever preferred_lft forever
  314. inet6 2001:4490:4409:5010:7ea9:6bff:fe37:282e/64 scope global dynamic noprefixroute
  315. valid_lft 85851sec preferred_lft 85851sec
  316. inet6 fd8c:fd18:2c36:c100:7ea9:6bff:fe37:282e/64 scope global dynamic noprefixroute
  317. valid_lft 6651sec preferred_lft 3051sec
  318. inet6 2001:4490:4409:4ea6::1/128 scope global dynamic noprefixroute
  319. valid_lft 39783sec preferred_lft 39783sec
  320. inet6 fe80::7ea9:6bff:fe37:282e/64 scope link
  321. valid_lft forever preferred_lft forever
  322. 10: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  323. link/ether 08:02:8e:e6:43:e8 brd ff:ff:ff:ff:ff:ff
  324. inet6 fe80::a02:8eff:fee6:43e8/64 scope link
  325. valid_lft forever preferred_lft forever
  326. 11: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  327. link/ether 08:02:8e:e6:43:ec brd ff:ff:ff:ff:ff:ff
  328. inet6 fe80::a02:8eff:fee6:43ec/64 scope link
  329. valid_lft forever preferred_lft forever
  330. root@OpenWrt:~# ip route show table all
  331. default via 192.168.29.1 dev eth0.2 table 1 metric 10
  332. 192.168.0.0/24 dev br-lan table 1 proto kernel scope link src 192.168.0.1
  333. 192.168.4.0/24 dev eth0.3 table 1 proto static scope link metric 20
  334. 192.168.29.0/24 dev eth0.2 table 1 proto static scope link metric 10
  335. 192.168.100.0/24 dev eth0.4 table 1 proto static scope link metric 30
  336. 192.168.100.0/24 dev eth0.4 table 1 proto static scope link metric 35
  337. default via 192.168.4.1 dev eth0.3 table 3 metric 20
  338. 192.168.0.0/24 dev br-lan table 3 proto kernel scope link src 192.168.0.1
  339. 192.168.4.0/24 dev eth0.3 table 3 proto static scope link metric 20
  340. 192.168.29.0/24 dev eth0.2 table 3 proto static scope link metric 10
  341. 192.168.100.0/24 dev eth0.4 table 3 proto static scope link metric 30
  342. 192.168.100.0/24 dev eth0.4 table 3 proto static scope link metric 35
  343. default via 192.168.100.1 dev eth0.4 table 5 metric 30
  344. 192.168.0.0/24 dev br-lan table 5 proto kernel scope link src 192.168.0.1
  345. 192.168.4.0/24 dev eth0.3 table 5 proto static scope link metric 20
  346. 192.168.29.0/24 dev eth0.2 table 5 proto static scope link metric 10
  347. 192.168.100.0/24 dev eth0.4 table 5 proto static scope link metric 30
  348. 192.168.100.0/24 dev eth0.4 table 5 proto static scope link metric 35
  349. default via 192.168.29.1 dev eth0.2 proto static src 192.168.29.13 metric 10
  350. default via 192.168.4.1 dev eth0.3 proto static metric 20
  351. default via 192.168.100.1 dev eth0.4 proto static metric 30
  352. default via 192.168.100.1 dev eth0.4 proto static metric 35
  353. 192.168.0.0/24 dev br-lan proto kernel scope link src 192.168.0.1
  354. 192.168.4.0/24 dev eth0.3 proto static scope link metric 20
  355. 192.168.29.0/24 dev eth0.2 proto static scope link metric 10
  356. 192.168.100.0/24 dev eth0.4 proto static scope link metric 30
  357. 192.168.100.0/24 dev eth0.4 proto static scope link metric 35
  358. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  359. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  360. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  361. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  362. broadcast 192.168.0.0 dev br-lan table local proto kernel scope link src 192.168.0.1
  363. local 192.168.0.1 dev br-lan table local proto kernel scope host src 192.168.0.1
  364. broadcast 192.168.0.255 dev br-lan table local proto kernel scope link src 192.168.0.1
  365. broadcast 192.168.4.0 dev eth0.3 table local proto kernel scope link src 192.168.4.4
  366. local 192.168.4.4 dev eth0.3 table local proto kernel scope host src 192.168.4.4
  367. broadcast 192.168.4.255 dev eth0.3 table local proto kernel scope link src 192.168.4.4
  368. broadcast 192.168.29.0 dev eth0.2 table local proto kernel scope link src 192.168.29.13
  369. local 192.168.29.13 dev eth0.2 table local proto kernel scope host src 192.168.29.13
  370. broadcast 192.168.29.255 dev eth0.2 table local proto kernel scope link src 192.168.29.13
  371. broadcast 192.168.100.0 dev eth0.4 table local proto kernel scope link src 192.168.100.2
  372. local 192.168.100.2 dev eth0.4 table local proto kernel scope host src 192.168.100.2
  373. local 192.168.100.4 dev eth0.4 table local proto kernel scope host src 192.168.100.2
  374. broadcast 192.168.100.255 dev eth0.4 table local proto kernel scope link src 192.168.100.2
  375. 2001:4490:4409:4ea6::/64 dev eth0.4 table 2 proto static metric 256 pref medium
  376. 2001:4490:4409:4ea6::/64 dev br-lan table 2 proto static metric 1024 pref medium
  377. 2405:201:300f:d4::/64 dev eth0.2 table 2 proto static metric 256 pref medium
  378. dd4e:2271:c462::/64 dev br-lan table 2 proto static metric 1024 pref medium
  379. fd8c:fd18:2c36:c100::/64 dev eth0.4 table 2 proto static metric 256 pref medium
  380. fdb4:6e08:9357:c200::/64 dev eth0.3 table 2 proto static metric 256 pref medium
  381. default dev eth0.2 table 2 metric 10 pref medium
  382. 2001:4490:4409:4ea6::/64 dev eth0.4 table 4 proto static metric 256 pref medium
  383. 2001:4490:4409:4ea6::/64 dev br-lan table 4 proto static metric 1024 pref medium
  384. 2405:201:300f:d4::/64 dev eth0.2 table 4 proto static metric 256 pref medium
  385. dd4e:2271:c462::/64 dev br-lan table 4 proto static metric 1024 pref medium
  386. fd8c:fd18:2c36:c100::/64 dev eth0.4 table 4 proto static metric 256 pref medium
  387. fdb4:6e08:9357:c200::/64 dev eth0.3 table 4 proto static metric 256 pref medium
  388. default via fe80::1 dev eth0.3 table 4 metric 20 pref medium
  389. 2001:4490:4409:4ea6::/64 dev eth0.4 table 6 proto static metric 256 pref medium
  390. 2001:4490:4409:4ea6::/64 dev br-lan table 6 proto static metric 1024 pref medium
  391. 2405:201:300f:d4::/64 dev eth0.2 table 6 proto static metric 256 pref medium
  392. dd4e:2271:c462::/64 dev br-lan table 6 proto static metric 1024 pref medium
  393. fd8c:fd18:2c36:c100::/64 dev eth0.4 table 6 proto static metric 256 pref medium
  394. fdb4:6e08:9357:c200::/64 dev eth0.3 table 6 proto static metric 256 pref medium
  395. default via fe80::1 dev eth0.4 table 6 metric 30 pref medium
  396. default from 2001:4490:4409:4ea6::1 via fe80::1 dev eth0.4 proto static metric 512 pref medium
  397. default from 2001:4490:4409:5010::/64 via fe80::1 dev eth0.4 proto static metric 512 pref medium
  398. default from 2405:201:300f:d4::/64 via fe80::6a14:1ff:fe58:9f8b dev eth0.2 proto static metric 384 pref medium
  399. default from fd8c:fd18:2c36:c100::/64 via fe80::1 dev eth0.4 proto static metric 512 pref medium
  400. default from fdb4:6e08:9357:c200::/64 via fe80::1 dev eth0.3 proto static metric 512 pref medium
  401. 2001:4490:4409:4ea6::/64 dev eth0.4 proto static metric 256 pref medium
  402. 2001:4490:4409:4ea6::/64 dev br-lan proto static metric 1024 pref medium
  403. unreachable 2001:4490:4409:4ea6::/64 dev lo proto static metric 2147483647 error 4294967148 pref medium
  404. 2001:4490:4409:4fe4::/64 dev eth0.4 proto static metric 256 pref medium
  405. 2001:4490:4409:5010::/64 dev eth0.4 proto static metric 256 pref medium
  406. 2001:4490:4409:5010::/64 dev br-lan proto static metric 1024 pref medium
  407. unreachable 2001:4490:4409:5010::/64 dev lo proto static metric 2147483647 error 4294967148 pref medium
  408. 2405:201:300f:d4::/64 dev eth0.2 proto static metric 256 pref medium
  409. dd4e:2271:c462::/64 dev br-lan proto static metric 1024 pref medium
  410. unreachable dd4e:2271:c462::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
  411. fd8c:fd18:2c36:c100::/64 dev eth0.4 proto static metric 256 pref medium
  412. fdb4:6e08:9357:c200::/64 dev eth0.3 proto static metric 256 pref medium
  413. fe80::/64 dev eth0 proto kernel metric 256 pref medium
  414. fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
  415. fe80::/64 dev eth0.3 proto kernel metric 256 pref medium
  416. fe80::/64 dev eth0.4 proto kernel metric 256 pref medium
  417. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  418. fe80::/64 dev wlan0 proto kernel metric 256 pref medium
  419. fe80::/64 dev wlan1 proto kernel metric 256 pref medium
  420. local ::1 dev lo table local proto kernel metric 0 pref medium
  421. anycast 2001:4490:4409:4ea6:: dev br-lan table local proto kernel metric 0 pref medium
  422. local 2001:4490:4409:4ea6::1 dev eth0.4 table local proto kernel metric 0 pref medium
  423. local 2001:4490:4409:4ea6::1 dev br-lan table local proto kernel metric 0 pref medium
  424. anycast 2001:4490:4409:5010:: dev eth0.4 table local proto kernel metric 0 pref medium
  425. anycast 2001:4490:4409:5010:: dev br-lan table local proto kernel metric 0 pref medium
  426. local 2001:4490:4409:5010::1 dev br-lan table local proto kernel metric 0 pref medium
  427. local 2001:4490:4409:5010:7ea9:6bff:fe37:282e dev eth0.4 table local proto kernel metric 0 pref medium
  428. anycast 2405:201:300f:d4:: dev eth0.2 table local proto kernel metric 0 pref medium
  429. local 2405:201:300f:d4:a02:8eff:fee6:43e9 dev eth0.2 table local proto kernel metric 0 pref medium
  430. anycast dd4e:2271:c462:: dev br-lan table local proto kernel metric 0 pref medium
  431. local dd4e:2271:c462::1 dev br-lan table local proto kernel metric 0 pref medium
  432. anycast fd8c:fd18:2c36:c100:: dev eth0.4 table local proto kernel metric 0 pref medium
  433. local fd8c:fd18:2c36:c100:7ea9:6bff:fe37:282e dev eth0.4 table local proto kernel metric 0 pref medium
  434. anycast fdb4:6e08:9357:c200:: dev eth0.3 table local proto kernel metric 0 pref medium
  435. local fdb4:6e08:9357:c200:a02:8eff:fee6:43e7 dev eth0.3 table local proto kernel metric 0 pref medium
  436. anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
  437. anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
  438. anycast fe80:: dev eth0.4 table local proto kernel metric 0 pref medium
  439. anycast fe80:: dev eth0.3 table local proto kernel metric 0 pref medium
  440. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  441. anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
  442. anycast fe80:: dev wlan1 table local proto kernel metric 0 pref medium
  443. local fe80::a02:8eff:fee6:43e7 dev eth0.3 table local proto kernel metric 0 pref medium
  444. local fe80::a02:8eff:fee6:43e8 dev eth0 table local proto kernel metric 0 pref medium
  445. local fe80::a02:8eff:fee6:43e8 dev br-lan table local proto kernel metric 0 pref medium
  446. local fe80::a02:8eff:fee6:43e8 dev wlan0 table local proto kernel metric 0 pref medium
  447. local fe80::a02:8eff:fee6:43e9 dev eth0.2 table local proto kernel metric 0 pref medium
  448. local fe80::a02:8eff:fee6:43ec dev wlan1 table local proto kernel metric 0 pref medium
  449. local fe80::7ea9:6bff:fe37:282e dev eth0.4 table local proto kernel metric 0 pref medium
  450. ff00::/8 dev eth0 table local metric 256 pref medium
  451. ff00::/8 dev br-lan table local metric 256 pref medium
  452. ff00::/8 dev eth0.2 table local metric 256 pref medium
  453. ff00::/8 dev eth0.3 table local metric 256 pref medium
  454. ff00::/8 dev eth0.4 table local metric 256 pref medium
  455. ff00::/8 dev wlan0 table local metric 256 pref medium
  456. ff00::/8 dev wlan1 table local metric 256 pref medium
  457. root@OpenWrt:~# ip -6 rule show
  458. 0: from all lookup local
  459. 1002: from all iif eth0.2 lookup 2
  460. 1004: from all iif eth0.3 lookup 4
  461. 1006: from all iif eth0.4 lookup 6
  462. 2002: from all fwmark 0x200/0x3f00 lookup 2
  463. 2004: from all fwmark 0x400/0x3f00 lookup 4
  464. 2006: from all fwmark 0x600/0x3f00 lookup 6
  465. 2061: from all fwmark 0x3d00/0x3f00 blackhole
  466. 2062: from all fwmark 0x3e00/0x3f00 unreachable
  467. 32766: from all lookup main
  468. 4200000000: from 2001:4490:4409:4ea6::1/64 iif br-lan unreachable
  469. 4200000000: from 2001:4490:4409:5010::1/64 iif br-lan unreachable
  470. 4200000001: from all iif lo failed_policy
  471. 4200000005: from all iif br-lan failed_policy
  472. 4200000007: from all iif eth0.2 failed_policy
  473. 4200000007: from all iif eth0.2 failed_policy
  474. 4200000008: from all iif eth0.3 failed_policy
  475. 4200000008: from all iif eth0.3 failed_policy
  476. 4200000009: from all iif eth0.4 failed_policy
  477. 4200000009: from all iif eth0.4 failed_policy
  478. 4200000009: from all iif eth0.4 failed_policy
  479. root@OpenWrt:~# ip6tables-save -c
  480. # Generated by ip6tables-save v1.8.3 on Thu May 13 02:29:22 2021
  481. *nat
  482. :PREROUTING ACCEPT [70623:7909779]
  483. :INPUT ACCEPT [18475:1631107]
  484. :OUTPUT ACCEPT [67052:6482195]
  485. :POSTROUTING ACCEPT [109855:10728365]
  486. COMMIT
  487. # Completed on Thu May 13 02:29:22 2021
  488. # Generated by ip6tables-save v1.8.3 on Thu May 13 02:29:22 2021
  489. *mangle
  490. :PREROUTING ACCEPT [14373:2225902]
  491. :INPUT ACCEPT [10568:1235553]
  492. :FORWARD ACCEPT [2893:779299]
  493. :OUTPUT ACCEPT [20269:2365271]
  494. :POSTROUTING ACCEPT [23162:3144570]
  495. :mwan3_connected - [0:0]
  496. :mwan3_hook - [0:0]
  497. :mwan3_iface_in_wan6 - [0:0]
  498. :mwan3_iface_in_wanb6 - [0:0]
  499. :mwan3_iface_in_wanc6 - [0:0]
  500. :mwan3_ifaces_in - [0:0]
  501. :mwan3_policy_balanced - [0:0]
  502. :mwan3_policy_wan_only - [0:0]
  503. :mwan3_policy_wan_wanb - [0:0]
  504. :mwan3_policy_wanb_only - [0:0]
  505. :mwan3_policy_wanb_wan - [0:0]
  506. :mwan3_rule_https - [0:0]
  507. :mwan3_rules - [0:0]
  508. [230920:27418384] -A PREROUTING -j mwan3_hook
  509. [2319:185092] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  510. [0:0] -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  511. [0:0] -A FORWARD -o eth0.3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  512. [0:0] -A FORWARD -i eth0.3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  513. [0:0] -A FORWARD -o eth0.4 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  514. [0:0] -A FORWARD -i eth0.4 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  515. [292633:30410939] -A OUTPUT -j mwan3_hook
  516. [132679:16243364] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
  517. [69:3784] -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j RETURN
  518. [3003:391168] -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j RETURN
  519. [175113:12605800] -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
  520. [25510:1644312] -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
  521. [3:504] -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 137 -j RETURN
  522. [31810:3308240] -A mwan3_hook -p ipv6-icmp -m set --match-set mwan3_source_v6 src -m icmp6 --icmpv6-type 128 -j RETURN
  523. [288045:39875515] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
  524. [136235:14181473] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
  525. [100412:10093535] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
  526. [53028:5888077] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
  527. [288045:39875515] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
  528. [171875:23595506] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
  529. [2340:178065] -A mwan3_iface_in_wan6 -i eth0.2 -m set --match-set mwan3_connected_v6 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
  530. [18162:1888848] -A mwan3_iface_in_wan6 -i eth0.2 -m mark --mark 0x0/0x3f00 -m comment --comment wan6 -j MARK --set-xmark 0x200/0x3f00
  531. [0:0] -A mwan3_iface_in_wanb6 -i eth0.3 -m set --match-set mwan3_connected_v6 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
  532. [0:0] -A mwan3_iface_in_wanb6 -i eth0.3 -m mark --mark 0x0/0x3f00 -m comment --comment wanb6 -j MARK --set-xmark 0x400/0x3f00
  533. [5935:1033356] -A mwan3_iface_in_wanc6 -i eth0.4 -m set --match-set mwan3_connected_v6 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
  534. [9304:969494] -A mwan3_iface_in_wanc6 -i eth0.4 -m mark --mark 0x0/0x3f00 -m comment --comment wanc6 -j MARK --set-xmark 0x600/0x3f00
  535. [136217:14179579] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wanb6
  536. [134849:14032759] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wanc6
  537. [118997:11974327] -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wan6
  538. [13582:1563236] -A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m comment --comment "wan6 3 3" -j MARK --set-xmark 0x200/0x3f00
  539. [0:0] -A mwan3_policy_wan_only -m mark --mark 0x0/0x3f00 -m comment --comment "wan6 3 3" -j MARK --set-xmark 0x200/0x3f00
  540. [0:0] -A mwan3_policy_wan_wanb -m mark --mark 0x0/0x3f00 -m comment --comment "wan6 3 3" -j MARK --set-xmark 0x200/0x3f00
  541. [0:0] -A mwan3_policy_wanb_only -o eth0.3 -m mark --mark 0x0/0x3f00 -m comment --comment "out wanb6 eth0.3" -j MARK --set-xmark 0x3f00/0x3f00
  542. [0:0] -A mwan3_policy_wanb_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
  543. [0:0] -A mwan3_policy_wanb_wan -m mark --mark 0x0/0x3f00 -m comment --comment "wan6 3 3" -j MARK --set-xmark 0x200/0x3f00
  544. [2271:181500] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced
  545. [2271:181500] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src
  546. [2271:181500] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src
  547. [2271:181500] -A mwan3_rules -p tcp -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -j mwan3_rule_https
  548. [11310:1381640] -A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced
  549. COMMIT
  550. # Completed on Thu May 13 02:29:22 2021
  551. # Generated by ip6tables-save v1.8.3 on Thu May 13 02:29:22 2021
  552. *filter
  553. :INPUT ACCEPT [0:0]
  554. :FORWARD ACCEPT [0:0]
  555. :OUTPUT ACCEPT [0:0]
  556. :forwarding_lan_rule - [0:0]
  557. :forwarding_rule - [0:0]
  558. :forwarding_wan_rule - [0:0]
  559. :input_lan_rule - [0:0]
  560. :input_rule - [0:0]
  561. :input_wan_rule - [0:0]
  562. :output_lan_rule - [0:0]
  563. :output_rule - [0:0]
  564. :output_wan_rule - [0:0]
  565. :reject - [0:0]
  566. :syn_flood - [0:0]
  567. :zone_lan_dest_ACCEPT - [0:0]
  568. :zone_lan_forward - [0:0]
  569. :zone_lan_input - [0:0]
  570. :zone_lan_output - [0:0]
  571. :zone_lan_src_ACCEPT - [0:0]
  572. :zone_wan_dest_ACCEPT - [0:0]
  573. :zone_wan_dest_REJECT - [0:0]
  574. :zone_wan_forward - [0:0]
  575. :zone_wan_input - [0:0]
  576. :zone_wan_output - [0:0]
  577. :zone_wan_src_REJECT - [0:0]
  578. [338:46904] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  579. [10230:1188649] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  580. [4232:706261] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  581. [2:152] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  582. [4155:342152] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  583. [604:51372] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  584. [93:6480] -A INPUT -i eth0.3 -m comment --comment "!fw3" -j zone_wan_input
  585. [1146:82384] -A INPUT -i eth0.4 -m comment --comment "!fw3" -j zone_wan_input
  586. [2893:779299] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  587. [0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  588. [2893:779299] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  589. [0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  590. [0:0] -A FORWARD -i eth0.3 -m comment --comment "!fw3" -j zone_wan_forward
  591. [0:0] -A FORWARD -i eth0.4 -m comment --comment "!fw3" -j zone_wan_forward
  592. [338:46904] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  593. [19931:2318367] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  594. [5792:1179683] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  595. [1167:82940] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  596. [6741:536255] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  597. [2611:229931] -A OUTPUT -o eth0.3 -m comment --comment "!fw3" -j zone_wan_output
  598. [3620:289558] -A OUTPUT -o eth0.4 -m comment --comment "!fw3" -j zone_wan_output
  599. [0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  600. [0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
  601. [2:152] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  602. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
  603. [1167:82940] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  604. [2893:779299] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  605. [2893:779299] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  606. [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  607. [4155:342152] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  608. [4155:342152] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  609. [1167:82940] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  610. [1167:82940] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  611. [4155:342152] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  612. [0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  613. [9634:1315554] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  614. [0:0] -A zone_wan_dest_ACCEPT -o eth0.3 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  615. [2611:229931] -A zone_wan_dest_ACCEPT -o eth0.3 -m comment --comment "!fw3" -j ACCEPT
  616. [0:0] -A zone_wan_dest_ACCEPT -o eth0.4 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  617. [3620:289558] -A zone_wan_dest_ACCEPT -o eth0.4 -m comment --comment "!fw3" -j ACCEPT
  618. [0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
  619. [0:0] -A zone_wan_dest_REJECT -o eth0.3 -m comment --comment "!fw3" -j reject
  620. [0:0] -A zone_wan_dest_REJECT -o eth0.4 -m comment --comment "!fw3" -j reject
  621. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  622. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  623. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  624. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Zone wan to lan forwarding policy" -j zone_lan_dest_ACCEPT
  625. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  626. [1843:140236] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  627. [0:0] -A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
  628. [155:11780] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  629. [0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  630. [0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  631. [0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
  632. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  633. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  634. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  635. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  636. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  637. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  638. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  639. [0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  640. [1185:85320] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  641. [167:21632] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  642. [336:21504] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
  643. [0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  644. [12972:1055744] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  645. [12972:1055744] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  646. [0:0] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
  647. [0:0] -A zone_wan_src_REJECT -i eth0.3 -m comment --comment "!fw3" -j reject
  648. [0:0] -A zone_wan_src_REJECT -i eth0.4 -m comment --comment "!fw3" -j reject
  649. COMMIT
  650. # Completed on Thu May 13 02:29:22 2021
  651.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!