API tools faq
paste
Guest User

WG Conf

a guest
Mar 6th, 2021
66
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 36.22 KB | None | 0 0
raw download clone embed print report
  1.  
  2. root@OpenWrt-A:~# ubus call system board; uci show network; uci show firewall; u
  3. ci show dhcp; \
  4. > uci show vpn-policy-routing; /etc/init.d/vpn-policy-routing support; \
  5. > ip address show; ip route show table all; ip rule show; iptables-save; \
  6. > wg show; head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
  7. {
  8. "kernel": "5.4.101",
  9. "hostname": "OpenWrt-A",
  10. "system": "MediaTek MT7628AN ver:1 eco:2",
  11. "model": "WAVLINK WL-WN577A2",
  12. "board_name": "wavlink,wl-wn577a2",
  13. "release": {
  14. "distribution": "OpenWrt",
  15. "version": "SNAPSHOT",
  16. "revision": "r16077-785ab2b62c",
  17. "target": "ramips/mt76x8",
  18. "description": "OpenWrt SNAPSHOT r16077-785ab2b62c"
  19. }
  20. }
  21. network.loopback=interface
  22. network.loopback.ifname='lo'
  23. network.loopback.proto='static'
  24. network.loopback.ipaddr='127.0.0.1'
  25. network.loopback.netmask='255.0.0.0'
  26. network.globals=globals
  27. network.globals.ula_prefix='fdb6:1936:f34c::/48'
  28. network.lan=interface
  29. network.lan.type='bridge'
  30. network.lan.ifname='eth0.1'
  31. network.lan.proto='static'
  32. network.lan.ipaddr='192.168.1.1'
  33. network.lan.netmask='255.255.255.0'
  34. network.lan.ip6assign='60'
  35. network.wan=interface
  36. network.wan.ifname='eth0.2'
  37. network.wan.proto='dhcp'
  38. network.wan_eth0_2_dev=device
  39. network.wan_eth0_2_dev.name='eth0.2'
  40. network.wan_eth0_2_dev.macaddr='80:3f:5d:bc:fa:e4'
  41. network.wan6=interface
  42. network.wan6.ifname='eth0.2'
  43. network.wan6.proto='dhcpv6'
  44. network.@switch[0]=switch
  45. network.@switch[0].name='switch0'
  46. network.@switch[0].reset='1'
  47. network.@switch[0].enable_vlan='1'
  48. network.@switch_vlan[0]=switch_vlan
  49. network.@switch_vlan[0].device='switch0'
  50. network.@switch_vlan[0].vlan='1'
  51. network.@switch_vlan[0].ports='3 6t'
  52. network.@switch_vlan[1]=switch_vlan
  53. network.@switch_vlan[1].device='switch0'
  54. network.@switch_vlan[1].vlan='2'
  55. network.@switch_vlan[1].ports='4 6t'
  56. network.wifi1=interface
  57. network.wifi1.proto='static'
  58. network.wifi1.ipaddr='192.168.10.1'
  59. network.wifi1.netmask='255.255.255.0'
  60. network.wifi2=interface
  61. network.wifi2.proto='static'
  62. network.wifi2.netmask='255.255.255.0'
  63. network.wifi2.ipaddr='192.168.30.1'
  64. network.wg0=interface
  65. network.wg0.proto='wireguard'
  66. network.wg0.private_key='xxx'
  67. network.wg0.addresses='x.x.x.16/32'
  68. network.@wireguard_wg0[0]=wireguard_wg0
  69. network.@wireguard_wg0[0].public_key='xxxx'
  70. network.@wireguard_wg0[0].endpoint_host='xxx.xxx.de'
  71. network.@wireguard_wg0[0].endpoint_port='yyyyy'
  72. network.@wireguard_wg0[0].persistent_keepalive='25'
  73. network.@wireguard_wg0[0].allowed_ips='0.0.0.0/0' '::/0'
  74. network.wifi1a=interface
  75. network.wifi1a.proto='static'
  76. network.wifi1a.netmask='255.255.255.0'
  77. network.wifi1a.ipaddr='192.168.20.1'
  78. firewall.@defaults[0]=defaults
  79. firewall.@defaults[0].input='ACCEPT'
  80. firewall.@defaults[0].output='ACCEPT'
  81. firewall.@defaults[0].forward='REJECT'
  82. firewall.@defaults[0].synflood_protect='1'
  83. firewall.@zone[0]=zone
  84. firewall.@zone[0].name='lan'
  85. firewall.@zone[0].input='ACCEPT'
  86. firewall.@zone[0].output='ACCEPT'
  87. firewall.@zone[0].forward='ACCEPT'
  88. firewall.@zone[0].network='lan'
  89. firewall.@zone[1]=zone
  90. firewall.@zone[1].name='wifi1a'
  91. firewall.@zone[1].input='ACCEPT'
  92. firewall.@zone[1].output='ACCEPT'
  93. firewall.@zone[1].forward='REJECT'
  94. firewall.@zone[1].network='wifi1a'
  95. firewall.@zone[2]=zone
  96. firewall.@zone[2].name='wifi2'
  97. firewall.@zone[2].input='ACCEPT'
  98. firewall.@zone[2].output='ACCEPT'
  99. firewall.@zone[2].forward='ACCEPT'
  100. firewall.@zone[2].network='wifi2'
  101. firewall.@zone[3]=zone
  102. firewall.@zone[3].name='wan'
  103. firewall.@zone[3].input='REJECT'
  104. firewall.@zone[3].output='ACCEPT'
  105. firewall.@zone[3].forward='REJECT'
  106. firewall.@zone[3].masq='1'
  107. firewall.@zone[3].mtu_fix='1'
  108. firewall.@zone[3].network='wan' 'wan6'
  109. firewall.@forwarding[0]=forwarding
  110. firewall.@forwarding[0].src='lan'
  111. firewall.@forwarding[0].dest='wan'
  112. firewall.@rule[0]=rule
  113. firewall.@rule[0].name='Allow-DHCP-Renew'
  114. firewall.@rule[0].src='wan'
  115. firewall.@rule[0].proto='udp'
  116. firewall.@rule[0].dest_port='68'
  117. firewall.@rule[0].target='ACCEPT'
  118. firewall.@rule[0].family='ipv4'
  119. firewall.@rule[1]=rule
  120. firewall.@rule[1].name='Allow-Ping'
  121. firewall.@rule[1].src='wan'
  122. firewall.@rule[1].proto='icmp'
  123. firewall.@rule[1].icmp_type='echo-request'
  124. firewall.@rule[1].family='ipv4'
  125. firewall.@rule[1].target='ACCEPT'
  126. firewall.@rule[2]=rule
  127. firewall.@rule[2].name='Allow-IGMP'
  128. firewall.@rule[2].src='wan'
  129. firewall.@rule[2].proto='igmp'
  130. firewall.@rule[2].family='ipv4'
  131. firewall.@rule[2].target='ACCEPT'
  132. firewall.@rule[3]=rule
  133. firewall.@rule[3].name='Allow-DHCPv6'
  134. firewall.@rule[3].src='wan'
  135. firewall.@rule[3].proto='udp'
  136. firewall.@rule[3].src_ip='fc00::/6'
  137. firewall.@rule[3].dest_ip='fc00::/6'
  138. firewall.@rule[3].dest_port='546'
  139. firewall.@rule[3].family='ipv6'
  140. firewall.@rule[3].target='ACCEPT'
  141. firewall.@rule[4]=rule
  142. firewall.@rule[4].name='Allow-MLD'
  143. firewall.@rule[4].src='wan'
  144. firewall.@rule[4].proto='icmp'
  145. firewall.@rule[4].src_ip='fe80::/10'
  146. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  147. firewall.@rule[4].family='ipv6'
  148. firewall.@rule[4].target='ACCEPT'
  149. firewall.@rule[5]=rule
  150. firewall.@rule[5].name='Allow-ICMPv6-Input'
  151. firewall.@rule[5].src='wan'
  152. firewall.@rule[5].proto='icmp'
  153. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  154. firewall.@rule[5].limit='1000/sec'
  155. firewall.@rule[5].family='ipv6'
  156. firewall.@rule[5].target='ACCEPT'
  157. firewall.@rule[6]=rule
  158. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  159. firewall.@rule[6].src='wan'
  160. firewall.@rule[6].dest='*'
  161. firewall.@rule[6].proto='icmp'
  162. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  163. firewall.@rule[6].limit='1000/sec'
  164. firewall.@rule[6].family='ipv6'
  165. firewall.@rule[6].target='ACCEPT'
  166. firewall.@rule[7]=rule
  167. firewall.@rule[7].name='Allow-IPSec-ESP'
  168. firewall.@rule[7].src='wan'
  169. firewall.@rule[7].dest='lan'
  170. firewall.@rule[7].proto='esp'
  171. firewall.@rule[7].target='ACCEPT'
  172. firewall.@rule[8]=rule
  173. firewall.@rule[8].name='Allow-ISAKMP'
  174. firewall.@rule[8].src='wan'
  175. firewall.@rule[8].dest='lan'
  176. firewall.@rule[8].dest_port='500'
  177. firewall.@rule[8].proto='udp'
  178. firewall.@rule[8].target='ACCEPT'
  179. firewall.@rule[9]=rule
  180. firewall.@rule[9].name='Support-UDP-Traceroute'
  181. firewall.@rule[9].src='wan'
  182. firewall.@rule[9].dest_port='33434:33689'
  183. firewall.@rule[9].proto='udp'
  184. firewall.@rule[9].family='ipv4'
  185. firewall.@rule[9].target='REJECT'
  186. firewall.@rule[9].enabled='0'
  187. firewall.@include[0]=include
  188. firewall.@include[0].path='/etc/firewall.user'
  189. firewall.@rule[10]=rule
  190. firewall.@rule[10].dest_port='80'
  191. firewall.@rule[10].src='wan'
  192. firewall.@rule[10].name='Allow-Web-WAN'
  193. firewall.@rule[10].target='ACCEPT'
  194. firewall.@rule[11]=rule
  195. firewall.@rule[11].dest_port='443'
  196. firewall.@rule[11].src='wan'
  197. firewall.@rule[11].name='Allow-SSL-WAN'
  198. firewall.@rule[11].target='ACCEPT'
  199. firewall.@rule[12]=rule
  200. firewall.@rule[12].dest_port='22'
  201. firewall.@rule[12].src='wan'
  202. firewall.@rule[12].name='Allow-SSH-WAN'
  203. firewall.@rule[12].target='ACCEPT'
  204. firewall.@zone[4]=zone
  205. firewall.@zone[4].name='wifi1'
  206. firewall.@zone[4].input='ACCEPT'
  207. firewall.@zone[4].output='ACCEPT'
  208. firewall.@zone[4].forward='ACCEPT'
  209. firewall.@zone[4].network='wifi1'
  210. firewall.@forwarding[1]=forwarding
  211. firewall.@forwarding[1].src='wifi2'
  212. firewall.@forwarding[1].dest='wan'
  213. firewall.@zone[5]=zone
  214. firewall.@zone[5].name='wg0'
  215. firewall.@zone[5].input='REJECT'
  216. firewall.@zone[5].output='ACCEPT'
  217. firewall.@zone[5].forward='REJECT'
  218. firewall.@zone[5].network='wg0'
  219. firewall.@forwarding[2]=forwarding
  220. firewall.@forwarding[2].src='wifi1'
  221. firewall.@forwarding[2].dest='wg0'
  222. firewall.@forwarding[3]=forwarding
  223. firewall.@forwarding[3].src='wifi1a'
  224. firewall.@forwarding[3].dest='wan'
  225. dhcp.@dnsmasq[0]=dnsmasq
  226. dhcp.@dnsmasq[0].domainneeded='1'
  227. dhcp.@dnsmasq[0].boguspriv='1'
  228. dhcp.@dnsmasq[0].filterwin2k='0'
  229. dhcp.@dnsmasq[0].localise_queries='1'
  230. dhcp.@dnsmasq[0].rebind_protection='1'
  231. dhcp.@dnsmasq[0].rebind_localhost='1'
  232. dhcp.@dnsmasq[0].local='/lan/'
  233. dhcp.@dnsmasq[0].domain='lan'
  234. dhcp.@dnsmasq[0].expandhosts='1'
  235. dhcp.@dnsmasq[0].nonegcache='0'
  236. dhcp.@dnsmasq[0].authoritative='1'
  237. dhcp.@dnsmasq[0].readethers='1'
  238. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  239. dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
  240. dhcp.@dnsmasq[0].nonwildcard='1'
  241. dhcp.@dnsmasq[0].localservice='1'
  242. dhcp.@dnsmasq[0].ednspacket_max='1232'
  243. dhcp.lan=dhcp
  244. dhcp.lan.interface='lan'
  245. dhcp.lan.start='100'
  246. dhcp.lan.limit='150'
  247. dhcp.lan.leasetime='12h'
  248. dhcp.lan.dhcpv4='server'
  249. dhcp.lan.dhcpv6='server'
  250. dhcp.lan.ra='server'
  251. dhcp.lan.ra_slaac='1'
  252. dhcp.lan.ra_flags='managed-config' 'other-config'
  253. dhcp.wan=dhcp
  254. dhcp.wan.interface='wan'
  255. dhcp.wan.ignore='1'
  256. dhcp.odhcpd=odhcpd
  257. dhcp.odhcpd.maindhcp='0'
  258. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  259. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  260. dhcp.odhcpd.loglevel='4'
  261. dhcp.wifi1=dhcp
  262. dhcp.wifi1.interface='wifi1'
  263. dhcp.wifi1.start='100'
  264. dhcp.wifi1.limit='150'
  265. dhcp.wifi1.leasetime='12h'
  266. dhcp.wifi2=dhcp
  267. dhcp.wifi2.interface='wifi2'
  268. dhcp.wifi2.start='100'
  269. dhcp.wifi2.limit='150'
  270. dhcp.wifi2.leasetime='12h'
  271. dhcp.wifi1a=dhcp
  272. dhcp.wifi1a.interface='wifi1a'
  273. dhcp.wifi1a.start='100'
  274. dhcp.wifi1a.limit='150'
  275. dhcp.wifi1a.leasetime='12h'
  276. vpn-policy-routing.config=vpn-policy-routing
  277. vpn-policy-routing.config.verbosity='2'
  278. vpn-policy-routing.config.strict_enforcement='1'
  279. vpn-policy-routing.config.src_ipset='0'
  280. vpn-policy-routing.config.resolver_ipset='dnsmasq.ipset'
  281. vpn-policy-routing.config.ipv6_enabled='0'
  282. vpn-policy-routing.config.ignored_interface='vpnserver wgserver'
  283. vpn-policy-routing.config.boot_timeout='30'
  284. vpn-policy-routing.config.iptables_rule_option='append'
  285. vpn-policy-routing.config.procd_reload_delay='1'
  286. vpn-policy-routing.config.webui_chain_column='0'
  287. vpn-policy-routing.config.webui_show_ignore_target='0'
  288. vpn-policy-routing.config.webui_sorting='1'
  289. vpn-policy-routing.config.webui_supported_protocol='tcp' 'udp' 'tcp udp' 'icmp' 'all'
  290. vpn-policy-routing.config.enabled='1'
  291. vpn-policy-routing.config.webui_enable_column='1'
  292. vpn-policy-routing.config.webui_protocol_column='1'
  293. vpn-policy-routing.@include[0]=include
  294. vpn-policy-routing.@include[0].path='/etc/vpn-policy-routing.netflix.user'
  295. vpn-policy-routing.@include[0].enabled='0'
  296. vpn-policy-routing.@include[1]=include
  297. vpn-policy-routing.@include[1].path='/etc/vpn-policy-routing.aws.user'
  298. vpn-policy-routing.@include[1].enabled='0'
  299. vpn-policy-routing.lan_vpn=policy
  300. vpn-policy-routing.lan_vpn.src_addr='192.168.0.1/24'
  301. vpn-policy-routing.lan_vpn.dest_addr='!192.168.0.1/24'
  302. vpn-policy-routing.lan_vpn.interface='wg0'
  303. vpn-policy-routing 0.3.2-18 running on OpenWrt SNAPSHOT.
  304. ============================================================
  305. Dnsmasq version 2.84 Copyright (c) 2000-2021 Simon Kelley
  306. Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
  307. ============================================================
  308. Routes/IP Rules
  309. default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0.2
  310.  
  311. IPv4 Table 201: default via 192.168.0.1 dev eth0.2
  312. 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
  313. 192.168.10.0/24 dev wlan0 proto kernel scope link src 192.168.10.1
  314. 192.168.30.0/24 dev wlan1 proto kernel scope link src 192.168.30.1
  315. IPv4 Table 201 Rules:
  316. 32765: from all fwmark 0x10000/0xff0000 lookup wan
  317.  
  318. IPv4 Table 202: default via 10.0.0.16 dev wg0
  319. 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
  320. 192.168.10.0/24 dev wlan0 proto kernel scope link src 192.168.10.1
  321. 192.168.30.0/24 dev wlan1 proto kernel scope link src 192.168.30.1
  322. IPv4 Table 202 Rules:
  323. 32764: from all fwmark 0x20000/0xff0000 lookup wg0
  324. ============================================================
  325. Mangle IP Table: PREROUTING
  326. -N VPR_PREROUTING
  327. -A VPR_PREROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -m comment --comment blank -c 114 9442 -g VPR_MARK0x020000
  328. ============================================================
  329. Mangle IP Table MARK Chain: VPR_MARK0x010000
  330. -N VPR_MARK0x010000
  331. -A VPR_MARK0x010000 -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
  332. -A VPR_MARK0x010000 -c 0 0 -j RETURN
  333. ============================================================
  334. Mangle IP Table MARK Chain: VPR_MARK0x020000
  335. -N VPR_MARK0x020000
  336. -A VPR_MARK0x020000 -c 114 9442 -j MARK --set-xmark 0x20000/0xff0000
  337. -A VPR_MARK0x020000 -c 114 9442 -j RETURN
  338. ============================================================
  339. Current ipsets
  340. ============================================================
  341. Your support details have been logged to '/var/vpn-policy-routing-support'. [✓]
  342. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  343. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  344. inet 127.0.0.1/8 scope host lo
  345. valid_lft forever preferred_lft forever
  346. inet6 ::1/128 scope host
  347. valid_lft forever preferred_lft forever
  348. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
  349. link/ether 80:3f:5d:bc:fa:e3 brd ff:ff:ff:ff:ff:ff
  350. inet6 fe80::823f:5dff:febc:fae3/64 scope link
  351. valid_lft forever preferred_lft forever
  352. 6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  353. link/ether 80:3f:5d:bc:fa:e3 brd ff:ff:ff:ff:ff:ff
  354. inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
  355. valid_lft forever preferred_lft forever
  356. inet6 fdb6:1936:f34c::1/60 scope global noprefixroute
  357. valid_lft forever preferred_lft forever
  358. inet6 fe80::823f:5dff:febc:fae3/64 scope link
  359. valid_lft forever preferred_lft forever
  360. 7: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  361. link/ether 80:3f:5d:bc:fa:e3 brd ff:ff:ff:ff:ff:ff
  362. 8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  363. link/ether 80:3f:5d:bc:fa:e4 brd ff:ff:ff:ff:ff:ff
  364. inet 192.168.0.171/24 brd 192.168.0.255 scope global eth0.2
  365. valid_lft forever preferred_lft forever
  366. inet6 2a02:810a:900:2390:823f:5dff:febc:fae4/64 scope global dynamic noprefixroute
  367. valid_lft 6882sec preferred_lft 3282sec
  368. inet6 fe80::823f:5dff:febc:fae4/64 scope link
  369. valid_lft forever preferred_lft forever
  370. 9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
  371. link/none
  372. inet x.x.x.16/32 brd 255.255.255.255 scope global wg0
  373. valid_lft forever preferred_lft forever
  374. 10: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  375. link/ether 80:3f:5d:bc:fa:e5 brd ff:ff:ff:ff:ff:ff
  376. inet 192.168.10.1/24 brd 192.168.10.255 scope global wlan0
  377. valid_lft forever preferred_lft forever
  378. inet6 fe80::823f:5dff:febc:fae5/64 scope link
  379. valid_lft forever preferred_lft forever
  380. 11: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  381. link/ether 80:3f:5d:bc:fa:e6 brd ff:ff:ff:ff:ff:ff
  382. inet 192.168.30.1/24 brd 192.168.30.255 scope global wlan1
  383. valid_lft forever preferred_lft forever
  384. inet6 fe80::823f:5dff:febc:fae6/64 scope link
  385. valid_lft forever preferred_lft forever
  386. default via 192.168.0.1 dev eth0.2 table wan
  387. 192.168.1.0/24 dev br-lan table wan proto kernel scope link src 192.168.1.1
  388. 192.168.10.0/24 dev wlan0 table wan proto kernel scope link src 192.168.10.1
  389. 192.168.30.0/24 dev wlan1 table wan proto kernel scope link src 192.168.30.1
  390. default via 10.0.0.16 dev wg0 table wg0
  391. 192.168.1.0/24 dev br-lan table wg0 proto kernel scope link src 192.168.1.1
  392. 192.168.10.0/24 dev wlan0 table wg0 proto kernel scope link src 192.168.10.1
  393. 192.168.30.0/24 dev wlan1 table wg0 proto kernel scope link src 192.168.30.1
  394. default via 192.168.0.1 dev eth0.2 proto static src 192.168.0.171
  395. 95.90.25.9 via 192.168.0.1 dev eth0.2 proto static
  396. 192.168.0.0/24 dev eth0.2 proto kernel scope link src 192.168.0.171
  397. 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
  398. 192.168.10.0/24 dev wlan0 proto kernel scope link src 192.168.10.1
  399. 192.168.30.0/24 dev wlan1 proto kernel scope link src 192.168.30.1
  400. local 10.0.0.16 dev wg0 table local proto kernel scope host src 10.0.0.16
  401. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  402. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  403. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  404. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  405. broadcast 192.168.0.0 dev eth0.2 table local proto kernel scope link src 192.168.0.171
  406. local 192.168.0.171 dev eth0.2 table local proto kernel scope host src 192.168.0.171
  407. broadcast 192.168.0.255 dev eth0.2 table local proto kernel scope link src 192.168.0.171
  408. broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
  409. local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
  410. broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
  411. broadcast 192.168.10.0 dev wlan0 table local proto kernel scope link src 192.168.10.1
  412. local 192.168.10.1 dev wlan0 table local proto kernel scope host src 192.168.10.1
  413. broadcast 192.168.10.255 dev wlan0 table local proto kernel scope link src 192.168.10.1
  414. broadcast 192.168.30.0 dev wlan1 table local proto kernel scope link src 192.168.30.1
  415. local 192.168.30.1 dev wlan1 table local proto kernel scope host src 192.168.30.1
  416. broadcast 192.168.30.255 dev wlan1 table local proto kernel scope link src 192.168.30.1
  417. default from 2a02:810a:900:2390::/64 via fe80::ca0e:14ff:fedd:5e4 dev eth0.2 proto static metric 512 pref medium
  418. 2a02:810a:900:2390::/64 dev eth0.2 proto static metric 256 pref medium
  419. 2a02:810a:900:2390::/64 via fe80::ca0e:14ff:fedd:5e4 dev eth0.2 proto static metric 512 pref medium
  420. unreachable 2a02:810a:900:2390::/64 dev lo proto static metric 2147483647 pref medium
  421. fdb6:1936:f34c::/64 dev br-lan proto static metric 1024 pref medium
  422. unreachable fdb6:1936:f34c::/48 dev lo proto static metric 2147483647 pref medium
  423. fe80::/64 dev eth0 proto kernel metric 256 pref medium
  424. fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
  425. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  426. fe80::/64 dev wlan1 proto kernel metric 256 pref medium
  427. fe80::/64 dev wlan0 proto kernel metric 256 pref medium
  428. local ::1 dev lo table local proto kernel metric 0 pref medium
  429. anycast 2a02:810a:900:2390:: dev eth0.2 table local proto kernel metric 0 pref medium
  430. local 2a02:810a:900:2390:823f:5dff:febc:fae4 dev eth0.2 table local proto kernel metric 0 pref medium
  431. anycast fdb6:1936:f34c:: dev br-lan table local proto kernel metric 0 pref medium
  432. local fdb6:1936:f34c::1 dev br-lan table local proto kernel metric 0 pref medium
  433. anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
  434. anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
  435. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  436. anycast fe80:: dev wlan1 table local proto kernel metric 0 pref medium
  437. anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
  438. local fe80::823f:5dff:febc:fae3 dev eth0 table local proto kernel metric 0 pref medium
  439. local fe80::823f:5dff:febc:fae3 dev br-lan table local proto kernel metric 0 pref medium
  440. local fe80::823f:5dff:febc:fae4 dev eth0.2 table local proto kernel metric 0 pref medium
  441. local fe80::823f:5dff:febc:fae5 dev wlan0 table local proto kernel metric 0 pref medium
  442. local fe80::823f:5dff:febc:fae6 dev wlan1 table local proto kernel metric 0 pref medium
  443. multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
  444. multicast ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
  445. multicast ff00::/8 dev eth0.2 table local proto kernel metric 256 pref medium
  446. multicast ff00::/8 dev wg0 table local proto kernel metric 256 pref medium
  447. multicast ff00::/8 dev wlan1 table local proto kernel metric 256 pref medium
  448. multicast ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
  449. 0: from all lookup local
  450. 32764: from all fwmark 0x20000/0xff0000 lookup wg0
  451. 32765: from all fwmark 0x10000/0xff0000 lookup wan
  452. 32766: from all lookup main
  453. 32767: from all lookup default
  454. # Generated by iptables-save v1.8.7 on Sat Mar 6 18:27:44 2021
  455. *nat
  456. :PREROUTING ACCEPT [1370:135692]
  457. :INPUT ACCEPT [208:14272]
  458. :OUTPUT ACCEPT [182:13876]
  459. :POSTROUTING ACCEPT [527:22222]
  460. :postrouting_lan_rule - [0:0]
  461. :postrouting_rule - [0:0]
  462. :postrouting_wan_rule - [0:0]
  463. :postrouting_wg0_rule - [0:0]
  464. :postrouting_wifi1_rule - [0:0]
  465. :postrouting_wifi1a_rule - [0:0]
  466. :postrouting_wifi2_rule - [0:0]
  467. :prerouting_lan_rule - [0:0]
  468. :prerouting_rule - [0:0]
  469. :prerouting_wan_rule - [0:0]
  470. :prerouting_wg0_rule - [0:0]
  471. :prerouting_wifi1_rule - [0:0]
  472. :prerouting_wifi1a_rule - [0:0]
  473. :prerouting_wifi2_rule - [0:0]
  474. :zone_lan_postrouting - [0:0]
  475. :zone_lan_prerouting - [0:0]
  476. :zone_wan_postrouting - [0:0]
  477. :zone_wan_prerouting - [0:0]
  478. :zone_wg0_postrouting - [0:0]
  479. :zone_wg0_prerouting - [0:0]
  480. :zone_wifi1_postrouting - [0:0]
  481. :zone_wifi1_prerouting - [0:0]
  482. :zone_wifi1a_postrouting - [0:0]
  483. :zone_wifi1a_prerouting - [0:0]
  484. :zone_wifi2_postrouting - [0:0]
  485. :zone_wifi2_prerouting - [0:0]
  486. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  487. -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  488. -A PREROUTING -i wlan1 -m comment --comment "!fw3" -j zone_wifi2_prerouting
  489. -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
  490. -A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_wifi1_prerouting
  491. -A PREROUTING -i wg0 -m comment --comment "!fw3" -j zone_wg0_prerouting
  492. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  493. -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  494. -A POSTROUTING -o wlan1 -m comment --comment "!fw3" -j zone_wifi2_postrouting
  495. -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
  496. -A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_wifi1_postrouting
  497. -A POSTROUTING -o wg0 -m comment --comment "!fw3" -j zone_wg0_postrouting
  498. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  499. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  500. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  501. -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  502. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  503. -A zone_wg0_postrouting -m comment --comment "!fw3: Custom wg0 postrouting rule chain" -j postrouting_wg0_rule
  504. -A zone_wg0_prerouting -m comment --comment "!fw3: Custom wg0 prerouting rule chain" -j prerouting_wg0_rule
  505. -A zone_wifi1_postrouting -m comment --comment "!fw3: Custom wifi1 postrouting rule chain" -j postrouting_wifi1_rule
  506. -A zone_wifi1_prerouting -m comment --comment "!fw3: Custom wifi1 prerouting rule chain" -j prerouting_wifi1_rule
  507. -A zone_wifi1a_postrouting -m comment --comment "!fw3: Custom wifi1a postrouting rule chain" -j postrouting_wifi1a_rule
  508. -A zone_wifi1a_prerouting -m comment --comment "!fw3: Custom wifi1a prerouting rule chain" -j prerouting_wifi1a_rule
  509. -A zone_wifi2_postrouting -m comment --comment "!fw3: Custom wifi2 postrouting rule chain" -j postrouting_wifi2_rule
  510. -A zone_wifi2_prerouting -m comment --comment "!fw3: Custom wifi2 prerouting rule chain" -j prerouting_wifi2_rule
  511. COMMIT
  512. # Completed on Sat Mar 6 18:27:44 2021
  513. # Generated by iptables-save v1.8.7 on Sat Mar 6 18:27:44 2021
  514. *mangle
  515. :PREROUTING ACCEPT [11452:3666342]
  516. :INPUT ACCEPT [1231:119626]
  517. :FORWARD ACCEPT [9777:3470780]
  518. :OUTPUT ACCEPT [1692:258758]
  519. :POSTROUTING ACCEPT [10955:3703110]
  520. :VPR_MARK0x010000 - [0:0]
  521. :VPR_MARK0x020000 - [0:0]
  522. :VPR_PREROUTING - [0:0]
  523. -A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
  524. -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  525. -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  526. -A VPR_MARK0x010000 -j MARK --set-xmark 0x10000/0xff0000
  527. -A VPR_MARK0x010000 -j RETURN
  528. -A VPR_MARK0x020000 -j MARK --set-xmark 0x20000/0xff0000
  529. -A VPR_MARK0x020000 -j RETURN
  530. -A VPR_PREROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -m comment --comment blank -g VPR_MARK0x020000
  531. COMMIT
  532. # Completed on Sat Mar 6 18:27:44 2021
  533. # Generated by iptables-save v1.8.7 on Sat Mar 6 18:27:44 2021
  534. *filter
  535. :INPUT ACCEPT [0:0]
  536. :FORWARD DROP [0:0]
  537. :OUTPUT ACCEPT [0:0]
  538. :forwarding_lan_rule - [0:0]
  539. :forwarding_rule - [0:0]
  540. :forwarding_wan_rule - [0:0]
  541. :forwarding_wg0_rule - [0:0]
  542. :forwarding_wifi1_rule - [0:0]
  543. :forwarding_wifi1a_rule - [0:0]
  544. :forwarding_wifi2_rule - [0:0]
  545. :input_lan_rule - [0:0]
  546. :input_rule - [0:0]
  547. :input_wan_rule - [0:0]
  548. :input_wg0_rule - [0:0]
  549. :input_wifi1_rule - [0:0]
  550. :input_wifi1a_rule - [0:0]
  551. :input_wifi2_rule - [0:0]
  552. :output_lan_rule - [0:0]
  553. :output_rule - [0:0]
  554. :output_wan_rule - [0:0]
  555. :output_wg0_rule - [0:0]
  556. :output_wifi1_rule - [0:0]
  557. :output_wifi1a_rule - [0:0]
  558. :output_wifi2_rule - [0:0]
  559. :reject - [0:0]
  560. :syn_flood - [0:0]
  561. :zone_lan_dest_ACCEPT - [0:0]
  562. :zone_lan_forward - [0:0]
  563. :zone_lan_input - [0:0]
  564. :zone_lan_output - [0:0]
  565. :zone_lan_src_ACCEPT - [0:0]
  566. :zone_wan_dest_ACCEPT - [0:0]
  567. :zone_wan_dest_REJECT - [0:0]
  568. :zone_wan_forward - [0:0]
  569. :zone_wan_input - [0:0]
  570. :zone_wan_output - [0:0]
  571. :zone_wan_src_REJECT - [0:0]
  572. :zone_wg0_dest_ACCEPT - [0:0]
  573. :zone_wg0_dest_REJECT - [0:0]
  574. :zone_wg0_forward - [0:0]
  575. :zone_wg0_input - [0:0]
  576. :zone_wg0_output - [0:0]
  577. :zone_wg0_src_REJECT - [0:0]
  578. :zone_wifi1_dest_ACCEPT - [0:0]
  579. :zone_wifi1_forward - [0:0]
  580. :zone_wifi1_input - [0:0]
  581. :zone_wifi1_output - [0:0]
  582. :zone_wifi1_src_ACCEPT - [0:0]
  583. :zone_wifi1a_dest_ACCEPT - [0:0]
  584. :zone_wifi1a_dest_REJECT - [0:0]
  585. :zone_wifi1a_forward - [0:0]
  586. :zone_wifi1a_input - [0:0]
  587. :zone_wifi1a_output - [0:0]
  588. :zone_wifi1a_src_ACCEPT - [0:0]
  589. :zone_wifi2_dest_ACCEPT - [0:0]
  590. :zone_wifi2_forward - [0:0]
  591. :zone_wifi2_input - [0:0]
  592. :zone_wifi2_output - [0:0]
  593. :zone_wifi2_src_ACCEPT - [0:0]
  594. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  595. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  596. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  597. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  598. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  599. -A INPUT -i wlan1 -m comment --comment "!fw3" -j zone_wifi2_input
  600. -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  601. -A INPUT -i wlan0 -m comment --comment "!fw3" -j zone_wifi1_input
  602. -A INPUT -i wg0 -m comment --comment "!fw3" -j zone_wg0_input
  603. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  604. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  605. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  606. -A FORWARD -i wlan1 -m comment --comment "!fw3" -j zone_wifi2_forward
  607. -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  608. -A FORWARD -i wlan0 -m comment --comment "!fw3" -j zone_wifi1_forward
  609. -A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_wg0_forward
  610. -A FORWARD -m comment --comment "!fw3" -j reject
  611. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  612. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  613. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  614. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  615. -A OUTPUT -o wlan1 -m comment --comment "!fw3" -j zone_wifi2_output
  616. -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  617. -A OUTPUT -o wlan0 -m comment --comment "!fw3" -j zone_wifi1_output
  618. -A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_wg0_output
  619. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  620. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  621. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  622. -A syn_flood -m comment --comment "!fw3" -j DROP
  623. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  624. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  625. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  626. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  627. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  628. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  629. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  630. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  631. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  632. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  633. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  634. -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  635. -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  636. -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
  637. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  638. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  639. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  640. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  641. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  642. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  643. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  644. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  645. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  646. -A zone_wan_input -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Allow-Web-WAN" -j ACCEPT
  647. -A zone_wan_input -p udp -m udp --dport 80 -m comment --comment "!fw3: Allow-Web-WAN" -j ACCEPT
  648. -A zone_wan_input -p tcp -m tcp --dport 443 -m comment --comment "!fw3: Allow-SSL-WAN" -j ACCEPT
  649. -A zone_wan_input -p udp -m udp --dport 443 -m comment --comment "!fw3: Allow-SSL-WAN" -j ACCEPT
  650. -A zone_wan_input -p tcp -m tcp --dport 22 -m comment --comment "!fw3: Allow-SSH-WAN" -j ACCEPT
  651. -A zone_wan_input -p udp -m udp --dport 22 -m comment --comment "!fw3: Allow-SSH-WAN" -j ACCEPT
  652. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  653. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  654. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  655. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  656. -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
  657. -A zone_wg0_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
  658. -A zone_wg0_dest_REJECT -o wg0 -m comment --comment "!fw3" -j reject
  659. -A zone_wg0_forward -m comment --comment "!fw3: Custom wg0 forwarding rule chain" -j forwarding_wg0_rule
  660. -A zone_wg0_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  661. -A zone_wg0_forward -m comment --comment "!fw3" -j zone_wg0_dest_REJECT
  662. -A zone_wg0_input -m comment --comment "!fw3: Custom wg0 input rule chain" -j input_wg0_rule
  663. -A zone_wg0_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  664. -A zone_wg0_input -m comment --comment "!fw3" -j zone_wg0_src_REJECT
  665. -A zone_wg0_output -m comment --comment "!fw3: Custom wg0 output rule chain" -j output_wg0_rule
  666. -A zone_wg0_output -m comment --comment "!fw3" -j zone_wg0_dest_ACCEPT
  667. -A zone_wg0_src_REJECT -i wg0 -m comment --comment "!fw3" -j reject
  668. -A zone_wifi1_dest_ACCEPT -o wlan0 -m comment --comment "!fw3" -j ACCEPT
  669. -A zone_wifi1_forward -m comment --comment "!fw3: Custom wifi1 forwarding rule chain" -j forwarding_wifi1_rule
  670. -A zone_wifi1_forward -m comment --comment "!fw3: Zone wifi1 to wg0 forwarding policy" -j zone_wg0_dest_ACCEPT
  671. -A zone_wifi1_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  672. -A zone_wifi1_forward -m comment --comment "!fw3" -j zone_wifi1_dest_ACCEPT
  673. -A zone_wifi1_input -m comment --comment "!fw3: Custom wifi1 input rule chain" -j input_wifi1_rule
  674. -A zone_wifi1_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  675. -A zone_wifi1_input -m comment --comment "!fw3" -j zone_wifi1_src_ACCEPT
  676. -A zone_wifi1_output -m comment --comment "!fw3: Custom wifi1 output rule chain" -j output_wifi1_rule
  677. -A zone_wifi1_output -m comment --comment "!fw3" -j zone_wifi1_dest_ACCEPT
  678. -A zone_wifi1_src_ACCEPT -i wlan0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  679. -A zone_wifi1a_forward -m comment --comment "!fw3: Custom wifi1a forwarding rule chain" -j forwarding_wifi1a_rule
  680. -A zone_wifi1a_forward -m comment --comment "!fw3: Zone wifi1a to wan forwarding policy" -j zone_wan_dest_ACCEPT
  681. -A zone_wifi1a_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  682. -A zone_wifi1a_forward -m comment --comment "!fw3" -j zone_wifi1a_dest_REJECT
  683. -A zone_wifi1a_input -m comment --comment "!fw3: Custom wifi1a input rule chain" -j input_wifi1a_rule
  684. -A zone_wifi1a_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  685. -A zone_wifi1a_input -m comment --comment "!fw3" -j zone_wifi1a_src_ACCEPT
  686. -A zone_wifi1a_output -m comment --comment "!fw3: Custom wifi1a output rule chain" -j output_wifi1a_rule
  687. -A zone_wifi1a_output -m comment --comment "!fw3" -j zone_wifi1a_dest_ACCEPT
  688. -A zone_wifi2_dest_ACCEPT -o wlan1 -m comment --comment "!fw3" -j ACCEPT
  689. -A zone_wifi2_forward -m comment --comment "!fw3: Custom wifi2 forwarding rule chain" -j forwarding_wifi2_rule
  690. -A zone_wifi2_forward -m comment --comment "!fw3: Zone wifi2 to wan forwarding policy" -j zone_wan_dest_ACCEPT
  691. -A zone_wifi2_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  692. -A zone_wifi2_forward -m comment --comment "!fw3" -j zone_wifi2_dest_ACCEPT
  693. -A zone_wifi2_input -m comment --comment "!fw3: Custom wifi2 input rule chain" -j input_wifi2_rule
  694. -A zone_wifi2_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  695. -A zone_wifi2_input -m comment --comment "!fw3" -j zone_wifi2_src_ACCEPT
  696. -A zone_wifi2_output -m comment --comment "!fw3: Custom wifi2 output rule chain" -j output_wifi2_rule
  697. -A zone_wifi2_output -m comment --comment "!fw3" -j zone_wifi2_dest_ACCEPT
  698. -A zone_wifi2_src_ACCEPT -i wlan1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  699. COMMIT
  700. # Completed on Sat Mar 6 18:27:44 2021
  701. interface: wg0
  702. public key: VkNmuLHORx3+cuBR4cZnOoZ++nnh8JXI6Il9nLYgGkQ=
  703. private key: (hidden)
  704. listening port: 53319
  705.  
  706. peer: AIO7f10s+pBSiMmsZ+PvhWPI8glDXeMt5VAP37b8um4=
  707. endpoint: 95.90.25.9:51821
  708. allowed ips: 0.0.0.0/0, ::/0
  709. latest handshake: 1 minute, 22 seconds ago
  710. transfer: 1.42 KiB received, 900 B sent
  711. persistent keepalive: every 25 seconds
  712. ==> /etc/resolv.conf <==
  713. search lan
  714. nameserver 127.0.0.1
  715. nameserver ::1
  716.  
  717. ==> /tmp/resolv.conf <==
  718. search lan
  719. nameserver 127.0.0.1
  720. nameserver ::1
  721.  
  722. ==> /tmp/resolv.conf.d <==
  723. head: /tmp/resolv.conf.d: I/O error
  724.  
  725. ==> /tmp/resolv.conf.d/resolv.conf.auto <==
  726. # Interface wan
  727. nameserver 192.168.0.1
  728. search fritz.box
  729. # Interface wan6
  730. nameserver fd00::ca0e:14ff:fedd:5e4
  731. root@OpenWrt-A:~#
  732.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!