API tools faq
paste
Advertisement
Guest User

Client B

a guest
Oct 28th, 2017
180
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.94 KB | None | 0 0
raw download clone embed print report
  1. Chain INPUT (policy ACCEPT)
  2. target prot opt source destination
  3. ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp
  4. ACCEPT all -- anywhere anywhere /* !fw3 */
  5. input_rule all -- anywhere anywhere /* !fw3: user chain for input */
  6. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  7. syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
  8. zone_lan_input all -- anywhere anywhere /* !fw3 */
  9. zone_wan_input all -- anywhere anywhere /* !fw3 */
  10.  
  11. Chain FORWARD (policy DROP)
  12. target prot opt source destination
  13. ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp
  14. ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp
  15. forwarding_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
  16. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  17. zone_lan_forward all -- anywhere anywhere /* !fw3 */
  18. zone_wan_forward all -- anywhere anywhere /* !fw3 */
  19. reject all -- anywhere anywhere /* !fw3 */
  20.  
  21. Chain OUTPUT (policy ACCEPT)
  22. target prot opt source destination
  23. ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp
  24. ACCEPT all -- anywhere anywhere /* !fw3 */
  25. output_rule all -- anywhere anywhere /* !fw3: user chain for output */
  26. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  27. zone_lan_output all -- anywhere anywhere /* !fw3 */
  28. zone_wan_output all -- anywhere anywhere /* !fw3 */
  29.  
  30. Chain forwarding_lan_rule (1 references)
  31. target prot opt source destination
  32.  
  33. Chain forwarding_rule (1 references)
  34. target prot opt source destination
  35.  
  36. Chain forwarding_wan_rule (1 references)
  37. target prot opt source destination
  38.  
  39. Chain input_lan_rule (1 references)
  40. target prot opt source destination
  41.  
  42. Chain input_rule (1 references)
  43. target prot opt source destination
  44.  
  45. Chain input_wan_rule (1 references)
  46. target prot opt source destination
  47.  
  48. Chain output_lan_rule (1 references)
  49. target prot opt source destination
  50.  
  51. Chain output_rule (1 references)
  52. target prot opt source destination
  53.  
  54. Chain output_wan_rule (1 references)
  55. target prot opt source destination
  56.  
  57. Chain reject (3 references)
  58. target prot opt source destination
  59. REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
  60. REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
  61.  
  62. Chain syn_flood (1 references)
  63. target prot opt source destination
  64. RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
  65. DROP all -- anywhere anywhere /* !fw3 */
  66.  
  67. Chain zone_lan_dest_ACCEPT (4 references)
  68. target prot opt source destination
  69. ACCEPT all -- anywhere anywhere /* !fw3 */
  70.  
  71. Chain zone_lan_forward (1 references)
  72. target prot opt source destination
  73. forwarding_lan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
  74. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding lan -> wan */
  75. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  76. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  77.  
  78. Chain zone_lan_input (1 references)
  79. target prot opt source destination
  80. input_lan_rule all -- anywhere anywhere /* !fw3: user chain for input */
  81. ACCEPT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-dgm /* !fw3: @rule[13] */
  82. ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn /* !fw3: @rule[14] */
  83. ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds /* !fw3: @rule[15] */
  84. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  85. zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
  86.  
  87. Chain zone_lan_output (1 references)
  88. target prot opt source destination
  89. output_lan_rule all -- anywhere anywhere /* !fw3: user chain for output */
  90. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  91.  
  92. Chain zone_lan_src_ACCEPT (1 references)
  93. target prot opt source destination
  94. ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
  95.  
  96. Chain zone_wan_dest_ACCEPT (2 references)
  97. target prot opt source destination
  98. DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
  99. ACCEPT all -- anywhere anywhere /* !fw3 */
  100.  
  101. Chain zone_wan_dest_REJECT (1 references)
  102. target prot opt source destination
  103. reject all -- anywhere anywhere /* !fw3 */
  104.  
  105. Chain zone_wan_forward (1 references)
  106. target prot opt source destination
  107. forwarding_wan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
  108. zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: @rule[10] */
  109. zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: @rule[11] */
  110. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  111. zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
  112.  
  113. Chain zone_wan_input (1 references)
  114. target prot opt source destination
  115. input_wan_rule all -- anywhere anywhere /* !fw3: user chain for input */
  116. ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
  117. ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
  118. ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
  119. ACCEPT esp -- anywhere anywhere /* !fw3: IPSec ESP */
  120. ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: IPSec IKE */
  121. ACCEPT udp -- anywhere anywhere udp dpt:4500 /* !fw3: IPSec NAT-T */
  122. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* !fw3: ssh */
  123. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  124. zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
  125.  
  126. Chain zone_wan_output (1 references)
  127. target prot opt source destination
  128. output_wan_rule all -- anywhere anywhere /* !fw3: user chain for output */
  129. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  130.  
  131. Chain zone_wan_src_REJECT (1 references)
  132. target prot opt source destination
  133. reject all -- anywhere anywhere /* !fw3 */
  134. Chain PREROUTING (policy ACCEPT)
  135. target prot opt source destination
  136. prerouting_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
  137. zone_lan_prerouting all -- anywhere anywhere /* !fw3 */
  138. zone_wan_prerouting all -- anywhere anywhere /* !fw3 */
  139.  
  140. Chain INPUT (policy ACCEPT)
  141. target prot opt source destination
  142.  
  143. Chain OUTPUT (policy ACCEPT)
  144. target prot opt source destination
  145.  
  146. Chain POSTROUTING (policy ACCEPT)
  147. target prot opt source destination
  148. ACCEPT all -- anywhere anywhere policy match dir out pol ipsec
  149. postrouting_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
  150. zone_lan_postrouting all -- anywhere anywhere /* !fw3 */
  151. zone_wan_postrouting all -- anywhere anywhere /* !fw3 */
  152.  
  153. Chain postrouting_lan_rule (1 references)
  154. target prot opt source destination
  155.  
  156. Chain postrouting_rule (1 references)
  157. target prot opt source destination
  158.  
  159. Chain postrouting_wan_rule (1 references)
  160. target prot opt source destination
  161.  
  162. Chain prerouting_lan_rule (1 references)
  163. target prot opt source destination
  164.  
  165. Chain prerouting_rule (1 references)
  166. target prot opt source destination
  167.  
  168. Chain prerouting_wan_rule (1 references)
  169. target prot opt source destination
  170.  
  171. Chain zone_lan_postrouting (1 references)
  172. target prot opt source destination
  173. postrouting_lan_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
  174. SNAT tcp -- 192.168.1.0/24 Lede.lan tcp dpt:ssh /* !fw3: SSH (reflection) */ to:192.168.1.1
  175.  
  176. Chain zone_lan_prerouting (1 references)
  177. target prot opt source destination
  178. prerouting_lan_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
  179. DNAT tcp -- 192.168.1.0/24 HSI-KBW-134-3-244-176.hsi14.kabel-badenwuerttemberg.de tcp dpt:2200 /* !fw3: SSH (reflection) */ to:192.168.1.1:22
  180.  
  181. Chain zone_wan_postrouting (1 references)
  182. target prot opt source destination
  183. postrouting_wan_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
  184. MASQUERADE all -- anywhere anywhere /* !fw3 */
  185.  
  186. Chain zone_wan_prerouting (1 references)
  187. target prot opt source destination
  188. prerouting_wan_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
  189. DNAT tcp -- anywhere anywhere tcp dpt:2200 /* !fw3: SSH */ to:192.168.1.1:22
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!