Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp
- ACCEPT all -- anywhere anywhere /* !fw3 */
- input_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
- zone_lan_input all -- anywhere anywhere /* !fw3 */
- zone_wan_input all -- anywhere anywhere /* !fw3 */
- Chain FORWARD (policy DROP)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp
- ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp
- forwarding_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- zone_lan_forward all -- anywhere anywhere /* !fw3 */
- zone_wan_forward all -- anywhere anywhere /* !fw3 */
- reject all -- anywhere anywhere /* !fw3 */
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp
- ACCEPT all -- anywhere anywhere /* !fw3 */
- output_rule all -- anywhere anywhere /* !fw3: user chain for output */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- zone_lan_output all -- anywhere anywhere /* !fw3 */
- zone_wan_output all -- anywhere anywhere /* !fw3 */
- Chain forwarding_lan_rule (1 references)
- target prot opt source destination
- Chain forwarding_rule (1 references)
- target prot opt source destination
- Chain forwarding_wan_rule (1 references)
- target prot opt source destination
- Chain input_lan_rule (1 references)
- target prot opt source destination
- Chain input_rule (1 references)
- target prot opt source destination
- Chain input_wan_rule (1 references)
- target prot opt source destination
- Chain output_lan_rule (1 references)
- target prot opt source destination
- Chain output_rule (1 references)
- target prot opt source destination
- Chain output_wan_rule (1 references)
- target prot opt source destination
- Chain reject (3 references)
- target prot opt source destination
- REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
- REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
- Chain syn_flood (1 references)
- target prot opt source destination
- RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
- DROP all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_dest_ACCEPT (4 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_forward (1 references)
- target prot opt source destination
- forwarding_lan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding lan -> wan */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_input (1 references)
- target prot opt source destination
- input_lan_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-dgm /* !fw3: @rule[13] */
- ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn /* !fw3: @rule[14] */
- ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds /* !fw3: @rule[15] */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_output (1 references)
- target prot opt source destination
- output_lan_rule all -- anywhere anywhere /* !fw3: user chain for output */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_src_ACCEPT (1 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
- Chain zone_wan_dest_ACCEPT (2 references)
- target prot opt source destination
- DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_dest_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_forward (1 references)
- target prot opt source destination
- forwarding_wan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: @rule[10] */
- zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: @rule[11] */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_input (1 references)
- target prot opt source destination
- input_wan_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
- ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
- ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
- ACCEPT esp -- anywhere anywhere /* !fw3: IPSec ESP */
- ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: IPSec IKE */
- ACCEPT udp -- anywhere anywhere udp dpt:4500 /* !fw3: IPSec NAT-T */
- ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* !fw3: ssh */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_output (1 references)
- target prot opt source destination
- output_wan_rule all -- anywhere anywhere /* !fw3: user chain for output */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_src_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere /* !fw3 */
- Chain PREROUTING (policy ACCEPT)
- target prot opt source destination
- prerouting_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
- zone_lan_prerouting all -- anywhere anywhere /* !fw3 */
- zone_wan_prerouting all -- anywhere anywhere /* !fw3 */
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- Chain POSTROUTING (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere policy match dir out pol ipsec
- postrouting_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
- zone_lan_postrouting all -- anywhere anywhere /* !fw3 */
- zone_wan_postrouting all -- anywhere anywhere /* !fw3 */
- Chain postrouting_lan_rule (1 references)
- target prot opt source destination
- Chain postrouting_rule (1 references)
- target prot opt source destination
- Chain postrouting_wan_rule (1 references)
- target prot opt source destination
- Chain prerouting_lan_rule (1 references)
- target prot opt source destination
- Chain prerouting_rule (1 references)
- target prot opt source destination
- Chain prerouting_wan_rule (1 references)
- target prot opt source destination
- Chain zone_lan_postrouting (1 references)
- target prot opt source destination
- postrouting_lan_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
- SNAT tcp -- 192.168.1.0/24 Lede.lan tcp dpt:ssh /* !fw3: SSH (reflection) */ to:192.168.1.1
- Chain zone_lan_prerouting (1 references)
- target prot opt source destination
- prerouting_lan_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
- DNAT tcp -- 192.168.1.0/24 HSI-KBW-134-3-244-176.hsi14.kabel-badenwuerttemberg.de tcp dpt:2200 /* !fw3: SSH (reflection) */ to:192.168.1.1:22
- Chain zone_wan_postrouting (1 references)
- target prot opt source destination
- postrouting_wan_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
- MASQUERADE all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_prerouting (1 references)
- target prot opt source destination
- prerouting_wan_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
- DNAT tcp -- anywhere anywhere tcp dpt:2200 /* !fw3: SSH */ to:192.168.1.1:22
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement