Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "kernel": "4.4.92",
- "hostname": "rp0w0",
- "system": "ARMv6-compatible processor rev 7 (v6l)",
- "model": "Raspberry Pi Zero W Rev 1.1",
- "board_name": "rpi-zero-w",
- "release": {
- "distribution": "LEDE",
- "version": "17.01.4",
- "revision": "r3560-79f57e422d",
- "codename": "reboot",
- "target": "brcm2708\/bcm2708",
- "description": "LEDE Reboot 17.01.4 r3560-79f57e422d"
- }
- }
- network.loopback=interface
- network.loopback.ifname='lo'
- network.loopback.proto='static'
- network.loopback.ipaddr='127.0.0.1'
- network.loopback.netmask='255.0.0.0'
- network.globals=globals
- network.globals.ula_prefix='fd4c:481d:6483::/48'
- network.lan=interface
- network.lan.type='bridge'
- network.lan.proto='static'
- network.lan.netmask='255.255.255.0'
- network.lan.ip6assign='60'
- network.lan.ipaddr='192.168.1.3'
- network.lan.ifname='usb0'
- network.wwan=interface
- network.wwan.proto='dhcp'
- wireless.radio0=wifi-device
- wireless.radio0.type='mac80211'
- wireless.radio0.hwmode='11g'
- wireless.radio0.path='platform/soc/20300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
- wireless.radio0.htmode='HT20'
- wireless.radio0.disabled='0'
- wireless.radio0.channel='1'
- wireless.radio0.country='00'
- wireless.@wifi-iface[0]=wifi-iface
- wireless.@wifi-iface[0].ssid='......'
- wireless.@wifi-iface[0].encryption='......'
- wireless.@wifi-iface[0].device='radio0'
- wireless.@wifi-iface[0].mode='sta'
- wireless.@wifi-iface[0].bssid='......'
- wireless.@wifi-iface[0].key='......'
- wireless.@wifi-iface[0].network='lan wwan'
- firewall.@defaults[0]=defaults
- firewall.@defaults[0].syn_flood='1'
- firewall.@defaults[0].input='ACCEPT'
- firewall.@defaults[0].output='ACCEPT'
- firewall.@defaults[0].forward='REJECT'
- firewall.@zone[0]=zone
- firewall.@zone[0].name='lan'
- firewall.@zone[0].input='ACCEPT'
- firewall.@zone[0].output='ACCEPT'
- firewall.@zone[0].forward='ACCEPT'
- firewall.@zone[0].network='lan'
- firewall.@zone[1]=zone
- firewall.@zone[1].name='wan'
- firewall.@zone[1].input='REJECT'
- firewall.@zone[1].output='ACCEPT'
- firewall.@zone[1].forward='REJECT'
- firewall.@zone[1].masq='1'
- firewall.@zone[1].mtu_fix='1'
- firewall.@zone[1].network='wan wan6 wwan'
- firewall.@forwarding[0]=forwarding
- firewall.@forwarding[0].src='lan'
- firewall.@forwarding[0].dest='wan'
- firewall.@rule[0]=rule
- firewall.@rule[0].name='Allow-DHCP-Renew'
- firewall.@rule[0].src='wan'
- firewall.@rule[0].proto='udp'
- firewall.@rule[0].dest_port='68'
- firewall.@rule[0].target='ACCEPT'
- firewall.@rule[0].family='ipv4'
- firewall.@rule[1]=rule
- firewall.@rule[1].name='Allow-Ping'
- firewall.@rule[1].src='wan'
- firewall.@rule[1].proto='icmp'
- firewall.@rule[1].icmp_type='echo-request'
- firewall.@rule[1].family='ipv4'
- firewall.@rule[1].target='ACCEPT'
- firewall.@rule[2]=rule
- firewall.@rule[2].name='Allow-IGMP'
- firewall.@rule[2].src='wan'
- firewall.@rule[2].proto='igmp'
- firewall.@rule[2].family='ipv4'
- firewall.@rule[2].target='ACCEPT'
- firewall.@rule[3]=rule
- firewall.@rule[3].name='Allow-DHCPv6'
- firewall.@rule[3].src='wan'
- firewall.@rule[3].proto='udp'
- firewall.@rule[3].src_ip='fc00::/6'
- firewall.@rule[3].dest_ip='fc00::/6'
- firewall.@rule[3].dest_port='546'
- firewall.@rule[3].family='ipv6'
- firewall.@rule[3].target='ACCEPT'
- firewall.@rule[4]=rule
- firewall.@rule[4].name='Allow-MLD'
- firewall.@rule[4].src='wan'
- firewall.@rule[4].proto='icmp'
- firewall.@rule[4].src_ip='fe80::/10'
- firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
- firewall.@rule[4].family='ipv6'
- firewall.@rule[4].target='ACCEPT'
- firewall.@rule[5]=rule
- firewall.@rule[5].name='Allow-ICMPv6-Input'
- firewall.@rule[5].src='wan'
- firewall.@rule[5].proto='icmp'
- firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
- firewall.@rule[5].limit='1000/sec'
- firewall.@rule[5].family='ipv6'
- firewall.@rule[5].target='ACCEPT'
- firewall.@rule[6]=rule
- firewall.@rule[6].name='Allow-ICMPv6-Forward'
- firewall.@rule[6].src='wan'
- firewall.@rule[6].dest='*'
- firewall.@rule[6].proto='icmp'
- firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
- firewall.@rule[6].limit='1000/sec'
- firewall.@rule[6].family='ipv6'
- firewall.@rule[6].target='ACCEPT'
- firewall.@rule[7]=rule
- firewall.@rule[7].name='Allow-IPSec-ESP'
- firewall.@rule[7].src='wan'
- firewall.@rule[7].dest='lan'
- firewall.@rule[7].proto='esp'
- firewall.@rule[7].target='ACCEPT'
- firewall.@rule[8]=rule
- firewall.@rule[8].name='Allow-ISAKMP'
- firewall.@rule[8].src='wan'
- firewall.@rule[8].dest='lan'
- firewall.@rule[8].dest_port='500'
- firewall.@rule[8].proto='udp'
- firewall.@rule[8].target='ACCEPT'
- firewall.@include[0]=include
- firewall.@include[0].path='/etc/firewall.user'
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
- link/ether 32:3c:fd:bd:47:53 brd ff:ff:ff:ff:ff:ff
- 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
- link/ether b8:27:eb:ac:98:95 brd ff:ff:ff:ff:ff:ff
- inet 192.168.1.3/24 brd 192.168.1.255 scope global wlan0
- valid_lft forever preferred_lft forever
- inet6 fe80::ba27:ebff:feac:9895/64 scope link tentative flags 08
- valid_lft forever preferred_lft forever
- 4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
- link/ether 32:3c:fd:bd:47:53 brd ff:ff:ff:ff:ff:ff
- inet 192.168.1.3/24 brd 192.168.1.255 scope global br-lan
- valid_lft forever preferred_lft forever
- inet6 fd4c:481d:6483::1/60 scope global
- valid_lft forever preferred_lft forever
- inet6 fe80::303c:fdff:febd:4753/64 scope link
- valid_lft forever preferred_lft forever
- default via 192.168.1.1 dev wlan0 src 192.168.1.3
- 192.168.1.0/24 dev br-lan src 192.168.1.3
- 192.168.1.0/24 dev wlan0 src 192.168.1.3
- 192.168.1.1 dev wlan0 src 192.168.1.3
- broadcast 127.0.0.0 dev lo src 127.0.0.1
- local 127.0.0.0/8 dev lo src 127.0.0.1
- local 127.0.0.1 dev lo src 127.0.0.1
- broadcast 127.255.255.255 dev lo src 127.0.0.1
- broadcast 192.168.1.0 dev br-lan src 192.168.1.3
- broadcast 192.168.1.0 dev wlan0 src 192.168.1.3
- local 192.168.1.3 dev br-lan src 192.168.1.3
- local 192.168.1.3 dev wlan0 src 192.168.1.3
- broadcast 192.168.1.255 dev br-lan src 192.168.1.3
- broadcast 192.168.1.255 dev wlan0 src 192.168.1.3
- fd4c:481d:6483::/64 dev br-lan metric 1024
- unreachable fd4c:481d:6483::/48 dev lo metric 2147483647 error -113
- fe80::/64 dev br-lan metric 256
- fe80::/64 dev wlan0 metric 256
- unreachable default dev lo metric -1 error -101
- local ::1 dev lo metric 0
- local fd4c:481d:6483:: dev lo metric 0
- local fd4c:481d:6483::1 dev lo metric 0
- local fe80:: dev lo metric 0
- local fe80::303c:fdff:febd:4753 dev lo metric 0
- ff00::/8 dev br-lan metric 256
- ff00::/8 dev wlan0 metric 256
- unreachable default dev lo metric -1 error -101
- 0: from all lookup local
- 32766: from all lookup main
- 32767: from all lookup default
- # Generated by iptables-save v1.4.21 on Tue Mar 23 15:01:01 2021
- *nat
- :PREROUTING ACCEPT [43:4889]
- :INPUT ACCEPT [24:1777]
- :OUTPUT ACCEPT [48:3444]
- :POSTROUTING ACCEPT [6:636]
- :postrouting_lan_rule - [0:0]
- :postrouting_rule - [0:0]
- :postrouting_wan_rule - [0:0]
- :prerouting_lan_rule - [0:0]
- :prerouting_rule - [0:0]
- :prerouting_wan_rule - [0:0]
- :zone_lan_postrouting - [0:0]
- :zone_lan_prerouting - [0:0]
- :zone_wan_postrouting - [0:0]
- :zone_wan_prerouting - [0:0]
- [43:4889] -A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
- [41:4785] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
- [2:104] -A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_wan_prerouting
- [53:3760] -A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
- [2:376] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
- [47:3124] -A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_wan_postrouting
- [2:376] -A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
- [41:4785] -A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
- [47:3124] -A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
- [47:3124] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
- [2:104] -A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
- COMMIT
- # Completed on Tue Mar 23 15:01:01 2021
- # Generated by iptables-save v1.4.21 on Tue Mar 23 15:01:01 2021
- *mangle
- :PREROUTING ACCEPT [293:32988]
- :INPUT ACCEPT [222:20188]
- :FORWARD ACCEPT [58:10076]
- :OUTPUT ACCEPT [214:32734]
- :POSTROUTING ACCEPT [272:42810]
- [4:240] -A FORWARD -o wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
- COMMIT
- # Completed on Tue Mar 23 15:01:01 2021
- # Generated by iptables-save v1.4.21 on Tue Mar 23 15:01:01 2021
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- :forwarding_lan_rule - [0:0]
- :forwarding_rule - [0:0]
- :forwarding_wan_rule - [0:0]
- :input_lan_rule - [0:0]
- :input_rule - [0:0]
- :input_wan_rule - [0:0]
- :output_lan_rule - [0:0]
- :output_rule - [0:0]
- :output_wan_rule - [0:0]
- :reject - [0:0]
- :syn_flood - [0:0]
- :zone_lan_dest_ACCEPT - [0:0]
- :zone_lan_forward - [0:0]
- :zone_lan_input - [0:0]
- :zone_lan_output - [0:0]
- :zone_lan_src_ACCEPT - [0:0]
- :zone_wan_dest_ACCEPT - [0:0]
- :zone_wan_dest_REJECT - [0:0]
- :zone_wan_forward - [0:0]
- :zone_wan_input - [0:0]
- :zone_wan_output - [0:0]
- :zone_wan_src_REJECT - [0:0]
- [22:2030] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
- [203:18314] -A INPUT -m comment --comment "!fw3: user chain for input" -j input_rule
- [162:14896] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [1:60] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
- [39:3314] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
- [2:104] -A INPUT -i wlan0 -m comment --comment "!fw3" -j zone_wan_input
- [58:10076] -A FORWARD -m comment --comment "!fw3: user chain for forwarding" -j forwarding_rule
- [53:9760] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [5:316] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
- [0:0] -A FORWARD -i wlan0 -m comment --comment "!fw3" -j zone_wan_forward
- [0:0] -A FORWARD -m comment --comment "!fw3" -j reject
- [22:2030] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
- [195:31452] -A OUTPUT -m comment --comment "!fw3: user chain for output" -j output_rule
- [149:27870] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- [3:709] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
- [43:2873] -A OUTPUT -o wlan0 -m comment --comment "!fw3" -j zone_wan_output
- [0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
- [1:72] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
- [1:60] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
- [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
- [3:709] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
- [5:316] -A zone_lan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_lan_rule
- [5:316] -A zone_lan_forward -m comment --comment "!fw3: forwarding lan -> wan" -j zone_wan_dest_ACCEPT
- [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- [39:3314] -A zone_lan_input -m comment --comment "!fw3: user chain for input" -j input_lan_rule
- [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- [39:3314] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
- [3:709] -A zone_lan_output -m comment --comment "!fw3: user chain for output" -j output_lan_rule
- [3:709] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- [39:3314] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- [0:0] -A zone_wan_dest_ACCEPT -o wlan0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
- [48:3189] -A zone_wan_dest_ACCEPT -o wlan0 -m comment --comment "!fw3" -j ACCEPT
- [0:0] -A zone_wan_dest_REJECT -o wlan0 -m comment --comment "!fw3" -j reject
- [0:0] -A zone_wan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_wan_rule
- [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
- [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
- [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
- [2:104] -A zone_wan_input -m comment --comment "!fw3: user chain for input" -j input_wan_rule
- [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
- [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
- [1:32] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
- [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- [1:72] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
- [43:2873] -A zone_wan_output -m comment --comment "!fw3: user chain for output" -j output_wan_rule
- [43:2873] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
- [1:72] -A zone_wan_src_REJECT -i wlan0 -m comment --comment "!fw3" -j reject
- COMMIT
- # Completed on Tue Mar 23 15:01:01 2021
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement