API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 16th, 2021
55
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.57 KB | None | 0 0
raw download clone embed print report
  1. root@OpenWrt:~# iptables-save -c
  2. # Generated by iptables-save v1.8.7 on Thu Sep 16 12:12:38 2021
  3. *nat
  4. :PREROUTING ACCEPT [837:115466]
  5. :INPUT ACCEPT [67:8931]
  6. :OUTPUT ACCEPT [561:42194]
  7. :POSTROUTING ACCEPT [35:4422]
  8. :postrouting_WireGuard_rule - [0:0]
  9. :postrouting_lan_rule - [0:0]
  10. :postrouting_rule - [0:0]
  11. :postrouting_wan_rule - [0:0]
  12. :prerouting_WireGuard_rule - [0:0]
  13. :prerouting_lan_rule - [0:0]
  14. :prerouting_rule - [0:0]
  15. :prerouting_wan_rule - [0:0]
  16. :zone_WireGuard_postrouting - [0:0]
  17. :zone_WireGuard_prerouting - [0:0]
  18. :zone_lan_postrouting - [0:0]
  19. :zone_lan_prerouting - [0:0]
  20. :zone_wan_postrouting - [0:0]
  21. :zone_wan_prerouting - [0:0]
  22. [1291:147826] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  23. [1286:147321] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  24. [0:0] -A PREROUTING -i wan -m comment --comment "!fw3" -j zone_wan_prerouting
  25. [5:505] -A PREROUTING -i WireGuard -m comment --comment "!fw3" -j zone_WireGuard_prerouting
  26. [1683:173930] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  27. [11:2778] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  28. [531:37972] -A POSTROUTING -o wan -m comment --comment "!fw3" -j zone_wan_postrouting
  29. [1117:131536] -A POSTROUTING -o WireGuard -m comment --comment "!fw3" -j zone_WireGuard_postrouting
  30. [1117:131536] -A zone_WireGuard_postrouting -m comment --comment "!fw3: Custom WireGuard postrouting rule chain" -j postrouting_WireGuard_rule
  31. [1117:131536] -A zone_WireGuard_postrouting -m comment --comment "!fw3" -j MASQUERADE
  32. [5:505] -A zone_WireGuard_prerouting -m comment --comment "!fw3: Custom WireGuard prerouting rule chain" -j prerouting_WireGuard_rule
  33. [11:2778] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule[1286:147321] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  34. [0:0] -A zone_lan_prerouting -p tcp -m tcp --dport 53 -m comment --comment "!fw3: intercept-DNS" -j DNAT --to-destination XX.XX.XX.XX:53
  35. [454:32360] -A zone_lan_prerouting -p udp -m udp --dport 53 -m comment --comment "!fw3: intercept-DNS" -j DNAT --to-destination XX.XX.XX.XX:53
  36. [531:37972] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  37. [531:37972] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  38. [0:0] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  39. COMMIT
  40. # Completed on Thu Sep 16 12:12:38 2021
  41. # Generated by iptables-save v1.8.7 on Thu Sep 16 12:12:38 2021
  42. *raw
  43. :PREROUTING ACCEPT [274925:196662661]
  44. :OUTPUT ACCEPT [113974:126599432]
  45. :zone_lan_helper - [0:0]
  46. [120991:122015957] -A PREROUTING -i br-lan -m comment --comment "!fw3: lan CT helper assignment" -j zone_lan_helper
  47. COMMIT
  48. # Completed on Thu Sep 16 12:12:38 2021
  49. # Generated by iptables-save v1.8.7 on Thu Sep 16 12:12:38 2021
  50. *mangle
  51. :PREROUTING ACCEPT [274929:196662821]
  52. :INPUT ACCEPT [91396:43576404]
  53. :FORWARD ACCEPT [183241:152518486]
  54. :OUTPUT ACCEPT [113981:126600344]
  55. :POSTROUTING ACCEPT [297220:279119586]
  56. :VPR_MARK0x010000 - [0:0]
  57. :VPR_MARK0x020000 - [0:0]
  58. :VPR_PREROUTING - [0:0]
  59. [296970:206565851] -A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
  60. [0:0] -A FORWARD -o wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  61. [0:0] -A FORWARD -i wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  62. [611:34136] -A FORWARD -o WireGuard -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone WireGuard MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  63. [618:33704] -A FORWARD -i WireGuard -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone WireGuard MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  64. [0:0] -A VPR_MARK0x010000 -j MARK --set-xmark 0x10000/0xff0000
  65. [0:0] -A VPR_MARK0x010000 -j RETURN
  66. [296968:206564597] -A VPR_MARK0x020000 -j MARK --set-xmark 0x20000/0xff0000
  67. [296968:206564597] -A VPR_MARK0x020000 -j RETURN
  68. [0:0] -A VPR_PREROUTING -d 192.168.8.1/32 -m comment --comment Modem -g VPR_MARK0x010000
  69. [296968:206564597] -A VPR_PREROUTING -m comment --comment LAN -g VPR_MARK0x020000
  70. COMMIT
  71. # Completed on Thu Sep 16 12:12:38 2021
  72. # Generated by iptables-save v1.8.7 on Thu Sep 16 12:12:38 2021
  73. *filter
  74. :INPUT ACCEPT [0:0]
  75. :FORWARD DROP [0:0]
  76. :OUTPUT ACCEPT [0:0]
  77. :forwarding_WireGuard_rule - [0:0]
  78. :forwarding_lan_rule - [0:0]
  79. :forwarding_rule - [0:0]
  80. :forwarding_wan_rule - [0:0]
  81. :input_WireGuard_rule - [0:0]
  82. :input_lan_rule - [0:0]
  83. :input_rule - [0:0]
  84. :input_wan_rule - [0:0]
  85. :output_WireGuard_rule - [0:0]
  86. :output_lan_rule - [0:0]
  87. :output_rule - [0:0]
  88. :output_wan_rule - [0:0]
  89. :reject - [0:0]
  90. :syn_flood - [0:0]
  91. :zone_WireGuard_dest_ACCEPT - [0:0]
  92. :zone_WireGuard_dest_REJECT - [0:0]
  93. :zone_WireGuard_forward - [0:0]
  94. :zone_WireGuard_input - [0:0]
  95. :zone_WireGuard_output - [0:0]
  96. :zone_WireGuard_src_REJECT - [0:0]
  97. :zone_lan_dest_ACCEPT - [0:0]
  98. :zone_lan_forward - [0:0]
  99. :zone_lan_input - [0:0]
  100. :zone_lan_output - [0:0]
  101. :zone_lan_src_ACCEPT - [0:0]
  102. :zone_wan_dest_ACCEPT - [0:0]
  103. :zone_wan_dest_REJECT - [0:0]
  104. :zone_wan_forward - [0:0]
  105. :zone_wan_input - [0:0]
  106. :zone_wan_output - [0:0]
  107. :zone_wan_src_REJECT - [0:0]
  108. [680:66604] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  109. [90725:43510160] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  110. [78339:40973168] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  111. [12:648] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  112. [12315:2533223] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  113. [41:1640] -A INPUT -i wan -m comment --comment "!fw3" -j zone_wan_input
  114. [30:2129] -A INPUT -i WireGuard -m comment --comment "!fw3" -j zone_WireGuard_input
  115. [183241:152518486] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  116. [182068:152380060] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  117. [1173:138426] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  118. [0:0] -A FORWARD -i wan -m comment --comment "!fw3" -j zone_wan_forward
  119. [0:0] -A FORWARD -i WireGuard -m comment --comment "!fw3" -j zone_WireGuard_forward
  120. [0:0] -A FORWARD -m comment --comment "!fw3" -j reject
  121. [680:66604] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  122. [113319:126536784] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  123. [112763:126493514] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  124. [21:5138] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  125. [535:38132] -A OUTPUT -o wan -m comment --comment "!fw3" -j zone_wan_output
  126. [0:0] -A OUTPUT -o WireGuard -m comment --comment "!fw3" -j zone_WireGuard_output
  127. [47:2185] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  128. [24:1584] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  129. [12:648] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  130. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
  131. [13:3694] -A zone_WireGuard_dest_ACCEPT -o WireGuard -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  132. [1160:134732] -A zone_WireGuard_dest_ACCEPT -o WireGuard -m comment --comment "!fw3" -j ACCEPT
  133. [0:0] -A zone_WireGuard_dest_REJECT -o WireGuard -m comment --comment "!fw3" -j reject
  134. [0:0] -A zone_WireGuard_forward -m comment --comment "!fw3: Custom WireGuard forwarding rule chain" -j forwarding_WireGuard_rule
  135. [0:0] -A zone_WireGuard_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  136. [0:0] -A zone_WireGuard_forward -m comment --comment "!fw3" -j zone_WireGuard_dest_REJECT
  137. [30:2129] -A zone_WireGuard_input -m comment --comment "!fw3: Custom WireGuard input rule chain" -j input_WireGuard_rule[0:0] -A zone_WireGuard_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  138. [30:2129] -A zone_WireGuard_input -m comment --comment "!fw3" -j zone_WireGuard_src_REJECT
  139. [0:0] -A zone_WireGuard_output -m comment --comment "!fw3: Custom WireGuard output rule chain" -j output_WireGuard_rule
  140. [0:0] -A zone_WireGuard_output -m comment --comment "!fw3" -j zone_WireGuard_dest_ACCEPT
  141. [30:2129] -A zone_WireGuard_src_REJECT -i WireGuard -m comment --comment "!fw3" -j reject
  142. [21:5138] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  143. [1173:138426] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  144. [1173:138426] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT[1173:138426] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to WireGuard forwarding policy" -j zone_WireGuard_dest_ACCEPT
  145. [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  146. [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  147. [12315:2533223] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  148. [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  149. [12315:2533223] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  150. [21:5138] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  151. [21:5138] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  152. [12315:2533223] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  153. [9:360] -A zone_wan_dest_ACCEPT -o wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  154. [526:37772] -A zone_wan_dest_ACCEPT -o wan -m comment --comment "!fw3" -j ACCEPT
  155. [0:0] -A zone_wan_dest_REJECT -o wan -m comment --comment "!fw3" -j reject
  156. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  157. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  158. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  159. [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  160. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  161. [41:1640] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  162. [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  163. [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  164. [0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  165. [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  166. [41:1640] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  167. [535:38132] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  168. [535:38132] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  169. [41:1640] -A zone_wan_src_REJECT -i wan -m comment --comment "!fw3" -j reject
  170. COMMIT
  171. # Completed on Thu Sep 16 12:12:38 2021
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!