API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 15th, 2017
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
KiXtart 6.77 KB | None | 0 0
raw download clone embed print report
  1. root@OpenWrt:~# FW_TRACE=1 fw reload
  2. iptables --table filter --policy INPUT ACCEPT
  3. iptables --table filter --policy OUTPUT ACCEPT
  4. iptables --table filter --policy FORWARD ACCEPT
  5. iptables --table filter --flush
  6. iptables --table filter --delete-chain
  7. iptables --table nat --flush
  8. iptables --table nat --delete-chain
  9. iptables --table raw --flush
  10. iptables --table raw --delete-chain
  11. iptables --table filter --policy INPUT DROP
  12. iptables --table filter --policy OUTPUT DROP
  13. iptables --table filter --policy FORWARD DROP
  14. iptables --table filter --flush
  15. iptables --table filter --delete-chain
  16. iptables --table nat --flush
  17. iptables --table nat --delete-chain
  18. iptables --table raw --flush
  19. iptables --table raw --delete-chain
  20. Loading defaults
  21. iptables --table filter --append INPUT --jump ACCEPT -m state --state RELATED,ES                                                                                             TABLISHED
  22. iptables --table filter --append OUTPUT --jump ACCEPT -m state --state RELATED,E                                                                                             STABLISHED
  23. iptables --table filter --append FORWARD --jump ACCEPT -m state --state RELATED,                                                                                             ESTABLISHED
  24. iptables --table filter --append INPUT --jump ACCEPT -i lo
  25. iptables --table filter --append OUTPUT --jump ACCEPT -o lo
  26. Loading synflood protection
  27. iptables --table filter --new-chain syn_flood
  28. iptables --table filter --append syn_flood --jump RETURN -p tcp --syn -m limit -                                                                                             -limit 25/second --limit-burst 50
  29. iptables --table filter --append syn_flood --jump DROP
  30. iptables --table filter --append INPUT --jump syn_flood -p tcp --syn
  31. Adding custom chains
  32. iptables --table filter --new-chain input_rule
  33. iptables --table filter --new-chain output_rule
  34. iptables --table filter --new-chain forwarding_rule
  35. iptables --table nat --new-chain prerouting_rule
  36. iptables --table nat --new-chain postrouting_rule
  37. iptables --table filter --append INPUT --jump input_rule
  38. iptables --table filter --append OUTPUT --jump output_rule
  39. iptables --table filter --append FORWARD --jump forwarding_rule
  40. iptables --table nat --append PREROUTING --jump prerouting_rule
  41. iptables --table nat --append POSTROUTING --jump postrouting_rule
  42. iptables --table filter --new-chain input
  43. iptables --table filter --new-chain output
  44. iptables --table filter --new-chain forward
  45. iptables --table filter --append INPUT --jump input
  46. iptables --table filter --append OUTPUT --jump output
  47. iptables --table filter --append FORWARD --jump forward
  48. iptables --table filter --new-chain reject
  49. iptables --table filter --append reject --jump REJECT --reject-with tcp-reset -p                                                                                              tcp
  50. iptables --table filter --append reject --jump REJECT --reject-with port-unreach
  51. iptables --table filter --policy INPUT ACCEPT
  52. iptables --table filter --policy OUTPUT ACCEPT
  53. iptables --table filter --append FORWARD --jump reject
  54. iptables --table filter --policy FORWARD DROP
  55. Loading zones
  56. iptables --table filter --new-chain zone_lan_ACCEPT
  57. iptables --table filter --new-chain zone_lan_DROP
  58. iptables --table filter --new-chain zone_lan_REJECT
  59. iptables --table filter --new-chain zone_lan_MSSFIX
  60. iptables --table filter --new-chain zone_lan
  61. iptables --table filter --append zone_lan --jump zone_lan_ACCEPT
  62. iptables --table filter --new-chain zone_lan_forward
  63. iptables --table filter --append zone_lan_forward --jump zone_lan_REJECT
  64. iptables --table filter --append output --jump zone_lan_ACCEPT
  65. iptables --table nat --new-chain zone_lan_nat
  66. iptables --table nat --new-chain zone_lan_prerouting
  67. iptables --table raw --new-chain zone_lan_notrack
  68. iptables --table filter --new-chain input_lan
  69. iptables --table filter --insert zone_lan 1 --jump input_lan
  70. iptables --table filter --new-chain forwarding_lan
  71. iptables --table filter --insert zone_lan_forward 1 --jump forwarding_lan
  72. iptables --table nat --new-chain prerouting_lan
  73. iptables --table nat --insert zone_lan_prerouting 1 --jump prerouting_lan
  74. iptables --table filter --new-chain zone_wan_ACCEPT
  75. iptables --table filter --new-chain zone_wan_DROP
  76. iptables --table filter --new-chain zone_wan_REJECT
  77. iptables --table filter --new-chain zone_wan_MSSFIX
  78. iptables --table filter --new-chain zone_wan
  79. iptables --table filter --append zone_wan --jump zone_wan_REJECT
  80. iptables --table filter --new-chain zone_wan_forward
  81. iptables --table filter --append zone_wan_forward --jump zone_wan_REJECT
  82. iptables --table filter --append output --jump zone_wan_ACCEPT
  83. iptables --table nat --new-chain zone_wan_nat
  84. iptables --table nat --new-chain zone_wan_prerouting
  85. iptables --table raw --new-chain zone_wan_notrack
  86. iptables --table filter --new-chain input_wan
  87. iptables --table filter --insert zone_wan 1 --jump input_wan
  88. iptables --table filter --new-chain forwarding_wan
  89. iptables --table filter --insert zone_wan_forward 1 --jump forwarding_wan
  90. iptables --table nat --new-chain prerouting_wan
  91. iptables --table nat --insert zone_wan_prerouting 1 --jump prerouting_wan
  92. iptables --table nat --append zone_wan_nat --jump MASQUERADE -s 0.0.0.0/0 -d 0.0                                                                                             .0.0/0
  93. Loading forwardings
  94. iptables --table filter --insert zone_lan_forward 1 --jump zone_wan_ACCEPT
  95. Loading redirects
  96. iptables --table nat --insert zone_lan_prerouting 1 --jump DNAT -p tcp --dport 2                                                                                             123 --to-destination 81.103.221.11:25
  97. iptables --table filter --insert zone_lan_forward 1 --jump ACCEPT -p tcp -d 81.1                                                                                             03.221.11/32 --dport 25
  98. iptables --table nat --insert zone_wan_prerouting 1 --jump DNAT -p tcp --dport 2                                                                                             123 --to-destination 81.103.221.11:25
  99. iptables --table filter --insert zone_wan_forward 1 --jump ACCEPT -p tcp -d 81.1                                                                                             03.221.11/32 --dport 25
  100. Error: redirect CentOSssh: target must be either DNAT or SNAT
  101. iptables --table filter --policy INPUT ACCEPT
  102. iptables --table filter --policy OUTPUT ACCEPT
  103. iptables --table filter --policy FORWARD ACCEPT
  104. iptables --table filter --flush
  105. iptables --table filter --delete-chain
  106. iptables --table nat --flush
  107. iptables --table nat --delete-chain
  108. iptables --table raw --flush
  109. iptables --table raw --delete-chain
  110. root@OpenWrt:~# iptables -t nat -A POSTROUTING -o $(uci get network.wan.ifname)
  111. -j MASQUERADE
  112. root@OpenWrt:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!