Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@OpenWrt:~# FW_TRACE=1 fw reload
- iptables --table filter --policy INPUT ACCEPT
- iptables --table filter --policy OUTPUT ACCEPT
- iptables --table filter --policy FORWARD ACCEPT
- iptables --table filter --flush
- iptables --table filter --delete-chain
- iptables --table nat --flush
- iptables --table nat --delete-chain
- iptables --table raw --flush
- iptables --table raw --delete-chain
- iptables --table filter --policy INPUT DROP
- iptables --table filter --policy OUTPUT DROP
- iptables --table filter --policy FORWARD DROP
- iptables --table filter --flush
- iptables --table filter --delete-chain
- iptables --table nat --flush
- iptables --table nat --delete-chain
- iptables --table raw --flush
- iptables --table raw --delete-chain
- Loading defaults
- iptables --table filter --append INPUT --jump ACCEPT -m state --state RELATED,ES TABLISHED
- iptables --table filter --append OUTPUT --jump ACCEPT -m state --state RELATED,E STABLISHED
- iptables --table filter --append FORWARD --jump ACCEPT -m state --state RELATED, ESTABLISHED
- iptables --table filter --append INPUT --jump ACCEPT -i lo
- iptables --table filter --append OUTPUT --jump ACCEPT -o lo
- Loading synflood protection
- iptables --table filter --new-chain syn_flood
- iptables --table filter --append syn_flood --jump RETURN -p tcp --syn -m limit - -limit 25/second --limit-burst 50
- iptables --table filter --append syn_flood --jump DROP
- iptables --table filter --append INPUT --jump syn_flood -p tcp --syn
- Adding custom chains
- iptables --table filter --new-chain input_rule
- iptables --table filter --new-chain output_rule
- iptables --table filter --new-chain forwarding_rule
- iptables --table nat --new-chain prerouting_rule
- iptables --table nat --new-chain postrouting_rule
- iptables --table filter --append INPUT --jump input_rule
- iptables --table filter --append OUTPUT --jump output_rule
- iptables --table filter --append FORWARD --jump forwarding_rule
- iptables --table nat --append PREROUTING --jump prerouting_rule
- iptables --table nat --append POSTROUTING --jump postrouting_rule
- iptables --table filter --new-chain input
- iptables --table filter --new-chain output
- iptables --table filter --new-chain forward
- iptables --table filter --append INPUT --jump input
- iptables --table filter --append OUTPUT --jump output
- iptables --table filter --append FORWARD --jump forward
- iptables --table filter --new-chain reject
- iptables --table filter --append reject --jump REJECT --reject-with tcp-reset -p tcp
- iptables --table filter --append reject --jump REJECT --reject-with port-unreach
- iptables --table filter --policy INPUT ACCEPT
- iptables --table filter --policy OUTPUT ACCEPT
- iptables --table filter --append FORWARD --jump reject
- iptables --table filter --policy FORWARD DROP
- Loading zones
- iptables --table filter --new-chain zone_lan_ACCEPT
- iptables --table filter --new-chain zone_lan_DROP
- iptables --table filter --new-chain zone_lan_REJECT
- iptables --table filter --new-chain zone_lan_MSSFIX
- iptables --table filter --new-chain zone_lan
- iptables --table filter --append zone_lan --jump zone_lan_ACCEPT
- iptables --table filter --new-chain zone_lan_forward
- iptables --table filter --append zone_lan_forward --jump zone_lan_REJECT
- iptables --table filter --append output --jump zone_lan_ACCEPT
- iptables --table nat --new-chain zone_lan_nat
- iptables --table nat --new-chain zone_lan_prerouting
- iptables --table raw --new-chain zone_lan_notrack
- iptables --table filter --new-chain input_lan
- iptables --table filter --insert zone_lan 1 --jump input_lan
- iptables --table filter --new-chain forwarding_lan
- iptables --table filter --insert zone_lan_forward 1 --jump forwarding_lan
- iptables --table nat --new-chain prerouting_lan
- iptables --table nat --insert zone_lan_prerouting 1 --jump prerouting_lan
- iptables --table filter --new-chain zone_wan_ACCEPT
- iptables --table filter --new-chain zone_wan_DROP
- iptables --table filter --new-chain zone_wan_REJECT
- iptables --table filter --new-chain zone_wan_MSSFIX
- iptables --table filter --new-chain zone_wan
- iptables --table filter --append zone_wan --jump zone_wan_REJECT
- iptables --table filter --new-chain zone_wan_forward
- iptables --table filter --append zone_wan_forward --jump zone_wan_REJECT
- iptables --table filter --append output --jump zone_wan_ACCEPT
- iptables --table nat --new-chain zone_wan_nat
- iptables --table nat --new-chain zone_wan_prerouting
- iptables --table raw --new-chain zone_wan_notrack
- iptables --table filter --new-chain input_wan
- iptables --table filter --insert zone_wan 1 --jump input_wan
- iptables --table filter --new-chain forwarding_wan
- iptables --table filter --insert zone_wan_forward 1 --jump forwarding_wan
- iptables --table nat --new-chain prerouting_wan
- iptables --table nat --insert zone_wan_prerouting 1 --jump prerouting_wan
- iptables --table nat --append zone_wan_nat --jump MASQUERADE -s 0.0.0.0/0 -d 0.0 .0.0/0
- Loading forwardings
- iptables --table filter --insert zone_lan_forward 1 --jump zone_wan_ACCEPT
- Loading redirects
- iptables --table nat --insert zone_lan_prerouting 1 --jump DNAT -p tcp --dport 2 123 --to-destination 81.103.221.11:25
- iptables --table filter --insert zone_lan_forward 1 --jump ACCEPT -p tcp -d 81.1 03.221.11/32 --dport 25
- iptables --table nat --insert zone_wan_prerouting 1 --jump DNAT -p tcp --dport 2 123 --to-destination 81.103.221.11:25
- iptables --table filter --insert zone_wan_forward 1 --jump ACCEPT -p tcp -d 81.1 03.221.11/32 --dport 25
- Error: redirect CentOSssh: target must be either DNAT or SNAT
- iptables --table filter --policy INPUT ACCEPT
- iptables --table filter --policy OUTPUT ACCEPT
- iptables --table filter --policy FORWARD ACCEPT
- iptables --table filter --flush
- iptables --table filter --delete-chain
- iptables --table nat --flush
- iptables --table nat --delete-chain
- iptables --table raw --flush
- iptables --table raw --delete-chain
- root@OpenWrt:~# iptables -t nat -A POSTROUTING -o $(uci get network.wan.ifname)
- -j MASQUERADE
- root@OpenWrt:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement