API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 30th, 2021
45
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.63 KB | None | 0 0
raw download clone embed print report
  1. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  2. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  3. inet 127.0.0.1/8 scope host lo
  4. valid_lft forever preferred_lft forever
  5. inet6 ::1/128 scope host
  6. valid_lft forever preferred_lft forever
  7. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
  8. link/ether b0:7f:b9:12:63:30 brd ff:ff:ff:ff:ff:ff
  9. inet6 fe80::b27f:b9ff:fe12:6330/64 scope link
  10. valid_lft forever preferred_lft forever
  11. 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
  12. link/ether b0:7f:b9:12:63:30 brd ff:ff:ff:ff:ff:ff
  13. 5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  14. link/ether b0:7f:b9:12:63:30 brd ff:ff:ff:ff:ff:ff
  15. inet 192.168.10.1/24 brd 192.168.10.255 scope global br-lan
  16. valid_lft forever preferred_lft forever
  17. inet6 fd9d:6bfa:4278::1/60 scope global noprefixroute
  18. valid_lft forever preferred_lft forever
  19. inet6 fe80::b27f:b9ff:fe12:6330/64 scope link
  20. valid_lft forever preferred_lft forever
  21. 6: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  22. link/ether b0:7f:b9:12:63:30 brd ff:ff:ff:ff:ff:ff
  23. 7: br-wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  24. link/ether b0:7f:b9:12:63:31 brd ff:ff:ff:ff:ff:ff
  25. inet 192.168.1.172/24 brd 192.168.1.255 scope global br-wan
  26. valid_lft forever preferred_lft forever
  27. inet6 fe80::b27f:b9ff:fe12:6331/64 scope link
  28. valid_lft forever preferred_lft forever
  29. 8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-wan state UP group default qlen 1000
  30. link/ether b0:7f:b9:12:63:31 brd ff:ff:ff:ff:ff:ff
  31. 9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
  32. link/none
  33. inet 10.8.0.5/24 brd 10.8.0.255 scope global wg0
  34. valid_lft forever preferred_lft forever
  35. 10: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  36. link/ether b0:7f:b9:12:63:34 brd ff:ff:ff:ff:ff:ff
  37. inet6 fe80::b27f:b9ff:fe12:6334/64 scope link
  38. valid_lft forever preferred_lft forever
  39. default dev wg0 proto static scope link
  40. 10.8.0.0/24 dev wg0 proto kernel scope link src 10.8.0.5
  41. xxxxxxxxxxx via 192.168.1.254 dev br-wan proto static
  42. 192.168.1.0/24 dev br-wan proto kernel scope link src 192.168.1.172
  43. 192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
  44. broadcast 10.8.0.0 dev wg0 table local proto kernel scope link src 10.8.0.5
  45. local 10.8.0.5 dev wg0 table local proto kernel scope host src 10.8.0.5
  46. broadcast 10.8.0.255 dev wg0 table local proto kernel scope link src 10.8.0.5
  47. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  48. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  49. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  50. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  51. broadcast 192.168.1.0 dev br-wan table local proto kernel scope link src 192.168.1.172
  52. local 192.168.1.172 dev br-wan table local proto kernel scope host src 192.168.1.172
  53. broadcast 192.168.1.255 dev br-wan table local proto kernel scope link src 192.168.1.172
  54. broadcast 192.168.10.0 dev br-lan table local proto kernel scope link src 192.168.10.1
  55. local 192.168.10.1 dev br-lan table local proto kernel scope host src 192.168.10.1
  56. broadcast 192.168.10.255 dev br-lan table local proto kernel scope link src 192.168.10.1
  57. fd9d:6bfa:4278::/64 dev br-lan proto static metric 1024 pref medium
  58. unreachable fd9d:6bfa:4278::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
  59. fe80::/64 dev eth0 proto kernel metric 256 pref medium
  60. fe80::/64 dev br-wan proto kernel metric 256 pref medium
  61. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  62. fe80::/64 dev wlan1 proto kernel metric 256 pref medium
  63. local ::1 dev lo table local proto kernel metric 0 pref medium
  64. anycast fd9d:6bfa:4278:: dev br-lan table local proto kernel metric 0 pref medium
  65. local fd9d:6bfa:4278::1 dev br-lan table local proto kernel metric 0 pref medium
  66. anycast fe80:: dev br-wan table local proto kernel metric 0 pref medium
  67. anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
  68. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  69. anycast fe80:: dev wlan1 table local proto kernel metric 0 pref medium
  70. local fe80::b27f:b9ff:fe12:6330 dev eth0 table local proto kernel metric 0 pref medium
  71. local fe80::b27f:b9ff:fe12:6330 dev br-lan table local proto kernel metric 0 pref medium
  72. local fe80::b27f:b9ff:fe12:6331 dev br-wan table local proto kernel metric 0 pref medium
  73. local fe80::b27f:b9ff:fe12:6334 dev wlan1 table local proto kernel metric 0 pref medium
  74. ff00::/8 dev eth0 table local metric 256 pref medium
  75. ff00::/8 dev br-wan table local metric 256 pref medium
  76. ff00::/8 dev br-lan table local metric 256 pref medium
  77. ff00::/8 dev wg0 table local metric 256 pref medium
  78. ff00::/8 dev wlan1 table local metric 256 pref medium
  79. 0: from all lookup local
  80. 32766: from all lookup main
  81. 32767: from all lookup default
  82. # Generated by iptables-save v1.8.3 on Sat Jan 30 12:31:42 2021
  83. *nat
  84. :PREROUTING ACCEPT [17122:1814476]
  85. :INPUT ACCEPT [3884:264570]
  86. :OUTPUT ACCEPT [2808:192859]
  87. :POSTROUTING ACCEPT [102:8497]
  88. :postrouting_lan_rule - [0:0]
  89. :postrouting_rule - [0:0]
  90. :postrouting_wan_rule - [0:0]
  91. :postrouting_wired_rule - [0:0]
  92. :prerouting_lan_rule - [0:0]
  93. :prerouting_rule - [0:0]
  94. :prerouting_wan_rule - [0:0]
  95. :prerouting_wired_rule - [0:0]
  96. :zone_lan_postrouting - [0:0]
  97. :zone_lan_prerouting - [0:0]
  98. :zone_wan_postrouting - [0:0]
  99. :zone_wan_prerouting - [0:0]
  100. :zone_wired_postrouting - [0:0]
  101. :zone_wired_prerouting - [0:0]
  102. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  103. -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  104. -A PREROUTING -i br-wan -m comment --comment "!fw3" -j zone_wan_prerouting
  105. -A PREROUTING -i wg0 -m comment --comment "!fw3" -j zone_wan_prerouting
  106. -A PREROUTING -i wg0 -m comment --comment "!fw3" -j zone_wired_prerouting
  107. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  108. -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  109. -A POSTROUTING -o br-wan -m comment --comment "!fw3" -j zone_wan_postrouting
  110. -A POSTROUTING -o wg0 -m comment --comment "!fw3" -j zone_wan_postrouting
  111. -A POSTROUTING -o wg0 -m comment --comment "!fw3" -j zone_wired_postrouting
  112. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  113. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  114. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  115. -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  116. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  117. -A zone_wired_postrouting -m comment --comment "!fw3: Custom wired postrouting rule chain" -j postrouting_wired_rule
  118. -A zone_wired_postrouting -m comment --comment "!fw3" -j MASQUERADE
  119. -A zone_wired_prerouting -m comment --comment "!fw3: Custom wired prerouting rule chain" -j prerouting_wired_rule
  120. COMMIT
  121. # Completed on Sat Jan 30 12:31:42 2021
  122. # Generated by iptables-save v1.8.3 on Sat Jan 30 12:31:42 2021
  123. *mangle
  124. :PREROUTING ACCEPT [4236164:7663680835]
  125. :INPUT ACCEPT [2827751:3967875148]
  126. :FORWARD ACCEPT [1405265:3695248541]
  127. :OUTPUT ACCEPT [716657:157985443]
  128. :POSTROUTING ACCEPT [2121765:3853223807]
  129. -A FORWARD -o br-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  130. -A FORWARD -i br-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  131. -A FORWARD -o wg0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  132. -A FORWARD -i wg0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  133. -A FORWARD -o wg0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wired MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  134. -A FORWARD -i wg0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wired MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  135. COMMIT
  136. # Completed on Sat Jan 30 12:31:42 2021
  137. # Generated by iptables-save v1.8.3 on Sat Jan 30 12:31:42 2021
  138. *filter
  139. :INPUT ACCEPT [36:1872]
  140. :FORWARD DROP [0:0]
  141. :OUTPUT ACCEPT [0:0]
  142. :banIP - [0:0]
  143. :forwarding_lan_rule - [0:0]
  144. :forwarding_rule - [0:0]
  145. :forwarding_wan_rule - [0:0]
  146. :forwarding_wired_rule - [0:0]
  147. :input_lan_rule - [0:0]
  148. :input_rule - [0:0]
  149. :input_wan_rule - [0:0]
  150. :input_wired_rule - [0:0]
  151. :output_lan_rule - [0:0]
  152. :output_rule - [0:0]
  153. :output_wan_rule - [0:0]
  154. :output_wired_rule - [0:0]
  155. :reject - [0:0]
  156. :syn_flood - [0:0]
  157. :zone_lan_dest_ACCEPT - [0:0]
  158. :zone_lan_forward - [0:0]
  159. :zone_lan_input - [0:0]
  160. :zone_lan_output - [0:0]
  161. :zone_lan_src_ACCEPT - [0:0]
  162. :zone_wan_dest_ACCEPT - [0:0]
  163. :zone_wan_forward - [0:0]
  164. :zone_wan_input - [0:0]
  165. :zone_wan_output - [0:0]
  166. :zone_wan_src_ACCEPT - [0:0]
  167. :zone_wired_dest_ACCEPT - [0:0]
  168. :zone_wired_forward - [0:0]
  169. :zone_wired_input - [0:0]
  170. :zone_wired_output - [0:0]
  171. :zone_wired_src_ACCEPT - [0:0]
  172. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  173. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  174. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  175. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  176. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  177. -A INPUT -i br-wan -m comment --comment "!fw3" -j zone_wan_input
  178. -A INPUT -i wg0 -m comment --comment "!fw3" -j zone_wan_input
  179. -A INPUT -i wg0 -m comment --comment "!fw3" -j zone_wired_input
  180. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  181. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  182. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  183. -A FORWARD -i br-wan -m comment --comment "!fw3" -j zone_wan_forward
  184. -A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_wan_forward
  185. -A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_wired_forward
  186. -A FORWARD -m comment --comment "!fw3" -j reject
  187. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  188. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  189. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  190. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  191. -A OUTPUT -o br-wan -m comment --comment "!fw3" -j zone_wan_output
  192. -A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_wan_output
  193. -A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_wired_output
  194. -A banIP -i br-wan6 -m conntrack --ctstate NEW -m set --match-set blacklist src -j DROP
  195. -A banIP -o br-wan6 -m conntrack --ctstate NEW -m set --match-set blacklist dst -j REJECT --reject-with icmp-port-unreachable
  196. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set blacklist src -j DROP
  197. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set blacklist src -j DROP
  198. -A banIP -o br-wan -m conntrack --ctstate NEW -m set --match-set blacklist dst -j REJECT --reject-with icmp-port-unreachable
  199. -A banIP -o wg0 -m conntrack --ctstate NEW -m set --match-set blacklist dst -j REJECT --reject-with icmp-port-unreachable
  200. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set DoH src -j DROP
  201. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set DoH src -j DROP
  202. -A banIP -o br-wan -m conntrack --ctstate NEW -m set --match-set DoH dst -j REJECT --reject-with icmp-port-unreachable
  203. -A banIP -o wg0 -m conntrack --ctstate NEW -m set --match-set DoH dst -j REJECT --reject-with icmp-port-unreachable
  204. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set tor src -j DROP
  205. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set threat src -j DROP
  206. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set threat src -j DROP
  207. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set tor src -j DROP
  208. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set proxy src -j DROP
  209. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set proxy src -j DROP
  210. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set yoyo src -j DROP
  211. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set yoyo src -j DROP
  212. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set debl src -j DROP
  213. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set debl src -j DROP
  214. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set edrop src -j DROP
  215. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set edrop src -j DROP
  216. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set drop src -j DROP
  217. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set drop src -j DROP
  218. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set firehol1 src -j DROP
  219. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set firehol1 src -j DROP
  220. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set iblocklist src -j DROP
  221. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set iblocklist src -j DROP
  222. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set firehol2 src -j DROP
  223. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set firehol2 src -j DROP
  224. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set firehol3 src -j DROP
  225. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set firehol3 src -j DROP
  226. -A banIP -i br-wan -m conntrack --ctstate NEW -m set --match-set firehol4 src -j DROP
  227. -A banIP -i wg0 -m conntrack --ctstate NEW -m set --match-set firehol4 src -j DROP
  228. -A forwarding_lan_rule -j banIP
  229. -A forwarding_wan_rule -j banIP
  230. -A input_lan_rule -p udp -m udp --sport 67:68 --dport 67:68 -j RETURN
  231. -A input_lan_rule -j banIP
  232. -A input_wan_rule -p udp -m udp --sport 67:68 --dport 67:68 -j RETURN
  233. -A input_wan_rule -j banIP
  234. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  235. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  236. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  237. -A syn_flood -m comment --comment "!fw3" -j DROP
  238. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  239. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  240. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  241. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  242. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  243. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  244. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  245. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  246. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  247. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  248. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  249. -A zone_wan_dest_ACCEPT -o br-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  250. -A zone_wan_dest_ACCEPT -o br-wan -m comment --comment "!fw3" -j ACCEPT
  251. -A zone_wan_dest_ACCEPT -o wg0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  252. -A zone_wan_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
  253. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  254. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  255. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  256. -A zone_wan_forward -m comment --comment "!fw3: Zone wan to wired forwarding policy" -j zone_wired_dest_ACCEPT
  257. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  258. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  259. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  260. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  261. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  262. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  263. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  264. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
  265. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  266. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  267. -A zone_wan_src_ACCEPT -i br-wan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  268. -A zone_wan_src_ACCEPT -i wg0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  269. -A zone_wired_dest_ACCEPT -o wg0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  270. -A zone_wired_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
  271. -A zone_wired_forward -m comment --comment "!fw3: Custom wired forwarding rule chain" -j forwarding_wired_rule
  272. -A zone_wired_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  273. -A zone_wired_forward -m comment --comment "!fw3" -j zone_wired_dest_ACCEPT
  274. -A zone_wired_input -m comment --comment "!fw3: Custom wired input rule chain" -j input_wired_rule
  275. -A zone_wired_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  276. -A zone_wired_input -m comment --comment "!fw3" -j zone_wired_src_ACCEPT
  277. -A zone_wired_output -m comment --comment "!fw3: Custom wired output rule chain" -j output_wired_rule
  278. -A zone_wired_output -m comment --comment "!fw3" -j zone_wired_dest_ACCEPT
  279. -A zone_wired_src_ACCEPT -i wg0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  280. COMMIT
  281. # Completed on Sat Jan 30 12:31:42 2021
  282. net.ipv4.conf.all.forwarding = 1
  283. net.ipv4.conf.all.mc_forwarding = 0
  284. net.ipv4.conf.br-lan.forwarding = 1
  285. net.ipv4.conf.br-lan.mc_forwarding = 0
  286. net.ipv4.conf.br-wan.forwarding = 1
  287. net.ipv4.conf.br-wan.mc_forwarding = 0
  288. net.ipv4.conf.default.forwarding = 1
  289. net.ipv4.conf.default.mc_forwarding = 0
  290. net.ipv4.conf.eth0.forwarding = 1
  291. net.ipv4.conf.eth0.mc_forwarding = 0
  292. net.ipv4.conf.eth0.1.forwarding = 1
  293. net.ipv4.conf.eth0.1.mc_forwarding = 0
  294. net.ipv4.conf.eth0.2.forwarding = 1
  295. net.ipv4.conf.eth0.2.mc_forwarding = 0
  296. net.ipv4.conf.lo.forwarding = 1
  297. net.ipv4.conf.lo.mc_forwarding = 0
  298. net.ipv4.conf.wg0.forwarding = 1
  299. net.ipv4.conf.wg0.mc_forwarding = 0
  300. net.ipv4.conf.wlan0.forwarding = 1
  301. net.ipv4.conf.wlan0.mc_forwarding = 0
  302. net.ipv4.conf.wlan1.forwarding = 1
  303. net.ipv4.conf.wlan1.mc_forwarding = 0
  304. net.ipv4.ip_forward = 1
  305. net.ipv4.ip_forward_use_pmtu = 0
  306. net.ipv6.conf.all.forwarding = 1
  307. net.ipv6.conf.all.mc_forwarding = 0
  308. net.ipv6.conf.br-lan.forwarding = 1
  309. net.ipv6.conf.br-lan.mc_forwarding = 0
  310. net.ipv6.conf.br-wan.forwarding = 1
  311. net.ipv6.conf.br-wan.mc_forwarding = 0
  312. net.ipv6.conf.default.forwarding = 1
  313. net.ipv6.conf.default.mc_forwarding = 0
  314. net.ipv6.conf.eth0.forwarding = 1
  315. net.ipv6.conf.eth0.mc_forwarding = 0
  316. net.ipv6.conf.eth0.1.forwarding = 1
  317. net.ipv6.conf.eth0.1.mc_forwarding = 0
  318. net.ipv6.conf.eth0.2.forwarding = 1
  319. net.ipv6.conf.eth0.2.mc_forwarding = 0
  320. net.ipv6.conf.lo.forwarding = 1
  321. net.ipv6.conf.lo.mc_forwarding = 0
  322. net.ipv6.conf.wg0.forwarding = 1
  323. net.ipv6.conf.wg0.mc_forwarding = 0
  324. net.ipv6.conf.wlan0.forwarding = 1
  325. net.ipv6.conf.wlan0.mc_forwarding = 0
  326. net.ipv6.conf.wlan1.forwarding = 1
  327. net.ipv6.conf.wlan1.mc_forwarding = 0
  328. interface: wg0
  329. public key: xxxxxxxxxxxxxx
  330. private key: (hidden)
  331. listening port: 52360
  332.  
  333. peer: xxxxxxxxxx
  334. preshared key: (hidden)
  335. endpoint: xxxxxxxxx:51820
  336. allowed ips: 0.0.0.0/0
  337. latest handshake: 58 seconds ago
  338. transfer: 3.59 GiB received, 84.48 MiB sent
  339. persistent keepalive: every 25 seconds
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!