API tools faq
paste
Advertisement
bmelika

Perfect Privacy

bmelika
Mar 11th, 2021
26
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.29 KB | None | 0 0
raw download clone embed print report
  1. root@OpenWrt:/etc/config# ubus call system board; uci show network; uci show firewall; uci show dhcp; \
  2. > ip address show; ip route show table all; ip rule show; iptables-save; \
  3. > head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
  4. {
  5. "kernel": "4.14.221",
  6. "hostname": "OpenWrt",
  7. "system": "MediaTek MT7620N ver:2 eco:6",
  8. "model": "D-Link DWR-921 C1",
  9. "board_name": "dlink,dwr-921-c1",
  10. "release": {
  11. "distribution": "OpenWrt",
  12. "version": "19.07.7",
  13. "revision": "r11306-c4a6851c72",
  14. "target": "ramips/mt7620",
  15. "description": "OpenWrt 19.07.7 r11306-c4a6851c72"
  16. }
  17. }
  18. network.loopback=interface
  19. network.loopback.ifname='lo'
  20. network.loopback.proto='static'
  21. network.loopback.ipaddr='127.0.0.1'
  22. network.loopback.netmask='255.0.0.0'
  23. network.globals=globals
  24. network.globals.ula_prefix='fdde:2128:5cc2::/48'
  25. network.lan=interface
  26. network.lan.type='bridge'
  27. network.lan.ifname='eth0.1'
  28. network.lan.proto='static'
  29. network.lan.netmask='255.255.255.0'
  30. network.lan.ip6assign='60'
  31. network.lan.ipaddr='192.168.10.1'
  32. network.lan.dns='8.8.8.8' '8.8.4.4' '1.1.1.1'
  33. network.lan_eth0_1_dev=device
  34. network.lan_eth0_1_dev.name='eth0.1'
  35. network.lan_eth0_1_dev.macaddr='28:3b:82:82:71:2b'
  36. network.wan_eth0_2_dev=device
  37. network.wan_eth0_2_dev.name='eth0.2'
  38. network.wan_eth0_2_dev.macaddr='28:3b:82:82:71:2a'
  39. network.@switch[0]=switch
  40. network.@switch[0].name='switch0'
  41. network.@switch[0].reset='1'
  42. network.@switch[0].enable_vlan='1'
  43. network.@switch_vlan[0]=switch_vlan
  44. network.@switch_vlan[0].device='switch0'
  45. network.@switch_vlan[0].vlan='1'
  46. network.@switch_vlan[0].ports='0 1 2 3 6t'
  47. network.@switch_vlan[1]=switch_vlan
  48. network.@switch_vlan[1].device='switch0'
  49. network.@switch_vlan[1].vlan='2'
  50. network.@switch_vlan[1].ports='4 6t'
  51. network.wwan=interface
  52. network.wwan.proto='qmi'
  53. network.wwan.device='/dev/cdc-wdm0'
  54. network.wwan.apn='orangeweb'
  55. network.wwan.modes='lte'
  56. network.wwan.peerdns='0'
  57. network.tun0VPN=interface
  58. network.tun0VPN.ifname='tun0'
  59. network.tun0VPN.proto='none'
  60. network.tun0VPN.auto='0'
  61. firewall.@defaults[0]=defaults
  62. firewall.@defaults[0].input='ACCEPT'
  63. firewall.@defaults[0].output='ACCEPT'
  64. firewall.@defaults[0].forward='REJECT'
  65. firewall.@zone[0]=zone
  66. firewall.@zone[0].name='lan'
  67. firewall.@zone[0].input='ACCEPT'
  68. firewall.@zone[0].output='ACCEPT'
  69. firewall.@zone[0].forward='ACCEPT'
  70. firewall.@zone[0].network='lan'
  71. firewall.@zone[1]=zone
  72. firewall.@zone[1].name='wan'
  73. firewall.@zone[1].output='ACCEPT'
  74. firewall.@zone[1].forward='REJECT'
  75. firewall.@zone[1].masq='1'
  76. firewall.@zone[1].mtu_fix='1'
  77. firewall.@zone[1].device='tun0' 'tun+'
  78. firewall.@zone[1].network='tun0VPN wwan'
  79. firewall.@zone[1].input='REJECT'
  80. firewall.@zone[1].log='1'
  81. firewall.@forwarding[0]=forwarding
  82. firewall.@forwarding[0].src='lan'
  83. firewall.@forwarding[0].dest='wan'
  84. firewall.@rule[0]=rule
  85. firewall.@rule[0].name='Allow-DHCP-Renew'
  86. firewall.@rule[0].src='wan'
  87. firewall.@rule[0].proto='udp'
  88. firewall.@rule[0].dest_port='68'
  89. firewall.@rule[0].target='ACCEPT'
  90. firewall.@rule[0].family='ipv4'
  91. firewall.@rule[1]=rule
  92. firewall.@rule[1].name='Allow-Ping'
  93. firewall.@rule[1].src='wan'
  94. firewall.@rule[1].proto='icmp'
  95. firewall.@rule[1].icmp_type='echo-request'
  96. firewall.@rule[1].family='ipv4'
  97. firewall.@rule[1].target='ACCEPT'
  98. firewall.@rule[2]=rule
  99. firewall.@rule[2].name='Allow-IGMP'
  100. firewall.@rule[2].src='wan'
  101. firewall.@rule[2].proto='igmp'
  102. firewall.@rule[2].family='ipv4'
  103. firewall.@rule[2].target='ACCEPT'
  104. firewall.@rule[3]=rule
  105. firewall.@rule[3].name='Allow-DHCPv6'
  106. firewall.@rule[3].src='wan'
  107. firewall.@rule[3].proto='udp'
  108. firewall.@rule[3].src_ip='fc00::/6'
  109. firewall.@rule[3].dest_ip='fc00::/6'
  110. firewall.@rule[3].dest_port='546'
  111. firewall.@rule[3].family='ipv6'
  112. firewall.@rule[3].target='ACCEPT'
  113. firewall.@rule[4]=rule
  114. firewall.@rule[4].name='Allow-MLD'
  115. firewall.@rule[4].src='wan'
  116. firewall.@rule[4].proto='icmp'
  117. firewall.@rule[4].src_ip='fe80::/10'
  118. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  119. firewall.@rule[4].family='ipv6'
  120. firewall.@rule[4].target='ACCEPT'
  121. firewall.@rule[5]=rule
  122. firewall.@rule[5].name='Allow-ICMPv6-Input'
  123. firewall.@rule[5].src='wan'
  124. firewall.@rule[5].proto='icmp'
  125. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  126. firewall.@rule[5].limit='1000/sec'
  127. firewall.@rule[5].family='ipv6'
  128. firewall.@rule[5].target='ACCEPT'
  129. firewall.@rule[6]=rule
  130. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  131. firewall.@rule[6].src='wan'
  132. firewall.@rule[6].dest='*'
  133. firewall.@rule[6].proto='icmp'
  134. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  135. firewall.@rule[6].limit='1000/sec'
  136. firewall.@rule[6].family='ipv6'
  137. firewall.@rule[6].target='ACCEPT'
  138. firewall.@rule[7]=rule
  139. firewall.@rule[7].name='Allow-IPSec-ESP'
  140. firewall.@rule[7].src='wan'
  141. firewall.@rule[7].dest='lan'
  142. firewall.@rule[7].proto='esp'
  143. firewall.@rule[7].target='ACCEPT'
  144. firewall.@rule[8]=rule
  145. firewall.@rule[8].name='Allow-ISAKMP'
  146. firewall.@rule[8].src='wan'
  147. firewall.@rule[8].dest='lan'
  148. firewall.@rule[8].dest_port='500'
  149. firewall.@rule[8].proto='udp'
  150. firewall.@rule[8].target='ACCEPT'
  151. firewall.@include[0]=include
  152. firewall.@include[0].path='/etc/firewall.user'
  153. dhcp.@dnsmasq[0]=dnsmasq
  154. dhcp.@dnsmasq[0].domainneeded='1'
  155. dhcp.@dnsmasq[0].boguspriv='1'
  156. dhcp.@dnsmasq[0].filterwin2k='0'
  157. dhcp.@dnsmasq[0].localise_queries='1'
  158. dhcp.@dnsmasq[0].rebind_protection='1'
  159. dhcp.@dnsmasq[0].rebind_localhost='1'
  160. dhcp.@dnsmasq[0].local='/lan/'
  161. dhcp.@dnsmasq[0].domain='lan'
  162. dhcp.@dnsmasq[0].expandhosts='1'
  163. dhcp.@dnsmasq[0].nonegcache='0'
  164. dhcp.@dnsmasq[0].authoritative='1'
  165. dhcp.@dnsmasq[0].readethers='1'
  166. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  167. dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
  168. dhcp.@dnsmasq[0].nonwildcard='1'
  169. dhcp.@dnsmasq[0].localservice='1'
  170. dhcp.lan=dhcp
  171. dhcp.lan.interface='lan'
  172. dhcp.lan.start='100'
  173. dhcp.lan.limit='150'
  174. dhcp.lan.leasetime='12h'
  175. dhcp.lan.dhcpv6='server'
  176. dhcp.lan.ra='server'
  177. dhcp.lan.ra_management='1'
  178. dhcp.wan=dhcp
  179. dhcp.wan.interface='wan'
  180. dhcp.wan.ignore='1'
  181. dhcp.odhcpd=odhcpd
  182. dhcp.odhcpd.maindhcp='0'
  183. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  184. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  185. dhcp.odhcpd.loglevel='4'
  186. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  187. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  188. inet 127.0.0.1/8 scope host lo
  189. valid_lft forever preferred_lft forever
  190. inet6 ::1/128 scope host
  191. valid_lft forever preferred_lft forever
  192. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
  193. link/ether 9a:d3:a5:eb:ac:e4 brd ff:ff:ff:ff:ff:ff
  194. inet6 fe80::98d3:a5ff:feeb:ace4/64 scope link
  195. valid_lft forever preferred_lft forever
  196. 4: wwan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
  197. link/ether 8a:48:55:c7:c5:2e brd ff:ff:ff:ff:ff:ff
  198. inet 10.9.166.107/29 brd 10.9.166.111 scope global wwan0
  199. valid_lft forever preferred_lft forever
  200. inet6 fe80::8848:55ff:fec7:c52e/64 scope link
  201. valid_lft forever preferred_lft forever
  202. 5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  203. link/ether 28:3b:82:82:71:2b brd ff:ff:ff:ff:ff:ff
  204. inet 192.168.10.1/24 brd 192.168.10.255 scope global br-lan
  205. valid_lft forever preferred_lft forever
  206. inet6 fdde:2128:5cc2::1/60 scope global noprefixroute
  207. valid_lft forever preferred_lft forever
  208. inet6 fe80::2a3b:82ff:fe82:712b/64 scope link
  209. valid_lft forever preferred_lft forever
  210. 6: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  211. link/ether 28:3b:82:82:71:2b brd ff:ff:ff:ff:ff:ff
  212. 7: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
  213. link/ether 28:3b:82:82:71:2b brd ff:ff:ff:ff:ff:ff
  214. inet6 fe80::2a3b:82ff:fe82:712b/64 scope link
  215. valid_lft forever preferred_lft forever
  216. default via 10.9.166.108 dev wwan0 proto static src 10.9.166.107
  217. 10.9.166.104/29 dev wwan0 proto kernel scope link src 10.9.166.107
  218. 192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
  219. broadcast 10.9.166.104 dev wwan0 table local proto kernel scope link src 10.9.166.107
  220. local 10.9.166.107 dev wwan0 table local proto kernel scope host src 10.9.166.107
  221. broadcast 10.9.166.111 dev wwan0 table local proto kernel scope link src 10.9.166.107
  222. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  223. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  224. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  225. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  226. broadcast 192.168.10.0 dev br-lan table local proto kernel scope link src 192.168.10.1
  227. local 192.168.10.1 dev br-lan table local proto kernel scope host src 192.168.10.1
  228. broadcast 192.168.10.255 dev br-lan table local proto kernel scope link src 192.168.10.1
  229. fdde:2128:5cc2::/64 dev br-lan proto static metric 1024 pref medium
  230. unreachable fdde:2128:5cc2::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
  231. fe80::/64 dev eth0 proto kernel metric 256 pref medium
  232. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  233. fe80::/64 dev wwan0 proto kernel metric 256 pref medium
  234. fe80::/64 dev wlan0 proto kernel metric 256 pref medium
  235. local ::1 dev lo table local proto kernel metric 0 pref medium
  236. anycast fdde:2128:5cc2:: dev br-lan table local proto kernel metric 0 pref medium
  237. local fdde:2128:5cc2::1 dev br-lan table local proto kernel metric 0 pref medium
  238. anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
  239. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  240. anycast fe80:: dev wwan0 table local proto kernel metric 0 pref medium
  241. anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
  242. local fe80::2a3b:82ff:fe82:712b dev br-lan table local proto kernel metric 0 pref medium
  243. local fe80::2a3b:82ff:fe82:712b dev wlan0 table local proto kernel metric 0 pref medium
  244. local fe80::8848:55ff:fec7:c52e dev wwan0 table local proto kernel metric 0 pref medium
  245. local fe80::98d3:a5ff:feeb:ace4 dev eth0 table local proto kernel metric 0 pref medium
  246. ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
  247. ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
  248. ff00::/8 dev wwan0 table local proto kernel metric 256 pref medium
  249. ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
  250. 0: from all lookup local
  251. 32766: from all lookup main
  252. 32767: from all lookup default
  253. # Generated by iptables-save v1.8.3 on Thu Mar 11 12:09:16 2021
  254. *nat
  255. :PREROUTING ACCEPT [1820:357575]
  256. :INPUT ACCEPT [572:48850]
  257. :OUTPUT ACCEPT [493:34940]
  258. :POSTROUTING ACCEPT [47:4596]
  259. :postrouting_lan_rule - [0:0]
  260. :postrouting_rule - [0:0]
  261. :postrouting_wan_rule - [0:0]
  262. :prerouting_lan_rule - [0:0]
  263. :prerouting_rule - [0:0]
  264. :prerouting_wan_rule - [0:0]
  265. :zone_lan_postrouting - [0:0]
  266. :zone_lan_prerouting - [0:0]
  267. :zone_wan_postrouting - [0:0]
  268. :zone_wan_prerouting - [0:0]
  269. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  270. -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  271. -A PREROUTING -i tun+ -m comment --comment "!fw3" -j zone_wan_prerouting
  272. -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_wan_prerouting
  273. -A PREROUTING -i wwan0 -m comment --comment "!fw3" -j zone_wan_prerouting
  274. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  275. -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  276. -A POSTROUTING -o tun+ -m comment --comment "!fw3" -j zone_wan_postrouting
  277. -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_wan_postrouting
  278. -A POSTROUTING -o wwan0 -m comment --comment "!fw3" -j zone_wan_postrouting
  279. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  280. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  281. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  282. -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  283. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  284. COMMIT
  285. # Completed on Thu Mar 11 12:09:16 2021
  286. # Generated by iptables-save v1.8.3 on Thu Mar 11 12:09:16 2021
  287. *mangle
  288. :PREROUTING ACCEPT [43983:23252624]
  289. :INPUT ACCEPT [4035:487394]
  290. :FORWARD ACCEPT [39445:22652307]
  291. :OUTPUT ACCEPT [4220:907535]
  292. :POSTROUTING ACCEPT [43665:23572863]
  293. -A FORWARD -o tun+ -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  294. -A FORWARD -i tun+ -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  295. -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  296. -A FORWARD -i tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  297. -A FORWARD -o wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  298. -A FORWARD -i wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  299. COMMIT
  300. # Completed on Thu Mar 11 12:09:16 2021
  301. # Generated by iptables-save v1.8.3 on Thu Mar 11 12:09:16 2021
  302. *filter
  303. :INPUT ACCEPT [0:0]
  304. :FORWARD DROP [0:0]
  305. :OUTPUT ACCEPT [0:0]
  306. :forwarding_lan_rule - [0:0]
  307. :forwarding_rule - [0:0]
  308. :forwarding_wan_rule - [0:0]
  309. :input_lan_rule - [0:0]
  310. :input_rule - [0:0]
  311. :input_wan_rule - [0:0]
  312. :output_lan_rule - [0:0]
  313. :output_rule - [0:0]
  314. :output_wan_rule - [0:0]
  315. :reject - [0:0]
  316. :zone_lan_dest_ACCEPT - [0:0]
  317. :zone_lan_forward - [0:0]
  318. :zone_lan_input - [0:0]
  319. :zone_lan_output - [0:0]
  320. :zone_lan_src_ACCEPT - [0:0]
  321. :zone_wan_dest_ACCEPT - [0:0]
  322. :zone_wan_dest_REJECT - [0:0]
  323. :zone_wan_forward - [0:0]
  324. :zone_wan_input - [0:0]
  325. :zone_wan_output - [0:0]
  326. :zone_wan_src_REJECT - [0:0]
  327. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  328. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  329. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  330. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  331. -A INPUT -i tun+ -m comment --comment "!fw3" -j zone_wan_input
  332. -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_wan_input
  333. -A INPUT -i wwan0 -m comment --comment "!fw3" -j zone_wan_input
  334. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  335. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  336. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  337. -A FORWARD -i tun+ -m comment --comment "!fw3" -j zone_wan_forward
  338. -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_wan_forward
  339. -A FORWARD -i wwan0 -m comment --comment "!fw3" -j zone_wan_forward
  340. -A FORWARD -m comment --comment "!fw3" -j reject
  341. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  342. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  343. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  344. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  345. -A OUTPUT -o tun+ -m comment --comment "!fw3" -j zone_wan_output
  346. -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_wan_output
  347. -A OUTPUT -o wwan0 -m comment --comment "!fw3" -j zone_wan_output
  348. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  349. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  350. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  351. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  352. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  353. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  354. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  355. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  356. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  357. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  358. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  359. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  360. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  361. -A zone_wan_dest_ACCEPT -o tun+ -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  362. -A zone_wan_dest_ACCEPT -o tun+ -m comment --comment "!fw3" -j ACCEPT
  363. -A zone_wan_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  364. -A zone_wan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
  365. -A zone_wan_dest_ACCEPT -o wwan0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  366. -A zone_wan_dest_ACCEPT -o wwan0 -m comment --comment "!fw3" -j ACCEPT
  367. -A zone_wan_dest_REJECT -o tun+ -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "REJECT wan out: "
  368. -A zone_wan_dest_REJECT -o tun+ -m comment --comment "!fw3" -j reject
  369. -A zone_wan_dest_REJECT -o tun0 -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "REJECT wan out: "
  370. -A zone_wan_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
  371. -A zone_wan_dest_REJECT -o wwan0 -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "REJECT wan out: "
  372. -A zone_wan_dest_REJECT -o wwan0 -m comment --comment "!fw3" -j reject
  373. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  374. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  375. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  376. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  377. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  378. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  379. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  380. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  381. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  382. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  383. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  384. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  385. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  386. -A zone_wan_src_REJECT -i tun+ -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "REJECT wan in: "
  387. -A zone_wan_src_REJECT -i tun+ -m comment --comment "!fw3" -j reject
  388. -A zone_wan_src_REJECT -i tun0 -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "REJECT wan in: "
  389. -A zone_wan_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
  390. -A zone_wan_src_REJECT -i wwan0 -m limit --limit 10/sec -m comment --comment "!fw3" -j LOG --log-prefix "REJECT wan in: "
  391. -A zone_wan_src_REJECT -i wwan0 -m comment --comment "!fw3" -j reject
  392. COMMIT
  393. # Completed on Thu Mar 11 12:09:16 2021
  394. ==> /etc/resolv.conf <==
  395. search lan
  396. nameserver 127.0.0.1
  397.  
  398. ==> /tmp/resolv.conf <==
  399. search lan
  400. nameserver 127.0.0.1
  401.  
  402. ==> /tmp/resolv.conf.auto <==
  403. # Interface lan
  404. nameserver 8.8.8.8
  405. nameserver 8.8.4.4
  406. nameserver 1.1.1.1
  407. # Interface wwan_4
  408. head: /tmp/resolv.*/*: No such file or directory
  409.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!