API tools faq
paste
Advertisement
Guest User

Client A

a guest
Oct 28th, 2017
260
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.95 KB | None | 0 0
raw download clone embed print report
  1. Chain INPUT (policy ACCEPT)
  2. target prot opt source destination
  3. ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp
  4. ACCEPT all -- anywhere anywhere /* !fw3 */
  5. input_rule all -- anywhere anywhere /* !fw3: user chain for input */
  6. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  7. syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
  8. zone_lan_input all -- anywhere anywhere /* !fw3 */
  9. zone_wan_input all -- anywhere anywhere /* !fw3 */
  10. zone_vpn_input all -- anywhere anywhere /* !fw3 */
  11.  
  12. Chain FORWARD (policy DROP)
  13. target prot opt source destination
  14. ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp
  15. ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp
  16. forwarding_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
  17. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  18. zone_lan_forward all -- anywhere anywhere /* !fw3 */
  19. zone_wan_forward all -- anywhere anywhere /* !fw3 */
  20. zone_vpn_forward all -- anywhere anywhere /* !fw3 */
  21. reject all -- anywhere anywhere /* !fw3 */
  22.  
  23. Chain OUTPUT (policy ACCEPT)
  24. target prot opt source destination
  25. ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp
  26. ACCEPT all -- anywhere anywhere /* !fw3 */
  27. output_rule all -- anywhere anywhere /* !fw3: user chain for output */
  28. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  29. zone_lan_output all -- anywhere anywhere /* !fw3 */
  30. zone_wan_output all -- anywhere anywhere /* !fw3 */
  31. zone_vpn_output all -- anywhere anywhere /* !fw3 */
  32.  
  33. Chain forwarding_lan_rule (1 references)
  34. target prot opt source destination
  35.  
  36. Chain forwarding_rule (1 references)
  37. target prot opt source destination
  38.  
  39. Chain forwarding_vpn_rule (2 references)
  40. target prot opt source destination
  41.  
  42. Chain forwarding_wan_rule (1 references)
  43. target prot opt source destination
  44.  
  45. Chain input_lan_rule (1 references)
  46. target prot opt source destination
  47.  
  48. Chain input_rule (1 references)
  49. target prot opt source destination
  50.  
  51. Chain input_vpn_rule (2 references)
  52. target prot opt source destination
  53.  
  54. Chain input_wan_rule (1 references)
  55. target prot opt source destination
  56.  
  57. Chain output_lan_rule (1 references)
  58. target prot opt source destination
  59.  
  60. Chain output_rule (1 references)
  61. target prot opt source destination
  62.  
  63. Chain output_vpn_rule (2 references)
  64. target prot opt source destination
  65.  
  66. Chain output_wan_rule (1 references)
  67. target prot opt source destination
  68.  
  69. Chain reject (3 references)
  70. target prot opt source destination
  71. REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
  72. REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
  73.  
  74. Chain syn_flood (1 references)
  75. target prot opt source destination
  76. RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
  77. DROP all -- anywhere anywhere /* !fw3 */
  78.  
  79. Chain zone_lan_dest_ACCEPT (4 references)
  80. target prot opt source destination
  81. ACCEPT all -- anywhere anywhere /* !fw3 */
  82.  
  83. Chain zone_lan_forward (1 references)
  84. target prot opt source destination
  85. forwarding_lan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
  86. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding lan -> wan */
  87. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  88. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  89.  
  90. Chain zone_lan_input (1 references)
  91. target prot opt source destination
  92. input_lan_rule all -- anywhere anywhere /* !fw3: user chain for input */
  93. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  94. zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
  95.  
  96. Chain zone_lan_output (1 references)
  97. target prot opt source destination
  98. output_lan_rule all -- anywhere anywhere /* !fw3: user chain for output */
  99. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  100.  
  101. Chain zone_lan_src_ACCEPT (1 references)
  102. target prot opt source destination
  103. ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
  104.  
  105. Chain zone_vpn_dest_ACCEPT (4 references)
  106. target prot opt source destination
  107. ACCEPT all -- anywhere anywhere /* !fw3 */
  108.  
  109. Chain zone_vpn_forward (1 references)
  110. target prot opt source destination
  111. forwarding_vpn_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
  112. forwarding_vpn_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
  113. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding vpn -> wan */
  114. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding vpn -> lan */
  115. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding vpn -> wan */
  116. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding vpn -> lan */
  117. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  118. zone_vpn_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  119. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  120. zone_vpn_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  121.  
  122. Chain zone_vpn_input (1 references)
  123. target prot opt source destination
  124. input_vpn_rule all -- anywhere anywhere /* !fw3: user chain for input */
  125. input_vpn_rule all -- anywhere anywhere /* !fw3: user chain for input */
  126. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  127. zone_vpn_src_ACCEPT all -- anywhere anywhere /* !fw3 */
  128. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  129. zone_vpn_src_ACCEPT all -- anywhere anywhere /* !fw3 */
  130.  
  131. Chain zone_vpn_output (1 references)
  132. target prot opt source destination
  133. output_vpn_rule all -- anywhere anywhere /* !fw3: user chain for output */
  134. output_vpn_rule all -- anywhere anywhere /* !fw3: user chain for output */
  135. zone_vpn_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  136. zone_vpn_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  137.  
  138. Chain zone_vpn_src_ACCEPT (2 references)
  139. target prot opt source destination
  140. ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
  141.  
  142. Chain zone_wan_dest_ACCEPT (4 references)
  143. target prot opt source destination
  144. ACCEPT all -- anywhere anywhere /* !fw3 */
  145.  
  146. Chain zone_wan_dest_REJECT (1 references)
  147. target prot opt source destination
  148. reject all -- anywhere anywhere /* !fw3 */
  149.  
  150. Chain zone_wan_forward (1 references)
  151. target prot opt source destination
  152. forwarding_wan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
  153. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  154. zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
  155.  
  156. Chain zone_wan_input (1 references)
  157. target prot opt source destination
  158. input_wan_rule all -- anywhere anywhere /* !fw3: user chain for input */
  159. ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
  160. ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
  161. ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
  162. ACCEPT esp -- anywhere anywhere /* !fw3: IPSec ESP */
  163. ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: IPSec IKE */
  164. ACCEPT udp -- anywhere anywhere udp dpt:4500 /* !fw3: IPSec NAT-T */
  165. ACCEPT ah -- anywhere anywhere /* !fw3: IPSec Auth Header */
  166. ACCEPT tcp -- anywhere anywhere tcp dpt:2200 /* !fw3: SSH */
  167. ACCEPT udp -- anywhere anywhere udp dpt:openvpn /* !fw3: Allow-OpenVPN-Inbound */
  168. ACCEPT udp -- anywhere anywhere udp dpt:openvpn /* !fw3: Allow-OpenVPN-Inbound */
  169. ACCEPT tcp -- anywhere anywhere tcp dpt:8000 /* !fw3: Misc */
  170. ACCEPT udp -- anywhere anywhere udp dpt:8000 /* !fw3: Misc */
  171. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  172. zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
  173.  
  174. Chain zone_wan_output (1 references)
  175. target prot opt source destination
  176. output_wan_rule all -- anywhere anywhere /* !fw3: user chain for output */
  177. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  178.  
  179. Chain zone_wan_src_REJECT (1 references)
  180. target prot opt source destination
  181. reject all -- anywhere anywhere /* !fw3 */
  182.  
  183. Chain PREROUTING (policy ACCEPT)
  184. target prot opt source destination
  185. prerouting_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
  186. zone_lan_prerouting all -- anywhere anywhere /* !fw3 */
  187. zone_wan_prerouting all -- anywhere anywhere /* !fw3 */
  188. zone_vpn_prerouting all -- anywhere anywhere /* !fw3 */
  189.  
  190. Chain INPUT (policy ACCEPT)
  191. target prot opt source destination
  192.  
  193. Chain OUTPUT (policy ACCEPT)
  194. target prot opt source destination
  195.  
  196. Chain POSTROUTING (policy ACCEPT)
  197. target prot opt source destination
  198. ACCEPT all -- anywhere anywhere policy match dir out pol ipsec
  199. postrouting_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
  200. zone_lan_postrouting all -- anywhere anywhere /* !fw3 */
  201. zone_wan_postrouting all -- anywhere anywhere /* !fw3 */
  202. zone_vpn_postrouting all -- anywhere anywhere /* !fw3 */
  203.  
  204. Chain postrouting_lan_rule (1 references)
  205. target prot opt source destination
  206.  
  207. Chain postrouting_rule (1 references)
  208. target prot opt source destination
  209.  
  210. Chain postrouting_vpn_rule (2 references)
  211. target prot opt source destination
  212.  
  213. Chain postrouting_wan_rule (1 references)
  214. target prot opt source destination
  215.  
  216. Chain prerouting_lan_rule (1 references)
  217. target prot opt source destination
  218.  
  219. Chain prerouting_rule (1 references)
  220. target prot opt source destination
  221.  
  222. Chain prerouting_vpn_rule (2 references)
  223. target prot opt source destination
  224.  
  225. Chain prerouting_wan_rule (1 references)
  226. target prot opt source destination
  227.  
  228. Chain zone_lan_postrouting (1 references)
  229. target prot opt source destination
  230. postrouting_lan_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
  231. SNAT tcp -- 192.168.100.0/24 LEDE.lan tcp dpt:ssh /* !fw3: SSH (reflection) */ to:192.168.100.1
  232. SNAT tcp -- 192.168.100.0/24 ARCH.lan tcp dpt:4000 /* !fw3: Misc (reflection) */ to:192.168.100.1
  233. SNAT udp -- 192.168.100.0/24 ARCH.lan udp dpt:4000 /* !fw3: Misc (reflection) */ to:192.168.100.1
  234.  
  235. Chain zone_lan_prerouting (1 references)
  236. target prot opt source destination
  237. prerouting_lan_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
  238. DNAT tcp -- 192.168.100.0/24 HSI-KBW-37-49-120-76.hsi14.kabel-badenwuerttemberg.de tcp dpt:2200 /* !fw3: SSH (reflection) */ to:192.168.100.1:22
  239. DNAT tcp -- 192.168.100.0/24 HSI-KBW-37-49-120-76.hsi14.kabel-badenwuerttemberg.de tcp dpt:8000 /* !fw3: Misc (reflection) */ to:192.168.100.110:4000
  240. DNAT udp -- 192.168.100.0/24 HSI-KBW-37-49-120-76.hsi14.kabel-badenwuerttemberg.de udp dpt:8000 /* !fw3: Misc (reflection) */ to:192.168.100.110:4000
  241.  
  242. Chain zone_vpn_postrouting (1 references)
  243. target prot opt source destination
  244. postrouting_vpn_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
  245. postrouting_vpn_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
  246. MASQUERADE all -- anywhere anywhere /* !fw3 */
  247. MASQUERADE all -- anywhere anywhere /* !fw3 */
  248.  
  249. Chain zone_vpn_prerouting (1 references)
  250. target prot opt source destination
  251. prerouting_vpn_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
  252. prerouting_vpn_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
  253.  
  254. Chain zone_wan_postrouting (1 references)
  255. target prot opt source destination
  256. postrouting_wan_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
  257. MASQUERADE all -- anywhere anywhere /* !fw3 */
  258.  
  259. Chain zone_wan_prerouting (1 references)
  260. target prot opt source destination
  261. prerouting_wan_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
  262. DNAT tcp -- anywhere anywhere tcp dpt:2200 /* !fw3: SSH */ to:192.168.100.1:22
  263. DNAT tcp -- anywhere anywhere tcp dpt:8000 /* !fw3: Misc */ to:192.168.100.110:4000
  264. DNAT udp -- anywhere anywhere udp dpt:8000 /* !fw3: Misc */ to:192.168.100.110:4000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!