Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp
- ACCEPT all -- anywhere anywhere /* !fw3 */
- input_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
- zone_lan_input all -- anywhere anywhere /* !fw3 */
- zone_wan_input all -- anywhere anywhere /* !fw3 */
- zone_vpn_input all -- anywhere anywhere /* !fw3 */
- Chain FORWARD (policy DROP)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp
- ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp
- forwarding_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- zone_lan_forward all -- anywhere anywhere /* !fw3 */
- zone_wan_forward all -- anywhere anywhere /* !fw3 */
- zone_vpn_forward all -- anywhere anywhere /* !fw3 */
- reject all -- anywhere anywhere /* !fw3 */
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp
- ACCEPT all -- anywhere anywhere /* !fw3 */
- output_rule all -- anywhere anywhere /* !fw3: user chain for output */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- zone_lan_output all -- anywhere anywhere /* !fw3 */
- zone_wan_output all -- anywhere anywhere /* !fw3 */
- zone_vpn_output all -- anywhere anywhere /* !fw3 */
- Chain forwarding_lan_rule (1 references)
- target prot opt source destination
- Chain forwarding_rule (1 references)
- target prot opt source destination
- Chain forwarding_vpn_rule (2 references)
- target prot opt source destination
- Chain forwarding_wan_rule (1 references)
- target prot opt source destination
- Chain input_lan_rule (1 references)
- target prot opt source destination
- Chain input_rule (1 references)
- target prot opt source destination
- Chain input_vpn_rule (2 references)
- target prot opt source destination
- Chain input_wan_rule (1 references)
- target prot opt source destination
- Chain output_lan_rule (1 references)
- target prot opt source destination
- Chain output_rule (1 references)
- target prot opt source destination
- Chain output_vpn_rule (2 references)
- target prot opt source destination
- Chain output_wan_rule (1 references)
- target prot opt source destination
- Chain reject (3 references)
- target prot opt source destination
- REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
- REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
- Chain syn_flood (1 references)
- target prot opt source destination
- RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
- DROP all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_dest_ACCEPT (4 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_forward (1 references)
- target prot opt source destination
- forwarding_lan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding lan -> wan */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_input (1 references)
- target prot opt source destination
- input_lan_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_output (1 references)
- target prot opt source destination
- output_lan_rule all -- anywhere anywhere /* !fw3: user chain for output */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_src_ACCEPT (1 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
- Chain zone_vpn_dest_ACCEPT (4 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_vpn_forward (1 references)
- target prot opt source destination
- forwarding_vpn_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- forwarding_vpn_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding vpn -> wan */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding vpn -> lan */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding vpn -> wan */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3: forwarding vpn -> lan */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_vpn_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_vpn_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_vpn_input (1 references)
- target prot opt source destination
- input_vpn_rule all -- anywhere anywhere /* !fw3: user chain for input */
- input_vpn_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_vpn_src_ACCEPT all -- anywhere anywhere /* !fw3 */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_vpn_src_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_vpn_output (1 references)
- target prot opt source destination
- output_vpn_rule all -- anywhere anywhere /* !fw3: user chain for output */
- output_vpn_rule all -- anywhere anywhere /* !fw3: user chain for output */
- zone_vpn_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- zone_vpn_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_vpn_src_ACCEPT (2 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
- Chain zone_wan_dest_ACCEPT (4 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_dest_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_forward (1 references)
- target prot opt source destination
- forwarding_wan_rule all -- anywhere anywhere /* !fw3: user chain for forwarding */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_input (1 references)
- target prot opt source destination
- input_wan_rule all -- anywhere anywhere /* !fw3: user chain for input */
- ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
- ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
- ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
- ACCEPT esp -- anywhere anywhere /* !fw3: IPSec ESP */
- ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: IPSec IKE */
- ACCEPT udp -- anywhere anywhere udp dpt:4500 /* !fw3: IPSec NAT-T */
- ACCEPT ah -- anywhere anywhere /* !fw3: IPSec Auth Header */
- ACCEPT tcp -- anywhere anywhere tcp dpt:2200 /* !fw3: SSH */
- ACCEPT udp -- anywhere anywhere udp dpt:openvpn /* !fw3: Allow-OpenVPN-Inbound */
- ACCEPT udp -- anywhere anywhere udp dpt:openvpn /* !fw3: Allow-OpenVPN-Inbound */
- ACCEPT tcp -- anywhere anywhere tcp dpt:8000 /* !fw3: Misc */
- ACCEPT udp -- anywhere anywhere udp dpt:8000 /* !fw3: Misc */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_output (1 references)
- target prot opt source destination
- output_wan_rule all -- anywhere anywhere /* !fw3: user chain for output */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_src_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere /* !fw3 */
- Chain PREROUTING (policy ACCEPT)
- target prot opt source destination
- prerouting_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
- zone_lan_prerouting all -- anywhere anywhere /* !fw3 */
- zone_wan_prerouting all -- anywhere anywhere /* !fw3 */
- zone_vpn_prerouting all -- anywhere anywhere /* !fw3 */
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- Chain POSTROUTING (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere policy match dir out pol ipsec
- postrouting_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
- zone_lan_postrouting all -- anywhere anywhere /* !fw3 */
- zone_wan_postrouting all -- anywhere anywhere /* !fw3 */
- zone_vpn_postrouting all -- anywhere anywhere /* !fw3 */
- Chain postrouting_lan_rule (1 references)
- target prot opt source destination
- Chain postrouting_rule (1 references)
- target prot opt source destination
- Chain postrouting_vpn_rule (2 references)
- target prot opt source destination
- Chain postrouting_wan_rule (1 references)
- target prot opt source destination
- Chain prerouting_lan_rule (1 references)
- target prot opt source destination
- Chain prerouting_rule (1 references)
- target prot opt source destination
- Chain prerouting_vpn_rule (2 references)
- target prot opt source destination
- Chain prerouting_wan_rule (1 references)
- target prot opt source destination
- Chain zone_lan_postrouting (1 references)
- target prot opt source destination
- postrouting_lan_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
- SNAT tcp -- 192.168.100.0/24 LEDE.lan tcp dpt:ssh /* !fw3: SSH (reflection) */ to:192.168.100.1
- SNAT tcp -- 192.168.100.0/24 ARCH.lan tcp dpt:4000 /* !fw3: Misc (reflection) */ to:192.168.100.1
- SNAT udp -- 192.168.100.0/24 ARCH.lan udp dpt:4000 /* !fw3: Misc (reflection) */ to:192.168.100.1
- Chain zone_lan_prerouting (1 references)
- target prot opt source destination
- prerouting_lan_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
- DNAT tcp -- 192.168.100.0/24 HSI-KBW-37-49-120-76.hsi14.kabel-badenwuerttemberg.de tcp dpt:2200 /* !fw3: SSH (reflection) */ to:192.168.100.1:22
- DNAT tcp -- 192.168.100.0/24 HSI-KBW-37-49-120-76.hsi14.kabel-badenwuerttemberg.de tcp dpt:8000 /* !fw3: Misc (reflection) */ to:192.168.100.110:4000
- DNAT udp -- 192.168.100.0/24 HSI-KBW-37-49-120-76.hsi14.kabel-badenwuerttemberg.de udp dpt:8000 /* !fw3: Misc (reflection) */ to:192.168.100.110:4000
- Chain zone_vpn_postrouting (1 references)
- target prot opt source destination
- postrouting_vpn_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
- postrouting_vpn_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
- MASQUERADE all -- anywhere anywhere /* !fw3 */
- MASQUERADE all -- anywhere anywhere /* !fw3 */
- Chain zone_vpn_prerouting (1 references)
- target prot opt source destination
- prerouting_vpn_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
- prerouting_vpn_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
- Chain zone_wan_postrouting (1 references)
- target prot opt source destination
- postrouting_wan_rule all -- anywhere anywhere /* !fw3: user chain for postrouting */
- MASQUERADE all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_prerouting (1 references)
- target prot opt source destination
- prerouting_wan_rule all -- anywhere anywhere /* !fw3: user chain for prerouting */
- DNAT tcp -- anywhere anywhere tcp dpt:2200 /* !fw3: SSH */ to:192.168.100.1:22
- DNAT tcp -- anywhere anywhere tcp dpt:8000 /* !fw3: Misc */ to:192.168.100.110:4000
- DNAT udp -- anywhere anywhere udp dpt:8000 /* !fw3: Misc */ to:192.168.100.110:4000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement