Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- BusyBox v1.33.0 () built-in shell (ash)
- _______ ________ __
- | |.-----.-----.-----.| | | |.----.| |_
- | - || _ | -__| || | | || _|| _|
- |_______|| __|_____|__|__||________||__| |____|
- |__| W I R E L E S S F R E E D O M
- -----------------------------------------------------
- OpenWrt SNAPSHOT, r16077-785ab2b62c
- -----------------------------------------------------
- root@OpenWrt-A:~# ubus call system board; uci show network; uci show firewall; uci show dhcp; uci show vpn-policy-routing; /etc/init.d/vpn-policy-routing support; wg sh
- ow; ip address show; ip route show table all; ip rule show; iptables-save; head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
- {
- "kernel": "5.4.101",
- "hostname": "OpenWrt-A",
- "system": "MediaTek MT7628AN ver:1 eco:2",
- "model": "WAVLINK WL-WN577A2",
- "board_name": "wavlink,wl-wn577a2",
- "release": {
- "distribution": "OpenWrt",
- "version": "SNAPSHOT",
- "revision": "r16077-785ab2b62c",
- "target": "ramips/mt76x8",
- "description": "OpenWrt SNAPSHOT r16077-785ab2b62c"
- }
- }
- network.loopback=interface
- network.loopback.ifname='lo'
- network.loopback.proto='static'
- network.loopback.ipaddr='127.0.0.1'
- network.loopback.netmask='255.0.0.0'
- network.globals=globals
- network.globals.ula_prefix='fdb6:1936:f34c::/48'
- network.lan=interface
- network.lan.type='bridge'
- network.lan.ifname='eth0.1'
- network.lan.proto='static'
- network.lan.ipaddr='192.168.1.1'
- network.lan.netmask='255.255.255.0'
- network.lan.ip6assign='60'
- network.wan=interface
- network.wan.ifname='eth0.2'
- network.wan.proto='dhcp'
- network.wan_eth0_2_dev=device
- network.wan_eth0_2_dev.name='eth0.2'
- network.wan_eth0_2_dev.macaddr='80:3f:5d:bc:fa:e4'
- network.wan6=interface
- network.wan6.ifname='eth0.2'
- network.wan6.proto='dhcpv6'
- network.@switch[0]=switch
- network.@switch[0].name='switch0'
- network.@switch[0].reset='1'
- network.@switch[0].enable_vlan='1'
- network.@switch_vlan[0]=switch_vlan
- network.@switch_vlan[0].device='switch0'
- network.@switch_vlan[0].vlan='1'
- network.@switch_vlan[0].ports='3 6t'
- network.@switch_vlan[1]=switch_vlan
- network.@switch_vlan[1].device='switch0'
- network.@switch_vlan[1].vlan='2'
- network.@switch_vlan[1].ports='4 6t'
- network.wifi1=interface
- network.wifi1.proto='static'
- network.wifi1.ipaddr='192.168.10.1'
- network.wifi1.netmask='255.255.255.0'
- network.wifi1.type='bridge'
- network.wifi2=interface
- network.wifi2.proto='static'
- network.wifi2.netmask='255.255.255.0'
- network.wifi2.ipaddr='192.168.30.1'
- network.wifi2.type='bridge'
- network.wg0=interface
- network.wg0.proto='wireguard'
- network.wg0.private_key='SB35Tx9y9nEo4l7mKbkb4knsdmrmKyK3mXk6meslsUk='
- network.wg0.addresses='10.0.0.16/32'
- network.@wireguard_wg0[0]=wireguard_wg0
- network.@wireguard_wg0[0].public_key='AIO7f10s+pBSiMmsZ+PvhWPI8glDXeMt5VAP37b8um4='
- network.@wireguard_wg0[0].endpoint_host='willislan.spdns.de'
- network.@wireguard_wg0[0].endpoint_port='51821'
- network.@wireguard_wg0[0].persistent_keepalive='25'
- network.@wireguard_wg0[0].allowed_ips='0.0.0.0/0' '::/0'
- network.wifi1a=interface
- network.wifi1a.proto='static'
- network.wifi1a.netmask='255.255.255.0'
- network.wifi1a.ipaddr='192.168.20.1'
- network.wifi1a.type='bridge'
- firewall.@defaults[0]=defaults
- firewall.@defaults[0].input='ACCEPT'
- firewall.@defaults[0].output='ACCEPT'
- firewall.@defaults[0].forward='REJECT'
- firewall.@defaults[0].synflood_protect='1'
- firewall.@zone[0]=zone
- firewall.@zone[0].name='lan'
- firewall.@zone[0].input='ACCEPT'
- firewall.@zone[0].output='ACCEPT'
- firewall.@zone[0].forward='ACCEPT'
- firewall.@zone[0].network='lan'
- firewall.@zone[1]=zone
- firewall.@zone[1].name='wifi1a'
- firewall.@zone[1].input='ACCEPT'
- firewall.@zone[1].output='ACCEPT'
- firewall.@zone[1].forward='REJECT'
- firewall.@zone[1].network='wifi1a'
- firewall.@zone[2]=zone
- firewall.@zone[2].name='wifi2'
- firewall.@zone[2].input='ACCEPT'
- firewall.@zone[2].output='ACCEPT'
- firewall.@zone[2].forward='ACCEPT'
- firewall.@zone[2].network='wifi2'
- firewall.@zone[3]=zone
- firewall.@zone[3].name='wan'
- firewall.@zone[3].input='REJECT'
- firewall.@zone[3].output='ACCEPT'
- firewall.@zone[3].forward='REJECT'
- firewall.@zone[3].masq='1'
- firewall.@zone[3].mtu_fix='1'
- firewall.@zone[3].network='wan' 'wan6'
- firewall.@forwarding[0]=forwarding
- firewall.@forwarding[0].src='lan'
- firewall.@forwarding[0].dest='wan'
- firewall.@rule[0]=rule
- firewall.@rule[0].name='Allow-DHCP-Renew'
- firewall.@rule[0].src='wan'
- firewall.@rule[0].proto='udp'
- firewall.@rule[0].dest_port='68'
- firewall.@rule[0].target='ACCEPT'
- firewall.@rule[0].family='ipv4'
- firewall.@rule[1]=rule
- firewall.@rule[1].name='Allow-Ping'
- firewall.@rule[1].src='wan'
- firewall.@rule[1].proto='icmp'
- firewall.@rule[1].icmp_type='echo-request'
- firewall.@rule[1].family='ipv4'
- firewall.@rule[1].target='ACCEPT'
- firewall.@rule[2]=rule
- firewall.@rule[2].name='Allow-IGMP'
- firewall.@rule[2].src='wan'
- firewall.@rule[2].proto='igmp'
- firewall.@rule[2].family='ipv4'
- firewall.@rule[2].target='ACCEPT'
- firewall.@rule[3]=rule
- firewall.@rule[3].name='Allow-DHCPv6'
- firewall.@rule[3].src='wan'
- firewall.@rule[3].proto='udp'
- firewall.@rule[3].src_ip='fc00::/6'
- firewall.@rule[3].dest_ip='fc00::/6'
- firewall.@rule[3].dest_port='546'
- firewall.@rule[3].family='ipv6'
- firewall.@rule[3].target='ACCEPT'
- firewall.@rule[4]=rule
- firewall.@rule[4].name='Allow-MLD'
- firewall.@rule[4].src='wan'
- firewall.@rule[4].proto='icmp'
- firewall.@rule[4].src_ip='fe80::/10'
- firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
- firewall.@rule[4].family='ipv6'
- firewall.@rule[4].target='ACCEPT'
- firewall.@rule[5]=rule
- firewall.@rule[5].name='Allow-ICMPv6-Input'
- firewall.@rule[5].src='wan'
- firewall.@rule[5].proto='icmp'
- firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
- firewall.@rule[5].limit='1000/sec'
- firewall.@rule[5].family='ipv6'
- firewall.@rule[5].target='ACCEPT'
- firewall.@rule[6]=rule
- firewall.@rule[6].name='Allow-ICMPv6-Forward'
- firewall.@rule[6].src='wan'
- firewall.@rule[6].dest='*'
- firewall.@rule[6].proto='icmp'
- firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
- firewall.@rule[6].limit='1000/sec'
- firewall.@rule[6].family='ipv6'
- firewall.@rule[6].target='ACCEPT'
- firewall.@rule[7]=rule
- firewall.@rule[7].name='Allow-IPSec-ESP'
- firewall.@rule[7].src='wan'
- firewall.@rule[7].dest='lan'
- firewall.@rule[7].proto='esp'
- firewall.@rule[7].target='ACCEPT'
- firewall.@rule[8]=rule
- firewall.@rule[8].name='Allow-ISAKMP'
- firewall.@rule[8].src='wan'
- firewall.@rule[8].dest='lan'
- firewall.@rule[8].dest_port='500'
- firewall.@rule[8].proto='udp'
- firewall.@rule[8].target='ACCEPT'
- firewall.@rule[9]=rule
- firewall.@rule[9].name='Support-UDP-Traceroute'
- firewall.@rule[9].src='wan'
- firewall.@rule[9].dest_port='33434:33689'
- firewall.@rule[9].proto='udp'
- firewall.@rule[9].family='ipv4'
- firewall.@rule[9].target='REJECT'
- firewall.@rule[9].enabled='0'
- firewall.@include[0]=include
- firewall.@include[0].path='/etc/firewall.user'
- firewall.@rule[10]=rule
- firewall.@rule[10].dest_port='80'
- firewall.@rule[10].src='wan'
- firewall.@rule[10].name='Allow-Web-WAN'
- firewall.@rule[10].target='ACCEPT'
- firewall.@rule[11]=rule
- firewall.@rule[11].dest_port='443'
- firewall.@rule[11].src='wan'
- firewall.@rule[11].name='Allow-SSL-WAN'
- firewall.@rule[11].target='ACCEPT'
- firewall.@rule[12]=rule
- firewall.@rule[12].dest_port='22'
- firewall.@rule[12].src='wan'
- firewall.@rule[12].name='Allow-SSH-WAN'
- firewall.@rule[12].target='ACCEPT'
- firewall.@zone[4]=zone
- firewall.@zone[4].name='wifi1'
- firewall.@zone[4].input='ACCEPT'
- firewall.@zone[4].output='ACCEPT'
- firewall.@zone[4].forward='ACCEPT'
- firewall.@zone[4].network='wifi1'
- firewall.@forwarding[1]=forwarding
- firewall.@forwarding[1].src='wifi2'
- firewall.@forwarding[1].dest='wan'
- firewall.@zone[5]=zone
- firewall.@zone[5].name='wg0'
- firewall.@zone[5].input='REJECT'
- firewall.@zone[5].output='ACCEPT'
- firewall.@zone[5].forward='REJECT'
- firewall.@zone[5].network='wg0'
- firewall.@zone[5].masq='1'
- firewall.@zone[5].mtu_fix='1'
- firewall.@forwarding[2]=forwarding
- firewall.@forwarding[2].src='wifi1'
- firewall.@forwarding[2].dest='wg0'
- firewall.@forwarding[3]=forwarding
- firewall.@forwarding[3].src='wifi1a'
- firewall.@forwarding[3].dest='wan'
- dhcp.@dnsmasq[0]=dnsmasq
- dhcp.@dnsmasq[0].domainneeded='1'
- dhcp.@dnsmasq[0].boguspriv='1'
- dhcp.@dnsmasq[0].filterwin2k='0'
- dhcp.@dnsmasq[0].localise_queries='1'
- dhcp.@dnsmasq[0].rebind_protection='1'
- dhcp.@dnsmasq[0].rebind_localhost='1'
- dhcp.@dnsmasq[0].local='/lan/'
- dhcp.@dnsmasq[0].domain='lan'
- dhcp.@dnsmasq[0].expandhosts='1'
- dhcp.@dnsmasq[0].nonegcache='0'
- dhcp.@dnsmasq[0].authoritative='1'
- dhcp.@dnsmasq[0].readethers='1'
- dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
- dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
- dhcp.@dnsmasq[0].nonwildcard='1'
- dhcp.@dnsmasq[0].localservice='1'
- dhcp.@dnsmasq[0].ednspacket_max='1232'
- dhcp.lan=dhcp
- dhcp.lan.interface='lan'
- dhcp.lan.start='100'
- dhcp.lan.limit='150'
- dhcp.lan.leasetime='12h'
- dhcp.lan.dhcpv4='server'
- dhcp.lan.dhcpv6='server'
- dhcp.lan.ra='server'
- dhcp.lan.ra_slaac='1'
- dhcp.lan.ra_flags='managed-config' 'other-config'
- dhcp.wan=dhcp
- dhcp.wan.interface='wan'
- dhcp.wan.ignore='1'
- dhcp.odhcpd=odhcpd
- dhcp.odhcpd.maindhcp='0'
- dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
- dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
- dhcp.odhcpd.loglevel='4'
- dhcp.wifi1=dhcp
- dhcp.wifi1.interface='wifi1'
- dhcp.wifi1.start='100'
- dhcp.wifi1.limit='150'
- dhcp.wifi1.leasetime='12h'
- dhcp.wifi2=dhcp
- dhcp.wifi2.interface='wifi2'
- dhcp.wifi2.start='100'
- dhcp.wifi2.limit='150'
- dhcp.wifi2.leasetime='12h'
- dhcp.wifi1a=dhcp
- dhcp.wifi1a.interface='wifi1a'
- dhcp.wifi1a.start='100'
- dhcp.wifi1a.limit='150'
- dhcp.wifi1a.leasetime='12h'
- vpn-policy-routing.config=vpn-policy-routing
- vpn-policy-routing.config.verbosity='2'
- vpn-policy-routing.config.strict_enforcement='1'
- vpn-policy-routing.config.src_ipset='0'
- vpn-policy-routing.config.resolver_ipset='dnsmasq.ipset'
- vpn-policy-routing.config.ipv6_enabled='0'
- vpn-policy-routing.config.ignored_interface='vpnserver wgserver'
- vpn-policy-routing.config.boot_timeout='30'
- vpn-policy-routing.config.iptables_rule_option='append'
- vpn-policy-routing.config.procd_reload_delay='1'
- vpn-policy-routing.config.webui_chain_column='0'
- vpn-policy-routing.config.webui_show_ignore_target='0'
- vpn-policy-routing.config.webui_sorting='1'
- vpn-policy-routing.config.webui_supported_protocol='tcp' 'udp' 'tcp udp' 'icmp' 'all'
- vpn-policy-routing.config.enabled='1'
- vpn-policy-routing.config.webui_enable_column='1'
- vpn-policy-routing.config.webui_protocol_column='1'
- vpn-policy-routing.@include[0]=include
- vpn-policy-routing.@include[0].path='/etc/vpn-policy-routing.netflix.user'
- vpn-policy-routing.@include[0].enabled='0'
- vpn-policy-routing.@include[1]=include
- vpn-policy-routing.@include[1].path='/etc/vpn-policy-routing.aws.user'
- vpn-policy-routing.@include[1].enabled='0'
- vpn-policy-routing.lan_vpn=policy
- vpn-policy-routing.lan_vpn.interface='wg0'
- vpn-policy-routing.lan_vpn.src_addr='192.168.10.0/24'
- vpn-policy-routing.lan_vpn.dest_addr='!192.168.10.0/24'
- vpn-policy-routing 0.3.2-18 running on OpenWrt SNAPSHOT.
- ============================================================
- Dnsmasq version 2.84 Copyright (c) 2000-2021 Simon Kelley
- Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
- ============================================================
- Routes/IP Rules
- default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0.2
- IPv4 Table 201: default via 192.168.0.1 dev eth0.2
- 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
- 192.168.30.0/24 dev br-wifi2 proto kernel scope link src 192.168.30.1
- IPv4 Table 201 Rules:
- 32765: from all fwmark 0x10000/0xff0000 lookup wan
- IPv4 Table 202: default via 10.0.0.16 dev wg0
- 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
- 192.168.10.0/24 dev br-wifi1 proto kernel scope link src 192.168.10.1
- 192.168.30.0/24 dev br-wifi2 proto kernel scope link src 192.168.30.1
- IPv4 Table 202 Rules:
- 32764: from all fwmark 0x20000/0xff0000 lookup wg0
- ============================================================
- Mangle IP Table: PREROUTING
- -N VPR_PREROUTING
- -A VPR_PREROUTING -s 192.168.10.0/24 ! -d 192.168.10.0/24 -m comment --comment blank -c 956 74439 -g VPR_MARK0x020000
- ============================================================
- Mangle IP Table MARK Chain: VPR_MARK0x010000
- -N VPR_MARK0x010000
- -A VPR_MARK0x010000 -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
- -A VPR_MARK0x010000 -c 0 0 -j RETURN
- ============================================================
- Mangle IP Table MARK Chain: VPR_MARK0x020000
- -N VPR_MARK0x020000
- ============================================================
- Current ipsets
- ============================================================
- Your support details have been logged to '/var/vpn-policy-routing-support'. [✓]
- interface: wg0
- public key: VkNmuLHORx3+cuBR4cZnOoZ++nnh8JXI6Il9nLYgGkQ=
- private key: (hidden)
- listening port: 60506
- peer: AIO7f10s+pBSiMmsZ+PvhWPI8glDXeMt5VAP37b8um4=
- endpoint: 95.90.25.9:51821
- allowed ips: 0.0.0.0/0, ::/0
- latest handshake: 2 minutes, 51 seconds ago
- transfer: 4.57 KiB received, 2.67 KiB sent
- persistent keepalive: every 25 seconds
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
- link/ether 80:3f:5d:bc:fa:e3 brd ff:ff:ff:ff:ff:ff
- inet6 fe80::823f:5dff:febc:fae3/64 scope link
- valid_lft forever preferred_lft forever
- 6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
- link/ether 80:3f:5d:bc:fa:e3 brd ff:ff:ff:ff:ff:ff
- inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
- valid_lft forever preferred_lft forever
- inet6 fdb6:1936:f34c::1/60 scope global noprefixroute
- valid_lft forever preferred_lft forever
- inet6 fe80::823f:5dff:febc:fae3/64 scope link
- valid_lft forever preferred_lft forever
- 7: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
- link/ether 80:3f:5d:bc:fa:e3 brd ff:ff:ff:ff:ff:ff
- 8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
- link/ether 80:3f:5d:bc:fa:e4 brd ff:ff:ff:ff:ff:ff
- inet 192.168.0.171/24 brd 192.168.0.255 scope global eth0.2
- valid_lft forever preferred_lft forever
- inet6 2a02:810a:900:2390:823f:5dff:febc:fae4/64 scope global dynamic noprefixroute
- valid_lft 7126sec preferred_lft 3526sec
- inet6 fe80::823f:5dff:febc:fae4/64 scope link
- valid_lft forever preferred_lft forever
- 9: br-wifi1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
- link/ether 80:3f:5d:bc:fa:e5 brd ff:ff:ff:ff:ff:ff
- inet 192.168.10.1/24 brd 192.168.10.255 scope global br-wifi1
- valid_lft forever preferred_lft forever
- inet6 fe80::823f:5dff:febc:fae5/64 scope link
- valid_lft forever preferred_lft forever
- 10: br-wifi2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
- link/ether 80:3f:5d:bc:fa:e6 brd ff:ff:ff:ff:ff:ff
- inet 192.168.30.1/24 brd 192.168.30.255 scope global br-wifi2
- valid_lft forever preferred_lft forever
- inet6 fe80::823f:5dff:febc:fae6/64 scope link
- valid_lft forever preferred_lft forever
- 11: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
- link/none
- inet 10.0.0.16/32 brd 255.255.255.255 scope global wg0
- valid_lft forever preferred_lft forever
- 12: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-wifi1 state UP group default qlen 1000
- link/ether 80:3f:5d:bc:fa:e5 brd ff:ff:ff:ff:ff:ff
- inet6 fe80::823f:5dff:febc:fae5/64 scope link
- valid_lft forever preferred_lft forever
- 13: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-wifi2 state UP group default qlen 1000
- link/ether 80:3f:5d:bc:fa:e6 brd ff:ff:ff:ff:ff:ff
- inet6 fe80::823f:5dff:febc:fae6/64 scope link
- valid_lft forever preferred_lft forever
- default via 192.168.0.1 dev eth0.2 table wan
- 192.168.1.0/24 dev br-lan table wan proto kernel scope link src 192.168.1.1
- 192.168.30.0/24 dev br-wifi2 table wan proto kernel scope link src 192.168.30.1
- default via 10.0.0.16 dev wg0 table wg0
- 192.168.1.0/24 dev br-lan table wg0 proto kernel scope link src 192.168.1.1
- 192.168.10.0/24 dev br-wifi1 table wg0 proto kernel scope link src 192.168.10.1
- 192.168.30.0/24 dev br-wifi2 table wg0 proto kernel scope link src 192.168.30.1
- default via 192.168.0.1 dev eth0.2 proto static src 192.168.0.171
- 95.90.25.9 via 192.168.0.1 dev eth0.2 proto static
- 192.168.0.0/24 dev eth0.2 proto kernel scope link src 192.168.0.171
- 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
- 192.168.10.0/24 dev br-wifi1 proto kernel scope link src 192.168.10.1
- 192.168.30.0/24 dev br-wifi2 proto kernel scope link src 192.168.30.1
- local 10.0.0.16 dev wg0 table local proto kernel scope host src 10.0.0.16
- broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
- local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
- local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
- broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
- broadcast 192.168.0.0 dev eth0.2 table local proto kernel scope link src 192.168.0.171
- local 192.168.0.171 dev eth0.2 table local proto kernel scope host src 192.168.0.171
- broadcast 192.168.0.255 dev eth0.2 table local proto kernel scope link src 192.168.0.171
- broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
- local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
- broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
- broadcast 192.168.10.0 dev br-wifi1 table local proto kernel scope link src 192.168.10.1
- local 192.168.10.1 dev br-wifi1 table local proto kernel scope host src 192.168.10.1
- broadcast 192.168.10.255 dev br-wifi1 table local proto kernel scope link src 192.168.10.1
- broadcast 192.168.30.0 dev br-wifi2 table local proto kernel scope link src 192.168.30.1
- local 192.168.30.1 dev br-wifi2 table local proto kernel scope host src 192.168.30.1
- broadcast 192.168.30.255 dev br-wifi2 table local proto kernel scope link src 192.168.30.1
- default from 2a02:810a:900:2390::/64 via fe80::ca0e:14ff:fedd:5e4 dev eth0.2 proto static metric 512 pref medium
- 2a02:810a:900:2390::/64 dev eth0.2 proto static metric 256 pref medium
- 2a02:810a:900:2390::/64 via fe80::ca0e:14ff:fedd:5e4 dev eth0.2 proto static metric 512 pref medium
- unreachable 2a02:810a:900:2390::/64 dev lo proto static metric 2147483647 pref medium
- fdb6:1936:f34c::/64 dev br-lan proto static metric 1024 pref medium
- unreachable fdb6:1936:f34c::/48 dev lo proto static metric 2147483647 pref medium
- fe80::/64 dev eth0 proto kernel metric 256 pref medium
- fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
- fe80::/64 dev br-lan proto kernel metric 256 pref medium
- fe80::/64 dev br-wifi2 proto kernel metric 256 pref medium
- fe80::/64 dev wlan1 proto kernel metric 256 pref medium
- fe80::/64 dev wlan0 proto kernel metric 256 pref medium
- fe80::/64 dev br-wifi1 proto kernel metric 256 pref medium
- local ::1 dev lo table local proto kernel metric 0 pref medium
- anycast 2a02:810a:900:2390:: dev eth0.2 table local proto kernel metric 0 pref medium
- local 2a02:810a:900:2390:823f:5dff:febc:fae4 dev eth0.2 table local proto kernel metric 0 pref medium
- anycast fdb6:1936:f34c:: dev br-lan table local proto kernel metric 0 pref medium
- local fdb6:1936:f34c::1 dev br-lan table local proto kernel metric 0 pref medium
- anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
- anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
- anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
- anycast fe80:: dev br-wifi2 table local proto kernel metric 0 pref medium
- anycast fe80:: dev wlan1 table local proto kernel metric 0 pref medium
- anycast fe80:: dev br-wifi1 table local proto kernel metric 0 pref medium
- anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
- local fe80::823f:5dff:febc:fae3 dev eth0 table local proto kernel metric 0 pref medium
- local fe80::823f:5dff:febc:fae3 dev br-lan table local proto kernel metric 0 pref medium
- local fe80::823f:5dff:febc:fae4 dev eth0.2 table local proto kernel metric 0 pref medium
- local fe80::823f:5dff:febc:fae5 dev br-wifi1 table local proto kernel metric 0 pref medium
- local fe80::823f:5dff:febc:fae5 dev wlan0 table local proto kernel metric 0 pref medium
- local fe80::823f:5dff:febc:fae6 dev br-wifi2 table local proto kernel metric 0 pref medium
- local fe80::823f:5dff:febc:fae6 dev wlan1 table local proto kernel metric 0 pref medium
- multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
- multicast ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
- multicast ff00::/8 dev eth0.2 table local proto kernel metric 256 pref medium
- multicast ff00::/8 dev wg0 table local proto kernel metric 256 pref medium
- multicast ff00::/8 dev br-wifi2 table local proto kernel metric 256 pref medium
- multicast ff00::/8 dev wlan1 table local proto kernel metric 256 pref medium
- multicast ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
- multicast ff00::/8 dev br-wifi1 table local proto kernel metric 256 pref medium
- 0: from all lookup local
- 32764: from all fwmark 0x20000/0xff0000 lookup wg0
- 32765: from all fwmark 0x10000/0xff0000 lookup wan
- 32766: from all lookup main
- 32767: from all lookup default
- # Generated by iptables-save v1.8.7 on Sun Mar 7 10:23:02 2021
- *nat
- :PREROUTING ACCEPT [2284:264471]
- :INPUT ACCEPT [83:6483]
- :OUTPUT ACCEPT [221:17336]
- :POSTROUTING ACCEPT [884:37344]
- :postrouting_lan_rule - [0:0]
- :postrouting_rule - [0:0]
- :postrouting_wan_rule - [0:0]
- :postrouting_wg0_rule - [0:0]
- :postrouting_wifi1_rule - [0:0]
- :postrouting_wifi1a_rule - [0:0]
- :postrouting_wifi2_rule - [0:0]
- :prerouting_lan_rule - [0:0]
- :prerouting_rule - [0:0]
- :prerouting_wan_rule - [0:0]
- :prerouting_wg0_rule - [0:0]
- :prerouting_wifi1_rule - [0:0]
- :prerouting_wifi1a_rule - [0:0]
- :prerouting_wifi2_rule - [0:0]
- :zone_lan_postrouting - [0:0]
- :zone_lan_prerouting - [0:0]
- :zone_wan_postrouting - [0:0]
- :zone_wan_prerouting - [0:0]
- :zone_wg0_postrouting - [0:0]
- :zone_wg0_prerouting - [0:0]
- :zone_wifi1_postrouting - [0:0]
- :zone_wifi1_prerouting - [0:0]
- :zone_wifi1a_postrouting - [0:0]
- :zone_wifi1a_prerouting - [0:0]
- :zone_wifi2_postrouting - [0:0]
- :zone_wifi2_prerouting - [0:0]
- -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
- -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
- -A PREROUTING -i br-wifi1a -m comment --comment "!fw3" -j zone_wifi1a_prerouting
- -A PREROUTING -i br-wifi2 -m comment --comment "!fw3" -j zone_wifi2_prerouting
- -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
- -A PREROUTING -i br-wifi1 -m comment --comment "!fw3" -j zone_wifi1_prerouting
- -A PREROUTING -i wg0 -m comment --comment "!fw3" -j zone_wg0_prerouting
- -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
- -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
- -A POSTROUTING -o br-wifi1a -m comment --comment "!fw3" -j zone_wifi1a_postrouting
- -A POSTROUTING -o br-wifi2 -m comment --comment "!fw3" -j zone_wifi2_postrouting
- -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
- -A POSTROUTING -o br-wifi1 -m comment --comment "!fw3" -j zone_wifi1_postrouting
- -A POSTROUTING -o wg0 -m comment --comment "!fw3" -j zone_wg0_postrouting
- -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
- -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
- -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
- -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
- -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
- -A zone_wg0_postrouting -m comment --comment "!fw3: Custom wg0 postrouting rule chain" -j postrouting_wg0_rule
- -A zone_wg0_postrouting -m comment --comment "!fw3" -j MASQUERADE
- -A zone_wg0_prerouting -m comment --comment "!fw3: Custom wg0 prerouting rule chain" -j prerouting_wg0_rule
- -A zone_wifi1_postrouting -m comment --comment "!fw3: Custom wifi1 postrouting rule chain" -j postrouting_wifi1_rule
- -A zone_wifi1_prerouting -m comment --comment "!fw3: Custom wifi1 prerouting rule chain" -j prerouting_wifi1_rule
- -A zone_wifi1a_postrouting -m comment --comment "!fw3: Custom wifi1a postrouting rule chain" -j postrouting_wifi1a_rule
- -A zone_wifi1a_prerouting -m comment --comment "!fw3: Custom wifi1a prerouting rule chain" -j prerouting_wifi1a_rule
- -A zone_wifi2_postrouting -m comment --comment "!fw3: Custom wifi2 postrouting rule chain" -j postrouting_wifi2_rule
- -A zone_wifi2_prerouting -m comment --comment "!fw3: Custom wifi2 prerouting rule chain" -j prerouting_wifi2_rule
- COMMIT
- # Completed on Sun Mar 7 10:23:02 2021
- # Generated by iptables-save v1.8.7 on Sun Mar 7 10:23:02 2021
- *mangle
- :PREROUTING ACCEPT [4305:526704]
- :INPUT ACCEPT [2425:316452]
- :FORWARD ACCEPT [846:43992]
- :OUTPUT ACCEPT [3201:1292765]
- :POSTROUTING ACCEPT [3200:1292725]
- :VPR_MARK0x010000 - [0:0]
- :VPR_MARK0x020000 - [0:0]
- :VPR_PREROUTING - [0:0]
- -A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
- -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
- -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
- -A FORWARD -o wg0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wg0 MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
- -A FORWARD -i wg0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wg0 MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
- -A VPR_MARK0x010000 -j MARK --set-xmark 0x10000/0xff0000
- -A VPR_MARK0x010000 -j RETURN
- -A VPR_PREROUTING -s 192.168.10.0/24 ! -d 192.168.10.0/24 -m comment --comment blank -g VPR_MARK0x020000
- COMMIT
- # Completed on Sun Mar 7 10:23:02 2021
- # Generated by iptables-save v1.8.7 on Sun Mar 7 10:23:02 2021
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- :forwarding_lan_rule - [0:0]
- :forwarding_rule - [0:0]
- :forwarding_wan_rule - [0:0]
- :forwarding_wg0_rule - [0:0]
- :forwarding_wifi1_rule - [0:0]
- :forwarding_wifi1a_rule - [0:0]
- :forwarding_wifi2_rule - [0:0]
- :input_lan_rule - [0:0]
- :input_rule - [0:0]
- :input_wan_rule - [0:0]
- :input_wg0_rule - [0:0]
- :input_wifi1_rule - [0:0]
- :input_wifi1a_rule - [0:0]
- :input_wifi2_rule - [0:0]
- :output_lan_rule - [0:0]
- :output_rule - [0:0]
- :output_wan_rule - [0:0]
- :output_wg0_rule - [0:0]
- :output_wifi1_rule - [0:0]
- :output_wifi1a_rule - [0:0]
- :output_wifi2_rule - [0:0]
- :reject - [0:0]
- :syn_flood - [0:0]
- :zone_lan_dest_ACCEPT - [0:0]
- :zone_lan_forward - [0:0]
- :zone_lan_input - [0:0]
- :zone_lan_output - [0:0]
- :zone_lan_src_ACCEPT - [0:0]
- :zone_wan_dest_ACCEPT - [0:0]
- :zone_wan_dest_REJECT - [0:0]
- :zone_wan_forward - [0:0]
- :zone_wan_input - [0:0]
- :zone_wan_output - [0:0]
- :zone_wan_src_REJECT - [0:0]
- :zone_wg0_dest_ACCEPT - [0:0]
- :zone_wg0_dest_REJECT - [0:0]
- :zone_wg0_forward - [0:0]
- :zone_wg0_input - [0:0]
- :zone_wg0_output - [0:0]
- :zone_wg0_src_REJECT - [0:0]
- :zone_wifi1_dest_ACCEPT - [0:0]
- :zone_wifi1_forward - [0:0]
- :zone_wifi1_input - [0:0]
- :zone_wifi1_output - [0:0]
- :zone_wifi1_src_ACCEPT - [0:0]
- :zone_wifi1a_dest_ACCEPT - [0:0]
- :zone_wifi1a_dest_REJECT - [0:0]
- :zone_wifi1a_forward - [0:0]
- :zone_wifi1a_input - [0:0]
- :zone_wifi1a_output - [0:0]
- :zone_wifi1a_src_ACCEPT - [0:0]
- :zone_wifi2_dest_ACCEPT - [0:0]
- :zone_wifi2_forward - [0:0]
- :zone_wifi2_input - [0:0]
- :zone_wifi2_output - [0:0]
- :zone_wifi2_src_ACCEPT - [0:0]
- -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
- -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
- -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
- -A INPUT -i br-wifi1a -m comment --comment "!fw3" -j zone_wifi1a_input
- -A INPUT -i br-wifi2 -m comment --comment "!fw3" -j zone_wifi2_input
- -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
- -A INPUT -i br-wifi1 -m comment --comment "!fw3" -j zone_wifi1_input
- -A INPUT -i wg0 -m comment --comment "!fw3" -j zone_wg0_input
- -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
- -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
- -A FORWARD -i br-wifi1a -m comment --comment "!fw3" -j zone_wifi1a_forward
- -A FORWARD -i br-wifi2 -m comment --comment "!fw3" -j zone_wifi2_forward
- -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
- -A FORWARD -i br-wifi1 -m comment --comment "!fw3" -j zone_wifi1_forward
- -A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_wg0_forward
- -A FORWARD -m comment --comment "!fw3" -j reject
- -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
- -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
- -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
- -A OUTPUT -o br-wifi1a -m comment --comment "!fw3" -j zone_wifi1a_output
- -A OUTPUT -o br-wifi2 -m comment --comment "!fw3" -j zone_wifi2_output
- -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
- -A OUTPUT -o br-wifi1 -m comment --comment "!fw3" -j zone_wifi1_output
- -A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_wg0_output
- -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
- -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
- -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
- -A syn_flood -m comment --comment "!fw3" -j DROP
- -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
- -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
- -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
- -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
- -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
- -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
- -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
- -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
- -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
- -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
- -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
- -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
- -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
- -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
- -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
- -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
- -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
- -A zone_wan_input -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Allow-Web-WAN" -j ACCEPT
- -A zone_wan_input -p udp -m udp --dport 80 -m comment --comment "!fw3: Allow-Web-WAN" -j ACCEPT
- -A zone_wan_input -p tcp -m tcp --dport 443 -m comment --comment "!fw3: Allow-SSL-WAN" -j ACCEPT
- -A zone_wan_input -p udp -m udp --dport 443 -m comment --comment "!fw3: Allow-SSL-WAN" -j ACCEPT
- -A zone_wan_input -p tcp -m tcp --dport 22 -m comment --comment "!fw3: Allow-SSH-WAN" -j ACCEPT
- -A zone_wan_input -p udp -m udp --dport 22 -m comment --comment "!fw3: Allow-SSH-WAN" -j ACCEPT
- -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
- -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
- -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
- -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
- -A zone_wg0_dest_ACCEPT -o wg0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
- -A zone_wg0_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
- -A zone_wg0_dest_REJECT -o wg0 -m comment --comment "!fw3" -j reject
- -A zone_wg0_forward -m comment --comment "!fw3: Custom wg0 forwarding rule chain" -j forwarding_wg0_rule
- -A zone_wg0_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_wg0_forward -m comment --comment "!fw3" -j zone_wg0_dest_REJECT
- -A zone_wg0_input -m comment --comment "!fw3: Custom wg0 input rule chain" -j input_wg0_rule
- -A zone_wg0_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_wg0_input -m comment --comment "!fw3" -j zone_wg0_src_REJECT
- -A zone_wg0_output -m comment --comment "!fw3: Custom wg0 output rule chain" -j output_wg0_rule
- -A zone_wg0_output -m comment --comment "!fw3" -j zone_wg0_dest_ACCEPT
- -A zone_wg0_src_REJECT -i wg0 -m comment --comment "!fw3" -j reject
- -A zone_wifi1_dest_ACCEPT -o br-wifi1 -m comment --comment "!fw3" -j ACCEPT
- -A zone_wifi1_forward -m comment --comment "!fw3: Custom wifi1 forwarding rule chain" -j forwarding_wifi1_rule
- -A zone_wifi1_forward -m comment --comment "!fw3: Zone wifi1 to wg0 forwarding policy" -j zone_wg0_dest_ACCEPT
- -A zone_wifi1_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_wifi1_forward -m comment --comment "!fw3" -j zone_wifi1_dest_ACCEPT
- -A zone_wifi1_input -m comment --comment "!fw3: Custom wifi1 input rule chain" -j input_wifi1_rule
- -A zone_wifi1_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_wifi1_input -m comment --comment "!fw3" -j zone_wifi1_src_ACCEPT
- -A zone_wifi1_output -m comment --comment "!fw3: Custom wifi1 output rule chain" -j output_wifi1_rule
- -A zone_wifi1_output -m comment --comment "!fw3" -j zone_wifi1_dest_ACCEPT
- -A zone_wifi1_src_ACCEPT -i br-wifi1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- -A zone_wifi1a_dest_ACCEPT -o br-wifi1a -m comment --comment "!fw3" -j ACCEPT
- -A zone_wifi1a_dest_REJECT -o br-wifi1a -m comment --comment "!fw3" -j reject
- -A zone_wifi1a_forward -m comment --comment "!fw3: Custom wifi1a forwarding rule chain" -j forwarding_wifi1a_rule
- -A zone_wifi1a_forward -m comment --comment "!fw3: Zone wifi1a to wan forwarding policy" -j zone_wan_dest_ACCEPT
- -A zone_wifi1a_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_wifi1a_forward -m comment --comment "!fw3" -j zone_wifi1a_dest_REJECT
- -A zone_wifi1a_input -m comment --comment "!fw3: Custom wifi1a input rule chain" -j input_wifi1a_rule
- -A zone_wifi1a_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_wifi1a_input -m comment --comment "!fw3" -j zone_wifi1a_src_ACCEPT
- -A zone_wifi1a_output -m comment --comment "!fw3: Custom wifi1a output rule chain" -j output_wifi1a_rule
- -A zone_wifi1a_output -m comment --comment "!fw3" -j zone_wifi1a_dest_ACCEPT
- -A zone_wifi1a_src_ACCEPT -i br-wifi1a -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- -A zone_wifi2_dest_ACCEPT -o br-wifi2 -m comment --comment "!fw3" -j ACCEPT
- -A zone_wifi2_forward -m comment --comment "!fw3: Custom wifi2 forwarding rule chain" -j forwarding_wifi2_rule
- -A zone_wifi2_forward -m comment --comment "!fw3: Zone wifi2 to wan forwarding policy" -j zone_wan_dest_ACCEPT
- -A zone_wifi2_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_wifi2_forward -m comment --comment "!fw3" -j zone_wifi2_dest_ACCEPT
- -A zone_wifi2_input -m comment --comment "!fw3: Custom wifi2 input rule chain" -j input_wifi2_rule
- -A zone_wifi2_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_wifi2_input -m comment --comment "!fw3" -j zone_wifi2_src_ACCEPT
- -A zone_wifi2_output -m comment --comment "!fw3: Custom wifi2 output rule chain" -j output_wifi2_rule
- -A zone_wifi2_output -m comment --comment "!fw3" -j zone_wifi2_dest_ACCEPT
- -A zone_wifi2_src_ACCEPT -i br-wifi2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
- COMMIT
- # Completed on Sun Mar 7 10:23:02 2021
- ==> /etc/resolv.conf <==
- search lan
- nameserver 127.0.0.1
- nameserver ::1
- ==> /tmp/resolv.conf <==
- search lan
- nameserver 127.0.0.1
- nameserver ::1
- ==> /tmp/resolv.conf.d <==
- head: /tmp/resolv.conf.d: I/O error
- ==> /tmp/resolv.conf.d/resolv.conf.auto <==
- # Interface wan
- nameserver 192.168.0.1
- search fritz.box
- # Interface wan6
- nameserver fd00::ca0e:14ff:fedd:5e4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement