API tools faq
paste
Guest User

Untitled

a guest
Feb 27th, 2021
51
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.21 KB | None | 0 0
raw download clone embed print report
  1. root@OpenWrt:~# ip route show table all
  2. default via XXX.XXX.XXY.1 dev eth0.2 proto static src XXX.XXX.XXX.89
  3. XXX.XXX.XXY.0/22 dev eth0.2 proto kernel scope link src XXX.XXX.XXX.89
  4. 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
  5. 192.168.100.0/24 dev eth0.2 proto kernel scope link src 192.168.100.10
  6. broadcast XXX.XXX.XXY.0 dev eth0.2 table local proto kernel scope link src XXX.XXX.XXX.89
  7. local XXX.XXX.XXX.89 dev eth0.2 table local proto kernel scope host src XXX.XXX.XXX.89
  8. broadcast XXX.XXX.XXZ.255 dev eth0.2 table local proto kernel scope link src XXX.XXX.XXX.89
  9. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  10. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  11. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  12. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  13. broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
  14. local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
  15. broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
  16. broadcast 192.168.100.0 dev eth0.2 table local proto kernel scope link src 192.168.100.10
  17. local 192.168.100.10 dev eth0.2 table local proto kernel scope host src 192.168.100.10
  18. broadcast 192.168.100.255 dev eth0.2 table local proto kernel scope link src 192.168.100.10
  19. XXXX:XXXX:XXXX::/64 dev br-lan proto static metric 1024 pref medium
  20. unreachable XXXX:XXXX:XXXX::/48 dev lo proto static metric 2147483647 error 4294967183 pref medium
  21. fe80::/64 dev eth1 proto kernel metric 256 pref medium
  22. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  23. fe80::/64 dev eth0 proto kernel metric 256 pref medium
  24. fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
  25. fe80::/64 dev wlan1 proto kernel metric 256 pref medium
  26. fe80::/64 dev wlan0 proto kernel metric 256 pref medium
  27. fe80::/64 dev ifb4eth0.2 proto kernel metric 256 pref medium
  28. local ::1 dev lo table local proto kernel metric 0 pref medium
  29. anycast XXXX:XXXX:XXXX:: dev br-lan table local proto kernel metric 0 pref medium
  30. local XXXX:XXXX:XXXX::1 dev br-lan table local proto kernel metric 0 pref medium
  31. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  32. anycast fe80:: dev eth1 table local proto kernel metric 0 pref medium
  33. anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
  34. anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
  35. anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
  36. anycast fe80:: dev wlan1 table local proto kernel metric 0 pref medium
  37. anycast fe80:: dev ifb4eth0.2 table local proto kernel metric 0 pref medium
  38. local fe80::3a94:edff:feb6:8632 dev br-lan table local proto kernel metric 0 pref medium
  39. local fe80::3a94:edff:feb6:8632 dev eth1 table local proto kernel metric 0 pref medium
  40. local fe80::3a94:edff:feb6:8633 dev eth0.2 table local proto kernel metric 0 pref medium
  41. local fe80::3a94:edff:feb6:8633 dev eth0 table local proto kernel metric 0 pref medium
  42. local fe80::3a94:edff:feb6:8634 dev wlan0 table local proto kernel metric 0 pref medium
  43. local fe80::3a94:edff:feb6:8635 dev wlan1 table local proto kernel metric 0 pref medium
  44. local fe80::c089:81ff:fe5e:201d dev ifb4eth0.2 table local proto kernel metric 0 pref medium
  45. ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
  46. ff00::/8 dev eth1 table local proto kernel metric 256 pref medium
  47. ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
  48. ff00::/8 dev eth0.2 table local proto kernel metric 256 pref medium
  49. ff00::/8 dev wlan1 table local proto kernel metric 256 pref medium
  50. ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
  51. ff00::/8 dev ifb4eth0.2 table local proto kernel metric 256 pref medium
  52.  
  53. root@OpenWrt:~# ip address show
  54. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  55. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  56. inet 127.0.0.1/8 scope host lo
  57. valid_lft forever preferred_lft forever
  58. inet6 ::1/128 scope host
  59. valid_lft forever preferred_lft forever
  60. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
  61. link/ether XX:XX:XX:XX:XX:33 brd ff:ff:ff:ff:ff:ff
  62. inet6 fe80::3a94:edff:feb6:8633/64 scope link
  63. valid_lft forever preferred_lft forever
  64. 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
  65. link/ether XX:XX:XX:XX:XX:32 brd ff:ff:ff:ff:ff:ff
  66. inet6 fe80::3a94:edff:feb6:8632/64 scope link
  67. valid_lft forever preferred_lft forever
  68. 5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
  69. link/sit 0.0.0.0 brd 0.0.0.0
  70. 6: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
  71. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  72. 7: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
  73. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  74. 8: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
  75. link/gre 0.0.0.0 brd 0.0.0.0
  76. 9: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
  77. link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
  78. 10: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
  79. link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
  80. 13: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  81. link/ether XX:XX:XX:XX:XX:32 brd ff:ff:ff:ff:ff:ff
  82. inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
  83. valid_lft forever preferred_lft forever
  84. inet6 fd93:31ef:a315::1/60 scope global noprefixroute
  85. valid_lft forever preferred_lft forever
  86. inet6 fe80::3a94:edff:feb6:8632/64 scope link
  87. valid_lft forever preferred_lft forever
  88. 14: eth1.1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  89. link/ether XX:XX:XX:XX:XX:32 brd ff:ff:ff:ff:ff:ff
  90. 15: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP group default qlen 1000
  91. link/ether XX:XX:XX:XX:XX:33 brd ff:ff:ff:ff:ff:ff
  92. inet XXX.XXX.XXX.89/22 brd XXX.XXX.XXY.255 scope global eth0.2
  93. valid_lft forever preferred_lft forever
  94. inet 192.168.100.10/24 brd 192.168.100.255 scope global eth0.2
  95. valid_lft forever preferred_lft forever
  96. inet6 fe80::3a94:edff:feb6:8633/64 scope link
  97. valid_lft forever preferred_lft forever
  98. 20: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  99. link/ether XX:XX:XX:XX:XX:35 brd ff:ff:ff:ff:ff:ff
  100. inet6 fe80::3a94:edff:feb6:8635/64 scope link
  101. valid_lft forever preferred_lft forever
  102. 21: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  103. link/ether XX:XX:XX:XX:XX:34 brd ff:ff:ff:ff:ff:ff
  104. inet6 fe80::3a94:edff:feb6:8634/64 scope link
  105. valid_lft forever preferred_lft forever
  106. 45: ifb4eth0.2: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN group default qlen 32
  107. link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  108. inet6 fe80::c089:81ff:fe5e:201d/64 scope link
  109. valid_lft forever preferred_lft forever
  110.  
  111. ip rule show
  112. 0: from all lookup local
  113. 32766: from all lookup main
  114. 32767: from all lookup default
  115.  
  116. iptables-save
  117. # Generated by iptables-save v1.8.3 on Sat Feb 27 00:17:37 2021
  118. *nat
  119. :PREROUTING ACCEPT [4267:890435]
  120. :INPUT ACCEPT [1112:108445]
  121. :OUTPUT ACCEPT [1542:108556]
  122. :POSTROUTING ACCEPT [276:20309]
  123. :MINIUPNPD - [0:0]
  124. :MINIUPNPD-POSTROUTING - [0:0]
  125. :postrouting_lan_rule - [0:0]
  126. :postrouting_rule - [0:0]
  127. :postrouting_wan_rule - [0:0]
  128. :prerouting_lan_rule - [0:0]
  129. :prerouting_rule - [0:0]
  130. :prerouting_wan_rule - [0:0]
  131. :zone_lan_postrouting - [0:0]
  132. :zone_lan_prerouting - [0:0]
  133. :zone_wan_postrouting - [0:0]
  134. :zone_wan_prerouting - [0:0]
  135. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  136. -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  137. -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
  138. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  139. -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  140. -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
  141. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  142. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  143. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  144. -A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
  145. -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  146. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  147. -A zone_wan_prerouting -j MINIUPNPD
  148. COMMIT
  149. # Completed on Sat Feb 27 00:17:37 2021
  150. # Generated by iptables-save v1.8.3 on Sat Feb 27 00:17:37 2021
  151. *raw
  152. :PREROUTING ACCEPT [688507:635848102]
  153. :OUTPUT ACCEPT [21588:5986955]
  154. :zone_lan_helper - [0:0]
  155. -A PREROUTING -i br-lan -m comment --comment "!fw3: lan CT helper assignment" -j zone_lan_helper
  156. COMMIT
  157. # Completed on Sat Feb 27 00:17:37 2021
  158. # Generated by iptables-save v1.8.3 on Sat Feb 27 00:17:37 2021
  159. *mangle
  160. :PREROUTING ACCEPT [688511:635848438]
  161. :INPUT ACCEPT [21569:3139538]
  162. :FORWARD ACCEPT [662672:632459916]
  163. :OUTPUT ACCEPT [21589:5987583]
  164. :POSTROUTING ACCEPT [684072:638438416]
  165. :QOS_MARK_eth0.2 - [0:0]
  166. -A PREROUTING -i vtun+ -p tcp -j MARK --set-xmark 0x2/0xff
  167. -A PREROUTING -i eth0.2 -m dscp ! --dscp 0x00 -j DSCP --set-dscp 0x00
  168. -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  169. -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  170. -A OUTPUT -p udp -m multiport --ports 123,53 -j DSCP --set-dscp 0x24
  171. -A POSTROUTING -o eth0.2 -m mark --mark 0x0/0xff -g QOS_MARK_eth0.2
  172. -A QOS_MARK_eth0.2 -j MARK --set-xmark 0x2/0xff
  173. -A QOS_MARK_eth0.2 -m dscp --dscp 0x08 -j MARK --set-xmark 0x3/0xff
  174. -A QOS_MARK_eth0.2 -m dscp --dscp 0x30 -j MARK --set-xmark 0x1/0xff
  175. -A QOS_MARK_eth0.2 -m dscp --dscp 0x2e -j MARK --set-xmark 0x1/0xff
  176. -A QOS_MARK_eth0.2 -m dscp --dscp 0x24 -j MARK --set-xmark 0x1/0xff
  177. -A QOS_MARK_eth0.2 -m tos --tos 0x10/0x3f -j MARK --set-xmark 0x1/0xff
  178. COMMIT
  179. # Completed on Sat Feb 27 00:17:37 2021
  180. # Generated by iptables-save v1.8.3 on Sat Feb 27 00:17:37 2021
  181. *filter
  182. :INPUT ACCEPT [0:0]
  183. :FORWARD DROP [0:0]
  184. :OUTPUT ACCEPT [0:0]
  185. :MINIUPNPD - [0:0]
  186. :banIP - [0:0]
  187. :forwarding_lan_rule - [0:0]
  188. :forwarding_rule - [0:0]
  189. :forwarding_wan_rule - [0:0]
  190. :input_lan_rule - [0:0]
  191. :input_rule - [0:0]
  192. :input_wan_rule - [0:0]
  193. :output_lan_rule - [0:0]
  194. :output_rule - [0:0]
  195. :output_wan_rule - [0:0]
  196. :reject - [0:0]
  197. :syn_flood - [0:0]
  198. :zone_lan_dest_ACCEPT - [0:0]
  199. :zone_lan_forward - [0:0]
  200. :zone_lan_input - [0:0]
  201. :zone_lan_output - [0:0]
  202. :zone_lan_src_ACCEPT - [0:0]
  203. :zone_wan_dest_ACCEPT - [0:0]
  204. :zone_wan_dest_REJECT - [0:0]
  205. :zone_wan_forward - [0:0]
  206. :zone_wan_input - [0:0]
  207. :zone_wan_output - [0:0]
  208. :zone_wan_src_REJECT - [0:0]
  209. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  210. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  211. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  212. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  213. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  214. -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  215. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  216. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  217. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  218. -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  219. -A FORWARD -m comment --comment "!fw3" -j reject
  220. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  221. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  222. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  223. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  224. -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  225. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set bogon src -j DROP
  226. -A banIP -o eth0.2 -m conntrack --ctstate NEW -m set --match-set bogon dst -j REJECT --reject-with icmp-port-unreachable
  227. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set DoH src -j DROP
  228. -A banIP -o eth0.2 -m conntrack --ctstate NEW -m set --match-set DoH dst -j REJECT --reject-with icmp-port-unreachable
  229. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set tor src -j DROP
  230. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set threat src -j DROP
  231. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set debl src -j DROP
  232. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set yoyo src -j DROP
  233. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set sslbl src -j DROP
  234. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set feodo src -j DROP
  235. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set dshield src -j DROP
  236. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set drop src -j DROP
  237. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set edrop src -j DROP
  238. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set firehol1 src -j DROP
  239. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set firehol2 src -j DROP
  240. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set firehol3 src -j DROP
  241. -A banIP -i eth0.2 -m conntrack --ctstate NEW -m set --match-set firehol4 src -j DROP
  242. -A forwarding_lan_rule -j banIP
  243. -A forwarding_wan_rule -j banIP
  244. -A input_lan_rule -p udp -m udp --sport 67:68 --dport 67:68 -j RETURN
  245. -A input_lan_rule -j banIP
  246. -A input_wan_rule -p udp -m udp --sport 67:68 --dport 67:68 -j RETURN
  247. -A input_wan_rule -j banIP
  248. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  249. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  250. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  251. -A syn_flood -m comment --comment "!fw3" -j DROP
  252. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  253. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  254. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  255. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  256. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  257. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  258. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  259. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  260. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  261. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  262. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  263. -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  264. -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  265. -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
  266. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  267. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  268. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  269. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  270. -A zone_wan_forward -j MINIUPNPD
  271. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  272. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  273. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  274. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  275. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  276. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  277. -A zone_wan_input -j MINIUPNPD
  278. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  279. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  280. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  281. -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
  282. COMMIT
  283. # Completed on Sat Feb 27 00:17:37 2021
  284.  
  285.  
  286.  
  287.  
  288.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!