API tools faq
paste
bdika

vegaetera

bdika
Mar 5th, 2021
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.90 KB | None | 0 0
raw download clone embed print report
  1. # Generated by iptables-save v1.8.3 on Fri Mar 5 10:54:34 2021
  2. *nat
  3. :PREROUTING ACCEPT [427260:55859722]
  4. :INPUT ACCEPT [5701:564729]
  5. :OUTPUT ACCEPT [5645:415955]
  6. :POSTROUTING ACCEPT [6781:356640]
  7. :postrouting_VPN_FW_rule - [0:0]
  8. :postrouting_WGZONE_rule - [0:0]
  9. :postrouting_lan_rule - [0:0]
  10. :postrouting_rule - [0:0]
  11. :postrouting_wan_rule - [0:0]
  12. :prerouting_VPN_FW_rule - [0:0]
  13. :prerouting_WGZONE_rule - [0:0]
  14. :prerouting_lan_rule - [0:0]
  15. :prerouting_rule - [0:0]
  16. :prerouting_wan_rule - [0:0]
  17. :zone_VPN_FW_postrouting - [0:0]
  18. :zone_VPN_FW_prerouting - [0:0]
  19. :zone_WGZONE_postrouting - [0:0]
  20. :zone_WGZONE_prerouting - [0:0]
  21. :zone_lan_postrouting - [0:0]
  22. :zone_lan_prerouting - [0:0]
  23. :zone_wan_postrouting - [0:0]
  24. :zone_wan_prerouting - [0:0]
  25. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  26. -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  27. -A PREROUTING -i eth2 -m comment --comment "!fw3" -j zone_wan_prerouting
  28. -A PREROUTING -i WGINTERFACE -m comment --comment "!fw3" -j zone_WGZONE_prerouting
  29. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  30. -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  31. -A POSTROUTING -o eth2 -m comment --comment "!fw3" -j zone_wan_postrouting
  32. -A POSTROUTING -o WGINTERFACE -m comment --comment "!fw3" -j zone_WGZONE_postrouting
  33. -A zone_VPN_FW_postrouting -m comment --comment "!fw3: Custom VPN_FW postrouting rule chain" -j postrouting_VPN_FW_rule
  34. -A zone_VPN_FW_postrouting -m comment --comment "!fw3" -j MASQUERADE
  35. -A zone_VPN_FW_prerouting -m comment --comment "!fw3: Custom VPN_FW prerouting rule chain" -j prerouting_VPN_FW_rule
  36. -A zone_WGZONE_postrouting -m comment --comment "!fw3: Custom WGZONE postrouting rule chain" -j postrouting_WGZONE_rule
  37. -A zone_WGZONE_postrouting -m comment --comment "!fw3" -j MASQUERADE
  38. -A zone_WGZONE_prerouting -m comment --comment "!fw3: Custom WGZONE prerouting rule chain" -j prerouting_WGZONE_rule
  39. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  40. -A zone_lan_postrouting -s 192.168.x.x/24 -d 192.168.x.xxx/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: gateway80 (reflection)" -j SNAT --to-source 192.168.x.x
  41. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  42. -A zone_lan_prerouting -s 192.168.x.x/24 -d 135.xx.xxx.xxx/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: gateway80 (reflection)" -j DNAT --to-destination 192.168.x.x:80
  43. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  44. -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  45. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  46. -A zone_wan_prerouting -p tcp -m tcp --dport 80 -m comment --comment "!fw3: gateway80" -j DNAT --to-destination 192.168.x.x:80
  47. COMMIT
  48. # Completed on Fri Mar 5 10:54:34 2021
  49. # Generated by iptables-save v1.8.3 on Fri Mar 5 10:54:34 2021
  50. *mangle
  51. :PREROUTING ACCEPT [389184048:503094061578]
  52. :INPUT ACCEPT [174867785:246058333212]
  53. :FORWARD ACCEPT [214197634:257011675229]
  54. :OUTPUT ACCEPT [71797096:16990771154]
  55. :POSTROUTING ACCEPT [285991920:274002071853]
  56. :VPR_MARK0x010000 - [0:0]
  57. :VPR_MARK0x020000 - [0:0]
  58. :VPR_PREROUTING - [0:0]
  59. -A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
  60. -A FORWARD -o eth2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  61. -A FORWARD -o WGINTERFACE -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone WGZONE MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  62. -A VPR_MARK0x010000 -j MARK --set-xmark 0x10000/0xff0000
  63. -A VPR_MARK0x010000 -j RETURN
  64. -A VPR_MARK0x020000 -j MARK --set-xmark 0x20000/0xff0000
  65. -A VPR_MARK0x020000 -j RETURN
  66. -A VPR_PREROUTING -s 192.168.x.x/32 ! -d 192.168.x.x/24 -p tcp -m multiport --sports 80,443 -m comment --comment gateway -g VPR_MARK0x010000
  67. -A VPR_PREROUTING -s 192.168.x.x/32 ! -d 192.168.x.x/24 -p udp -m multiport --sports 80,443 -m comment --comment gateway -g VPR_MARK0x010000
  68. -A VPR_PREROUTING -s 192.168.x.x/32 -m comment --comment teksavvytv -g VPR_MARK0x010000
  69. -A VPR_PREROUTING -s 192.168.x.x/32 -m comment --comment sonytv -g VPR_MARK0x010000
  70. COMMIT
  71. # Completed on Fri Mar 5 10:54:34 2021
  72. # Generated by iptables-save v1.8.3 on Fri Mar 5 10:54:34 2021
  73. *filter
  74. :INPUT ACCEPT [0:0]
  75. :FORWARD DROP [0:0]
  76. :OUTPUT ACCEPT [0:0]
  77. :forwarding_VPN_FW_rule - [0:0]
  78. :forwarding_WGZONE_rule - [0:0]
  79. :forwarding_lan_rule - [0:0]
  80. :forwarding_rule - [0:0]
  81. :forwarding_wan_rule - [0:0]
  82. :input_VPN_FW_rule - [0:0]
  83. :input_WGZONE_rule - [0:0]
  84. :input_lan_rule - [0:0]
  85. :input_rule - [0:0]
  86. :input_wan_rule - [0:0]
  87. :output_VPN_FW_rule - [0:0]
  88. :output_WGZONE_rule - [0:0]
  89. :output_lan_rule - [0:0]
  90. :output_rule - [0:0]
  91. :output_wan_rule - [0:0]
  92. :reject - [0:0]
  93. :syn_flood - [0:0]
  94. :zone_VPN_FW_dest_ACCEPT - [0:0]
  95. :zone_VPN_FW_dest_REJECT - [0:0]
  96. :zone_VPN_FW_forward - [0:0]
  97. :zone_VPN_FW_input - [0:0]
  98. :zone_VPN_FW_output - [0:0]
  99. :zone_VPN_FW_src_REJECT - [0:0]
  100. :zone_WGZONE_dest_ACCEPT - [0:0]
  101. :zone_WGZONE_dest_REJECT - [0:0]
  102. :zone_WGZONE_forward - [0:0]
  103. :zone_WGZONE_input - [0:0]
  104. :zone_WGZONE_output - [0:0]
  105. :zone_WGZONE_src_REJECT - [0:0]
  106. :zone_lan_dest_ACCEPT - [0:0]
  107. :zone_lan_forward - [0:0]
  108. :zone_lan_input - [0:0]
  109. :zone_lan_output - [0:0]
  110. :zone_lan_src_ACCEPT - [0:0]
  111. :zone_wan_dest_ACCEPT - [0:0]
  112. :zone_wan_dest_REJECT - [0:0]
  113. :zone_wan_forward - [0:0]
  114. :zone_wan_input - [0:0]
  115. :zone_wan_output - [0:0]
  116. :zone_wan_src_REJECT - [0:0]
  117. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  118. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  119. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  120. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  121. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  122. -A INPUT -i eth2 -m comment --comment "!fw3" -j zone_wan_input
  123. -A INPUT -i WGINTERFACE -m comment --comment "!fw3" -j zone_WGZONE_input
  124. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  125. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  126. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  127. -A FORWARD -i eth2 -m comment --comment "!fw3" -j zone_wan_forward
  128. -A FORWARD -i WGINTERFACE -m comment --comment "!fw3" -j zone_WGZONE_forward
  129. -A FORWARD -m comment --comment "!fw3" -j reject
  130. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  131. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  132. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  133. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  134. -A OUTPUT -o eth2 -m comment --comment "!fw3" -j zone_wan_output
  135. -A OUTPUT -o WGINTERFACE -m comment --comment "!fw3" -j zone_WGZONE_output
  136. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  137. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  138. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  139. -A syn_flood -m comment --comment "!fw3" -j DROP
  140. -A zone_VPN_FW_forward -m comment --comment "!fw3: Custom VPN_FW forwarding rule chain" -j forwarding_VPN_FW_rule
  141. -A zone_VPN_FW_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  142. -A zone_VPN_FW_forward -m comment --comment "!fw3" -j zone_VPN_FW_dest_REJECT
  143. -A zone_VPN_FW_input -m comment --comment "!fw3: Custom VPN_FW input rule chain" -j input_VPN_FW_rule
  144. -A zone_VPN_FW_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  145. -A zone_VPN_FW_input -m comment --comment "!fw3" -j zone_VPN_FW_src_REJECT
  146. -A zone_VPN_FW_output -m comment --comment "!fw3: Custom VPN_FW output rule chain" -j output_VPN_FW_rule
  147. -A zone_VPN_FW_output -m comment --comment "!fw3" -j zone_VPN_FW_dest_ACCEPT
  148. -A zone_WGZONE_dest_ACCEPT -o WGINTERFACE -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  149. -A zone_WGZONE_dest_ACCEPT -o WGINTERFACE -m comment --comment "!fw3" -j ACCEPT
  150. -A zone_WGZONE_dest_REJECT -o WGINTERFACE -m comment --comment "!fw3" -j reject
  151. -A zone_WGZONE_forward -m comment --comment "!fw3: Custom WGZONE forwarding rule chain" -j forwarding_WGZONE_rule
  152. -A zone_WGZONE_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  153. -A zone_WGZONE_forward -m comment --comment "!fw3" -j zone_WGZONE_dest_REJECT
  154. -A zone_WGZONE_input -m comment --comment "!fw3: Custom WGZONE input rule chain" -j input_WGZONE_rule
  155. -A zone_WGZONE_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  156. -A zone_WGZONE_input -m comment --comment "!fw3" -j zone_WGZONE_src_REJECT
  157. -A zone_WGZONE_output -m comment --comment "!fw3: Custom WGZONE output rule chain" -j output_WGZONE_rule
  158. -A zone_WGZONE_output -m comment --comment "!fw3" -j zone_WGZONE_dest_ACCEPT
  159. -A zone_WGZONE_src_REJECT -i WGINTERFACE -m comment --comment "!fw3" -j reject
  160. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  161. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  162. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to WGZONE forwarding policy" -j zone_WGZONE_dest_ACCEPT
  163. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  164. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  165. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  166. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  167. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  168. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  169. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  170. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  171. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  172. -A zone_wan_dest_ACCEPT -o eth2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  173. -A zone_wan_dest_ACCEPT -o eth2 -m comment --comment "!fw3" -j ACCEPT
  174. -A zone_wan_dest_REJECT -o eth2 -m comment --comment "!fw3" -j reject
  175. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  176. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  177. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  178. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  179. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  180. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  181. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  182. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  183. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  184. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  185. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  186. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  187. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  188. -A zone_wan_src_REJECT -i eth2 -m comment --comment "!fw3" -j reject
  189. COMMIT
  190. # Completed on Fri Mar 5 10:54:34 2021
  191.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!