BusyBox v1.31.1 () built-in shell (ash) ___ __ __ ___

1.  
2.  
3. BusyBox v1.31.1 () built-in shell (ash)
4.  
5. ___ __ __ ___ _____ ___ ___ _
6. / _ \ _ __ ___ _ _ | \/ | _ \_ _/ __| _ \_ _ ___ _ _| |_ ___ _ _
7. | (_) | '_ \/ -_) ' \| |\/| | _/ | || (__| _/ '_/ _ \ || | _/ -_) '_|
8. \___/| .__/\___|_||_|_| |_|_| |_| \___|_| |_| \___/\_,_|\__\___|_|
9. |_|
10. ------------------------------------------------------------------------------
11. (r0+14653-a439f1bb47)
12. ------------------------------------------------------------------------------
13. -----------------------------------------------------
14. PACKAGE: openmptcprouter
15. VERSION: v0.56.4
16.  
17. BUILD REPO: https://github.com/ysurac/openmptcprouter
18. BUILD DATE: Thu Nov 5 21:12:40 UTC 2020
19. -----------------------------------------------------
20. root@OpenMPTCProuter:~# ubus call system board; \
21. > uci export network; uci export wireless; \
22. > uci export dhcp; uci export firewall; \
23. > head -n -0 /etc/firewall.user; \
24. > iptables-save -c; \
25. > ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
26. {
27. "kernel": "5.4.69",
28. "hostname": "OpenMPTCProuter",
29. "system": "ARMv7 Processor rev 3 (v7l)",
30. "model": "Raspberry Pi 4 Model B Rev 1.2",
31. "board_name": "raspberrypi,4-model-b",
32. "release": {
33. "distribution": "openmptcprouter",
34. "version": "v0.56.4",
35. "revision": "r0+14653-a439f1bb47",
36. "target": "bcm27xx/bcm2709",
37. "description": "openmptcprouter v0.56.4 r0+14653-a439f1bb47"
38. }
39. }
40. package network
41.  
42. config interface 'loopback'
43. option ifname 'lo'
44. option proto 'static'
45. option ipaddr '127.0.0.1'
46. option netmask '255.0.0.0'
47. option multipath 'off'
48. option macaddr '00:00:00:00:00:00'
49. option metric '7'
50.  
51. config globals 'globals'
52. option ula_prefix 'fd87:d1cd:a5a9::/48'
53. option multipath 'enable'
54. option mptcp_path_manager 'fullmesh'
55. option mptcp_scheduler 'blest'
56. option congestion 'cubic'
57. option mptcp_checksum '0'
58. option mptcp_debug '0'
59. option mptcp_syn_retries '2'
60. option mptcp_fullmesh_num_subflows '1'
61. option mptcp_fullmesh_create_on_err '1'
62. option mptcp_ndiffports_num_subflows '1'
63.  
64. config interface 'lan'
65. option ifname 'eth0'
66. option proto 'static'
67. option ipaddr '192.168.100.1'
68. option netmask '255.255.255.0'
69. option ip6assign '60'
70. option delegate '0'
71. option multipath 'off'
72. option ip4table 'lan'
73. option macaddr '*****************'
74. option modalias 'of:NethernetT(null)Cbrcm,bcm2711-genet-v5Cbrcm,genet-v5'
75. option metric '8'
76. option label 'lan'
77. option defaultroute '0'
78. option peerdns '0'
79.  
80. config rule 'lan_rule'
81. option lookup 'lan'
82. option priority '100'
83.  
84. config interface 'omrvpn'
85. option ifname 'tun0'
86. option ip4table 'vpn'
87. option multipath 'off'
88. option leasetime '12h'
89. option type 'tunnel'
90. option txqueuelen '100'
91. option ipv6 '0'
92. option metric '11'
93. option proto 'none'
94.  
95. config interface 'omr6in4'
96. option proto '6in4'
97. option ip4table 'vpn'
98. option multipath 'off'
99. option gateway 'fe80::a00:1'
100. option ip6addr 'fe80::a00:2/128'
101. option auto '0'
102. option metric '12'
103. option ipaddr '10.255.255.2'
104. option peeraddr '10.255.255.1'
105.  
106. config interface 'VZW'
107. option ifname 'usb0'
108. option addlatency '0'
109. option macaddr '*************'
110. option metric '16'
111. option label 'verizon'
112. option defaultroute '0'
113. option peerdns '0'
114. option ipv6 '0'
115. option proto 'dhcp'
116. option multipath 'on'
117. option modalias 'usb:v04E8p6864d0C00dc00dsc00dp00icE0isc01ip03in00'
118. option product '4e8/6864/c00'
119.  
120. config interface 'TMB'
121. option addlatency '0'
122. option macaddr '**************'
123. option metric '18'
124. option label 'tmobile'
125. option defaultroute '0'
126. option peerdns '0'
127. option ipv6 '0'
128. option proto 'dhcp'
129. option multipath 'on'
130. option ifname 'usb1'
131. option modalias 'usb:v04E8p6863d0C00dc00dsc00dp00icE0isc01ip03in00'
132. option product '4e8/6863/c00'
133.  
134. config route
135. option interface 'lan'
136. option netmask '255.255.255.0'
137. option gateway '192.168.100.2'
138. option target '192.168.1.0/24'
139.  
140. package wireless
141.  
142. config wifi-device 'radio0'
143. option type 'mac80211'
144. option channel '36'
145. option hwmode '11a'
146. option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
147. option htmode 'VHT80'
148. option country '00'
149.  
150. config wifi-iface 'default_radio0'
151. option device 'radio0'
152. option mode 'ap'
153. option ssid 'OpenWrt'
154. option encryption 'none'
155. option skip_inactivity_poll '1'
156. option network 'wifi'
157. option disabled '1'
158.  
159. package dhcp
160.  
161. config dnsmasq
162. option domainneeded '1'
163. option boguspriv '1'
164. option filterwin2k '0'
165. option localise_queries '1'
166. option rebind_protection '1'
167. option rebind_localhost '1'
168. option local '/lan/'
169. option domain 'lan'
170. option expandhosts '1'
171. option authoritative '1'
172. option readethers '1'
173. option leasefile '/tmp/dhcp.leases'
174. option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
175. option nonwildcard '1'
176. option localservice '1'
177. list server '127.0.0.1#5353'
178. list server '/lan/'
179. list server '/use-application-dns.net/'
180. option noresolv '1'
181. option nonegcache '1'
182. list rebind_domain 'plex.direct'
183. list ipset '/googlevideo.com/omr_dscp-cs4,omr_dscp6-cs4'
184. list ipset '/nflxvideo.net/omr_dscp-cs4,omr_dscp6-cs4'
185. list ipset '/s3.ll.dash.row.aiv-cdn.net/omr_dscp-cs4,omr_dscp6-cs4'
186. list ipset '/d25xi40x97liuc.cloudfront.net/omr_dscp-cs4,omr_dscp6-cs4'
187. list ipset '/aiv-delivery.net/omr_dscp-cs4,omr_dscp6-cs4'
188. list ipset '/vevo.com/omr_dscp-cs4,omr_dscp6-cs4'
189. list ipset '/audio-fa.scdn.com/omr_dscp-cs4,omr_dscp6-cs4'
190. list ipset '/deezer.com/omr_dscp-cs4,omr_dscp6-cs4'
191. list ipset '/sndcdn.com/omr_dscp-cs4,omr_dscp6-cs4'
192. list ipset '/last.fm/omr_dscp-cs4,omr_dscp6-cs4'
193. list ipset '/v.redd.it/omr_dscp-cs4,omr_dscp6-cs4'
194. list ipset '/ttvnw.net/omr_dscp-cs4,omr_dscp6-cs4,omr_dscp-cs4,omr_dscp6-cs4'
195. list ipset '/googletagmanager.com/omr_dscp-cs2,omr_dscp6-cs2'
196. list ipset '/googleusercontent.com/omr_dscp-cs2,omr_dscp6-cs2'
197. list ipset '/google.com/omr_dscp-cs2,omr_dscp6-cs2'
198. list ipset '/fbcdn.net/omr_dscp-cs4,omr_dscp6-cs4,omr_dscp-cs2,omr_dscp6-cs2'
199. list ipset '/akamaihd.net/omr_dscp-cs2,omr_dscp6-cs2'
200. list ipset '/whatsapp.net/omr_dscp-cs2,omr_dscp6-cs2'
201. list ipset '/whatsapp.com/omr_dscp-cs2,omr_dscp6-cs2'
202. list ipset '/googleapis.com/omr_dscp-cs2,omr_dscp6-cs2'
203. list ipset '/1e100.net/omr_dscp-cs2,omr_dscp6-cs2'
204. list ipset '/hwcdn.net/omr_dscp-cs2,omr_dscp6-cs2'
205. list ipset '/download.qq.com/omr_dscp-cs1,omr_dscp6-cs1'
206. list ipset '/steamcontent.com/omr_dscp-cs1,omr_dscp6-cs1'
207. list ipset '/gs2.ww.prod.dl.playstation.net/omr_dscp-cs1,omr_dscp6-cs1'
208. list ipset '/dropbox.com/omr_dscp-cs1,omr_dscp6-cs1'
209. list ipset '/dropboxstatic.com/omr_dscp-cs1,omr_dscp6-cs1'
210. list ipset '/dropbox-dns.com/omr_dscp-cs1,omr_dscp6-cs1'
211. list ipset '/log.getdropbox.com/omr_dscp-cs1,omr_dscp6-cs1'
212. list ipset '/drive.google.com/omr_dscp-cs1,omr_dscp6-cs1'
213. list ipset '/drive-thirdparty.googleusercontent.com/omr_dscp-cs1,omr_dscp6-cs1'
214. list ipset '/docs.google.com/omr_dscp-cs1,omr_dscp6-cs1'
215. list ipset '/docs.googleusercontent.com/omr_dscp-cs1,omr_dscp6-cs1'
216. list ipset '/gvt1.com/omr_dscp-cs1,omr_dscp6-cs1'
217. list ipset '/mmg-fna.whatsapp.net/omr_dscp-cs1,omr_dscp6-cs1'
218. list ipset '/upload.youtube.com/omr_dscp-cs1,omr_dscp6-cs1'
219. list ipset '/upload.video.google.com/omr_dscp-cs1,omr_dscp6-cs1'
220. list ipset '/windowsupdate.com/omr_dscp-cs1,omr_dscp6-cs1'
221. list ipset '/update.microsoft.com/omr_dscp-cs1,omr_dscp6-cs1'
222.  
223. config dhcp 'lan'
224. option interface 'lan'
225. option start '100'
226. option limit '150'
227. option leasetime '12h'
228. option ra_slaac '1'
229. option force '1'
230. list ra_flags 'managed-config'
231. list ra_flags 'other-config'
232.  
233. config dhcp 'wan'
234. option interface 'wan'
235. option ignore '1'
236.  
237. config odhcpd 'odhcpd'
238. option maindhcp '0'
239. option leasefile '/tmp/hosts/odhcpd'
240. option leasetrigger '/usr/sbin/odhcpd-update'
241. option loglevel '4'
242.  
243. package firewall
244.  
245. config defaults
246. option syn_flood '1'
247. option input 'REJECT'
248. option output 'REJECT'
249. option forward 'REJECT'
250. option disable_ipv6 '1'
251.  
252. config zone
253. option name 'lan'
254. option input 'ACCEPT'
255. option output 'ACCEPT'
256. option forward 'ACCEPT'
257. option auto_helper '0'
258. option mtu_fix '1'
259. option network 'lan'
260.  
261. config zone
262. option name 'wan'
263. option input 'REJECT'
264. option output 'ACCEPT'
265. option forward 'REJECT'
266. option masq '1'
267. option mtu_fix '1'
268. option network 'wan wan6 wan2 VZW TMB'
269.  
270. config forwarding
271. option src 'lan'
272. option dest 'wan'
273.  
274. config rule
275. option name 'Allow-DHCP-Renew'
276. option src 'wan'
277. option proto 'udp'
278. option dest_port '68'
279. option target 'ACCEPT'
280. option family 'ipv4'
281.  
282. config rule
283. option name 'Allow-Ping'
284. option src 'wan'
285. option proto 'icmp'
286. option icmp_type 'echo-request'
287. option family 'ipv4'
288. option target 'ACCEPT'
289.  
290. config rule
291. option name 'Allow-IGMP'
292. option src 'wan'
293. option proto 'igmp'
294. option family 'ipv4'
295. option target 'ACCEPT'
296.  
297. config rule
298. option name 'Allow-DHCPv6'
299. option src 'wan'
300. option proto 'udp'
301. option src_ip 'fc00::/6'
302. option dest_ip 'fc00::/6'
303. option dest_port '546'
304. option family 'ipv6'
305. option target 'ACCEPT'
306.  
307. config rule
308. option name 'Allow-MLD'
309. option src 'wan'
310. option proto 'icmp'
311. option src_ip 'fe80::/10'
312. list icmp_type '130/0'
313. list icmp_type '131/0'
314. list icmp_type '132/0'
315. list icmp_type '143/0'
316. option family 'ipv6'
317. option target 'ACCEPT'
318.  
319. config rule
320. option name 'Allow-ICMPv6-Forward'
321. option src 'wan'
322. option dest '*'
323. option proto 'icmp'
324. list icmp_type 'echo-request'
325. list icmp_type 'echo-reply'
326. list icmp_type 'destination-unreachable'
327. list icmp_type 'packet-too-big'
328. list icmp_type 'time-exceeded'
329. list icmp_type 'bad-header'
330. list icmp_type 'unknown-header-type'
331. option limit '1000/sec'
332. option family 'ipv6'
333. option target 'ACCEPT'
334.  
335. config rule
336. option name 'Allow-IPSec-ESP'
337. option src 'wan'
338. option dest 'lan'
339. option proto 'esp'
340. option target 'ACCEPT'
341.  
342. config rule
343. option name 'Allow-ISAKMP'
344. option src 'wan'
345. option dest 'lan'
346. option dest_port '500'
347. option proto 'udp'
348. option target 'ACCEPT'
349.  
350. config rule
351. option name 'Support-UDP-Traceroute'
352. option src 'wan'
353. option dest_port '33434:33689'
354. option proto 'udp'
355. option family 'ipv4'
356. option target 'REJECT'
357. option enabled 'false'
358.  
359. config include
360. option path '/etc/firewall.user'
361.  
362. config rule
363. option enabled '1'
364. option target 'ACCEPT'
365. option name 'Allow-All-LAN-to-VPN'
366. option dest 'vpn'
367. option src 'lan'
368.  
369. config zone 'zone_vpn'
370. option name 'vpn'
371. option masq '1'
372. option input 'REJECT'
373. option forward 'ACCEPT'
374. option output 'ACCEPT'
375. option mtu_fix '1'
376. option network 'glorytun omrvpn omr6in4'
377.  
378. config rule
379. option enabled '1'
380. option target 'ACCEPT'
381. option name 'Allow-All-Ping'
382. option proto 'icmp'
383. option dest '*'
384. option src '*'
385. option icmp_type 'echo-request'
386.  
387. config rule
388. option enabled '1'
389. option target 'ACCEPT'
390. option name 'Allow-VPN-ICMP'
391. option proto 'icmp'
392. option src 'vpn'
393.  
394. config rule
395. option enabled '1'
396. option target 'ACCEPT'
397. option name 'Allow-Lan-to-Wan'
398. option dest 'wan'
399. option src 'lan'
400.  
401. config rule
402. option enabled '1'
403. option target 'ACCEPT'
404. option name 'ICMPv6-Lan-to-OMR'
405. option src 'lan'
406. option family 'ipv6'
407. option proto 'icmp'
408. option limit '1000/sec'
409. option icmp_type 'echo-reply destination-unreachable echo-request router-advertisement router-solicitation time-exceeded'
410.  
411. config include 'omr_server'
412. option path '/etc/firewall.omr-server'
413. option reload '1'
414.  
415. config include 'gre_tunnel'
416. option path '/etc/firewall.gre-tunnel'
417. option reload '1'
418.  
419. config forwarding 'fwlantovpn'
420. option src 'lan'
421. option dest 'vpn'
422.  
423. config rule 'blockquicproxy'
424. option name 'Block QUIC Proxy'
425. option proto 'udp'
426. option dest_port '443'
427. option target 'DROP'
428. option src 'lan'
429.  
430. config rule 'blockquicall'
431. option name 'Block QUIC All'
432. option proto 'udp'
433. option src '*'
434. option dest '*'
435. option dest_port '443'
436. option target 'DROP'
437.  
438. config rule 'allow_dhcp_request_vpn'
439. option name 'Allow-DHCP-Request-VPN'
440. option src 'vpn'
441. option proto 'udp'
442. option dest_port '67'
443. option target 'ACCEPT'
444. option family 'ipv4'
445.  
446. config include 'v2ray'
447. option path '/etc/firewall.v2ray-rules'
448. option reload '1'
449.  
450. config include 'omr_bypass'
451. option path '/etc/firewall.omr-bypass'
452. option reload '1'
453.  
454. config include 'miniupnpd'
455. option type 'script'
456. option path '/usr/share/miniupnpd/firewall.include'
457. option family 'any'
458. option reload '1'
459.  
460. config include 'ss_rules'
461. option path '/etc/firewall.ss-rules'
462. option reload '1'
463.  
464. # This file is interpreted as shell script.
465. # Put your custom iptables rules here, they will
466. # be executed with each firewall (re-)start.
467.  
468. # Internal uci firewall chains are flushed and recreated on reload, so
469. # put custom rules into the root chains e.g. INPUT or FORWARD or into the
470. # special user chains, e.g. input_wan_rule or postrouting_lan_rule.
471. # Generated by iptables-save v1.8.4 on Wed Nov 11 15:56:13 2020
472. *raw
473. :PREROUTING ACCEPT [19483:11530442]
474. :OUTPUT ACCEPT [20208:10770120]
475. COMMIT
476. # Completed on Wed Nov 11 15:56:13 2020
477. # Generated by iptables-save v1.8.4 on Wed Nov 11 15:56:13 2020
478. *nat
479. :PREROUTING ACCEPT [173:138219]
480. :INPUT ACCEPT [98:5946]
481. :OUTPUT ACCEPT [588:48978]
482. :POSTROUTING ACCEPT [71:4566]
483. :MINIUPNPD - [0:0]
484. :MINIUPNPD-POSTROUTING - [0:0]
485. :postrouting_lan_rule - [0:0]
486. :postrouting_rule - [0:0]
487. :postrouting_vpn_rule - [0:0]
488. :postrouting_wan_rule - [0:0]
489. :prerouting_lan_rule - [0:0]
490. :prerouting_rule - [0:0]
491. :prerouting_vpn_rule - [0:0]
492. :prerouting_wan_rule - [0:0]
493. :ssr_def_dst - [0:0]
494. :ssr_def_forward - [0:0]
495. :ssr_def_local_out - [0:0]
496. :ssr_def_pre_src - [0:0]
497. :ssr_def_src - [0:0]
498. :zone_lan_postrouting - [0:0]
499. :zone_lan_prerouting - [0:0]
500. :zone_vpn_postrouting - [0:0]
501. :zone_vpn_prerouting - [0:0]
502. :zone_wan_postrouting - [0:0]
503. :zone_wan_prerouting - [0:0]
504. [53:2756] -A PREROUTING -p tcp -j ssr_def_pre_src
505. [58:3281] -A PREROUTING -p tcp -j ssr_def_pre_src
506. [242:187839] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
507. [233:187083] -A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
508. [0:0] -A PREROUTING -i usb0 -m comment --comment "!fw3" -j zone_wan_prerouting
509. [0:0] -A PREROUTING -i usb1 -m comment --comment "!fw3" -j zone_wan_prerouting
510. [9:756] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
511. [231:16200] -A OUTPUT -p tcp -j ssr_def_local_out
512. [449:41452] -A OUTPUT -p tcp -j ssr_def_local_out
513. [865:71947] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
514. [0:0] -A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
515. [150:16235] -A POSTROUTING -o usb0 -m comment --comment "!fw3" -j zone_wan_postrouting
516. [198:16404] -A POSTROUTING -o usb1 -m comment --comment "!fw3" -j zone_wan_postrouting
517. [399:31637] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
518. [0:0] -A ssr_def_dst -m set --match-set omr_dst_bypass_usb1 dst -j MARK --set-xmark 0x53918/0xffffffff
519. [0:0] -A ssr_def_dst -m mark --mark 0x53918 -j RETURN
520. [0:0] -A ssr_def_dst -m set --match-set omr_dst_bypass_usb0 dst -j MARK --set-xmark 0x53916/0xffffffff
521. [0:0] -A ssr_def_dst -m mark --mark 0x53916 -j RETURN
522. [0:0] -A ssr_def_dst -m set --match-set omr_dst_bypass_tun0 dst -j MARK --set-xmark 0x53911/0xffffffff
523. [0:0] -A ssr_def_dst -m mark --mark 0x53911 -j RETURN
524. [0:0] -A ssr_def_dst -m set --match-set omr_dst_bypass_eth0 dst -j MARK --set-xmark 0x5398/0xffffffff
525. [0:0] -A ssr_def_dst -m mark --mark 0x5398 -j RETURN
526. [0:0] -A ssr_def_dst -m set --match-set omr_dst_bypass_lo dst -j MARK --set-xmark 0x5397/0xffffffff
527. [0:0] -A ssr_def_dst -m mark --mark 0x5397 -j RETURN
528. [0:0] -A ssr_def_dst -m mark --mark 0x539 -j RETURN
529. [0:0] -A ssr_def_dst -m set --match-set omr_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
530. [0:0] -A ssr_def_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
531. [0:0] -A ssr_def_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
532. [0:0] -A ssr_def_dst -m set --match-set ss_rules_dst_forward dst -j ssr_def_forward
533. [0:0] -A ssr_def_dst -m comment --comment "dst_default: forward" -j ssr_def_forward
534. [57:2996] -A ssr_def_forward -p tcp -j REDIRECT --to-ports 1100-1101
535. [0:0] -A ssr_def_local_out -m set --match-set omr_dst_bypass_usb1 dst -j MARK --set-xmark 0x53918/0xffffffff
536. [0:0] -A ssr_def_local_out -m mark --mark 0x53918 -j RETURN
537. [0:0] -A ssr_def_local_out -m set --match-set omr_dst_bypass_usb0 dst -j MARK --set-xmark 0x53916/0xffffffff
538. [0:0] -A ssr_def_local_out -m mark --mark 0x53916 -j RETURN
539. [0:0] -A ssr_def_local_out -m set --match-set omr_dst_bypass_tun0 dst -j MARK --set-xmark 0x53911/0xffffffff
540. [0:0] -A ssr_def_local_out -m mark --mark 0x53911 -j RETURN
541. [0:0] -A ssr_def_local_out -m set --match-set omr_dst_bypass_eth0 dst -j MARK --set-xmark 0x5398/0xffffffff
542. [0:0] -A ssr_def_local_out -m mark --mark 0x5398 -j RETURN
543. [0:0] -A ssr_def_local_out -m set --match-set omr_dst_bypass_lo dst -j MARK --set-xmark 0x5397/0xffffffff
544. [0:0] -A ssr_def_local_out -m mark --mark 0x5397 -j RETURN
545. [0:0] -A ssr_def_local_out -m set --match-set omr_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
546. [0:0] -A ssr_def_local_out -m mark --mark 0x539 -j RETURN
547. [0:0] -A ssr_def_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
548. [0:0] -A ssr_def_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
549. [454:31920] -A ssr_def_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
550. [0:0] -A ssr_def_local_out -m mark --mark 0x539 -j RETURN
551. [4:240] -A ssr_def_local_out -p tcp -m comment --comment "local_default: forward" -j ssr_def_forward
552. [0:0] -A ssr_def_pre_src -m set --match-set omr_dst_bypass_usb1 dst -j MARK --set-xmark 0x53918/0xffffffff
553. [0:0] -A ssr_def_pre_src -m mark --mark 0x53918 -j RETURN
554. [0:0] -A ssr_def_pre_src -m set --match-set omr_dst_bypass_usb0 dst -j MARK --set-xmark 0x53916/0xffffffff
555. [0:0] -A ssr_def_pre_src -m mark --mark 0x53916 -j RETURN
556. [0:0] -A ssr_def_pre_src -m set --match-set omr_dst_bypass_tun0 dst -j MARK --set-xmark 0x53911/0xffffffff
557. [0:0] -A ssr_def_pre_src -m mark --mark 0x53911 -j RETURN
558. [0:0] -A ssr_def_pre_src -m set --match-set omr_dst_bypass_eth0 dst -j MARK --set-xmark 0x5398/0xffffffff
559. [0:0] -A ssr_def_pre_src -m mark --mark 0x5398 -j RETURN
560. [0:0] -A ssr_def_pre_src -m set --match-set omr_dst_bypass_lo dst -j MARK --set-xmark 0x5397/0xffffffff
561. [0:0] -A ssr_def_pre_src -m mark --mark 0x5397 -j RETURN
562. [0:0] -A ssr_def_pre_src -m set --match-set omr_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
563. [0:0] -A ssr_def_pre_src -m mark --mark 0x539 -j RETURN
564. [0:0] -A ssr_def_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
565. [0:0] -A ssr_def_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
566. [0:0] -A ssr_def_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
567. [0:0] -A ssr_def_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
568. [0:0] -A ssr_def_pre_src -m mark --mark 0x539 -j RETURN
569. [53:2756] -A ssr_def_pre_src -p tcp -j ssr_def_src
570. [0:0] -A ssr_def_src -m set --match-set ss_rules_src_bypass src -j RETURN
571. [0:0] -A ssr_def_src -m set --match-set ss_rules_src_forward src -j ssr_def_forward
572. [0:0] -A ssr_def_src -m set --match-set ss_rules_src_checkdst src -j ssr_def_dst
573. [53:2756] -A ssr_def_src -m comment --comment "src_default: forward" -j ssr_def_forward
574. [0:0] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
575. [233:187083] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
576. [399:31637] -A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
577. [399:31637] -A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
578. [9:756] -A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
579. [348:32639] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
580. [348:32639] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
581. [0:0] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
582. COMMIT
583. # Completed on Wed Nov 11 15:56:13 2020
584. # Generated by iptables-save v1.8.4 on Wed Nov 11 15:56:13 2020
585. *mangle
586. :PREROUTING ACCEPT [14971:9971419]
587. :INPUT ACCEPT [14822:9849836]
588. :FORWARD ACCEPT [149:121583]
589. :OUTPUT ACCEPT [15698:9770510]
590. :POSTROUTING ACCEPT [15705:9771362]
591. :QOS_MARK_usb0 - [0:0]
592. :QOS_MARK_usb1 - [0:0]
593. :dscp_mark - [0:0]
594. :dscp_output - [0:0]
595. :dscp_postrouting - [0:0]
596. :dscp_prerouting - [0:0]
597. :omr-bypass - [0:0]
598. :omr-bypass-dpi - [0:0]
599. :omr-bypass-local - [0:0]
600. :omr-gre-tunnel - [0:0]
601. [3267:634163] -A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass
602. [0:0] -A PREROUTING -i vtun+ -p tcp -j MARK --set-xmark 0x2/0xff
603. [5398:2638627] -A PREROUTING -i usb0 -m dscp ! --dscp 0x00 -j DSCP --set-dscp 0x00
604. [7271:7442119] -A PREROUTING -i usb1 -m dscp ! --dscp 0x00 -j DSCP --set-dscp 0x00
605. [4435:942358] -A PREROUTING -i eth0 -j dscp_prerouting
606. [3996:901636] -A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-gre-tunnel
607. [0:0] -A PREROUTING -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
608. [4435:942358] -A PREROUTING -i eth0 -j dscp_mark
609. [3160:593349] -A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass-dpi
610. [0:0] -A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone lan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
611. [0:0] -A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone lan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
612. [0:0] -A FORWARD -o usb0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
613. [0:0] -A FORWARD -i usb0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
614. [0:0] -A FORWARD -o usb1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
615. [0:0] -A FORWARD -i usb1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
616. [0:0] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
617. [0:0] -A FORWARD -i tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
618. [15489:9818506] -A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
619. [20160:10760121] -A OUTPUT -j dscp_output
620. [694:63332] -A OUTPUT -p udp -m multiport --ports 123,53 -j DSCP --set-dscp 0x24
621. [15077:9709297] -A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-dpi
622. [20213:10772240] -A POSTROUTING -j dscp_postrouting
623. [20058:10753197] -A POSTROUTING -j dscp_mark
624. [4922:356412] -A POSTROUTING -o usb1 -m mark --mark 0x0/0xff -g QOS_MARK_usb1
625. [5160:919371] -A POSTROUTING -o usb0 -m mark --mark 0x0/0xff -g QOS_MARK_usb0
626. [660:64583] -A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass-dpi
627. [5160:919371] -A QOS_MARK_usb0 -j MARK --set-xmark 0x2/0xff
628. [0:0] -A QOS_MARK_usb0 -m dscp --dscp 0x08 -j MARK --set-xmark 0x3/0xff
629. [0:0] -A QOS_MARK_usb0 -m dscp --dscp 0x30 -j MARK --set-xmark 0x1/0xff
630. [0:0] -A QOS_MARK_usb0 -m dscp --dscp 0x2e -j MARK --set-xmark 0x1/0xff
631. [0:0] -A QOS_MARK_usb0 -m dscp --dscp 0x24 -j MARK --set-xmark 0x1/0xff
632. [0:0] -A QOS_MARK_usb0 -m tos --tos 0x10/0x3f -j MARK --set-xmark 0x1/0xff
633. [4922:356412] -A QOS_MARK_usb1 -j MARK --set-xmark 0x2/0xff
634. [0:0] -A QOS_MARK_usb1 -m dscp --dscp 0x08 -j MARK --set-xmark 0x3/0xff
635. [0:0] -A QOS_MARK_usb1 -m dscp --dscp 0x30 -j MARK --set-xmark 0x1/0xff
636. [0:0] -A QOS_MARK_usb1 -m dscp --dscp 0x2e -j MARK --set-xmark 0x1/0xff
637. [0:0] -A QOS_MARK_usb1 -m dscp --dscp 0x24 -j MARK --set-xmark 0x1/0xff
638. [0:0] -A QOS_MARK_usb1 -m tos --tos 0x10/0x3f -j MARK --set-xmark 0x1/0xff
639. [0:0] -A dscp_mark -m comment --comment cs4 -m dscp --dscp 0x20 -j MARK --set-xmark 0x7874756e/0xffffffff
640. [608:84674] -A dscp_mark -m comment --comment cs5 -m dscp --dscp 0x28 -j MARK --set-xmark 0x7874756e/0xffffffff
641. [1276:176792] -A dscp_mark -m comment --comment cs6 -m dscp --dscp 0x30 -j MARK --set-xmark 0x7874756e/0xffffffff
642. [0:0] -A dscp_mark -m comment --comment cs7 -m dscp --dscp 0x38 -j MARK --set-xmark 0x7874756e/0xffffffff
643. [898:74690] -A dscp_output -o tun0 -j DSCP --set-dscp 0x30
644. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs0 src,dst -m comment --comment cs0 -j DSCP --set-dscp 0x00
645. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs0 src,dst -m comment --comment cs0 -j RETURN
646. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs1 src,dst -m comment --comment cs1 -j DSCP --set-dscp 0x08
647. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs1 src,dst -m comment --comment cs1 -j RETURN
648. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs2 src,dst -m comment --comment cs2 -j DSCP --set-dscp 0x10
649. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs2 src,dst -m comment --comment cs2 -j RETURN
650. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs3 src,dst -m comment --comment cs3 -j DSCP --set-dscp 0x18
651. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs3 src,dst -m comment --comment cs3 -j RETURN
652. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs4 src,dst -m comment --comment cs4 -j DSCP --set-dscp 0x20
653. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs4 src,dst -m comment --comment cs4 -j RETURN
654. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs5 src,dst -m comment --comment cs5 -j DSCP --set-dscp 0x28
655. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs5 src,dst -m comment --comment cs5 -j RETURN
656. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs6 src,dst -m comment --comment cs6 -j DSCP --set-dscp 0x30
657. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs6 src,dst -m comment --comment cs6 -j RETURN
658. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs7 src,dst -m comment --comment cs7 -j DSCP --set-dscp 0x38
659. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-cs7 src,dst -m comment --comment cs7 -j RETURN
660. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-ef src,dst -m comment --comment ef -j DSCP --set-dscp 0x2e
661. [0:0] -A dscp_postrouting -m set --match-set omr_dscp-ef src,dst -m comment --comment ef -j RETURN
662. [280:31425] -A dscp_postrouting -p icmp -m comment --comment ICMP -j DSCP --set-dscp 0x28
663. [280:31425] -A dscp_postrouting -p icmp -m comment --comment ICMP -j RETURN
664. [335:53837] -A dscp_postrouting -p udp -m multiport --sports 53,123,5353 -m multiport --dports 0:65535 -m comment --comment "DNS udp and NTP" -j DSCP --set-dscp 0x28
665. [335:53837] -A dscp_postrouting -p udp -m multiport --sports 53,123,5353 -m multiport --dports 0:65535 -m comment --comment "DNS udp and NTP" -j RETURN
666. [0:0] -A dscp_postrouting -p tcp -m multiport --sports 53,5353 -m multiport --dports 0:65535 -m comment --comment "DNS tcp" -j DSCP --set-dscp 0x28
667. [0:0] -A dscp_postrouting -p tcp -m multiport --sports 53,5353 -m multiport --dports 0:65535 -m comment --comment "DNS tcp" -j RETURN
668. [1163:165305] -A dscp_postrouting -p tcp -m multiport --sports 0:65535 -m multiport --dports 65001,65301,65011 -m comment --comment "OMR vpn" -j DSCP --set-dscp 0x30
669. [1163:165305] -A dscp_postrouting -p tcp -m multiport --sports 0:65535 -m multiport --dports 65001,65301,65011 -m comment --comment "OMR vpn" -j RETURN
670. [0:0] -A dscp_postrouting -p udp -m multiport --sports 0:65535 -m multiport --dports 65001,65301 -m comment --comment "OMR vpn" -j DSCP --set-dscp 0x30
671. [0:0] -A dscp_postrouting -p udp -m multiport --sports 0:65535 -m multiport --dports 65001,65301 -m comment --comment "OMR vpn" -j RETURN
672. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs0 src,dst -m comment --comment cs0 -j DSCP --set-dscp 0x00
673. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs0 src,dst -m comment --comment cs0 -j RETURN
674. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs1 src,dst -m comment --comment cs1 -j DSCP --set-dscp 0x08
675. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs1 src,dst -m comment --comment cs1 -j RETURN
676. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs2 src,dst -m comment --comment cs2 -j DSCP --set-dscp 0x10
677. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs2 src,dst -m comment --comment cs2 -j RETURN
678. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs3 src,dst -m comment --comment cs3 -j DSCP --set-dscp 0x18
679. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs3 src,dst -m comment --comment cs3 -j RETURN
680. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs4 src,dst -m comment --comment cs4 -j DSCP --set-dscp 0x20
681. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs4 src,dst -m comment --comment cs4 -j RETURN
682. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs5 src,dst -m comment --comment cs5 -j DSCP --set-dscp 0x28
683. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs5 src,dst -m comment --comment cs5 -j RETURN
684. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs6 src,dst -m comment --comment cs6 -j DSCP --set-dscp 0x30
685. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs6 src,dst -m comment --comment cs6 -j RETURN
686. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs7 src,dst -m comment --comment cs7 -j DSCP --set-dscp 0x38
687. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-cs7 src,dst -m comment --comment cs7 -j RETURN
688. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-ef src,dst -m comment --comment ef -j DSCP --set-dscp 0x2e
689. [0:0] -A dscp_prerouting -m set --match-set omr_dscp-ef src,dst -m comment --comment ef -j RETURN
690. [0:0] -A dscp_prerouting -p icmp -m comment --comment ICMP -j DSCP --set-dscp 0x28
691. [0:0] -A dscp_prerouting -p icmp -m comment --comment ICMP -j RETURN
692. [0:0] -A dscp_prerouting -p udp -m multiport --sports 53,123,5353 -m multiport --dports 0:65535 -m comment --comment "DNS udp and NTP" -j DSCP --set-dscp 0x28
693. [0:0] -A dscp_prerouting -p udp -m multiport --sports 53,123,5353 -m multiport --dports 0:65535 -m comment --comment "DNS udp and NTP" -j RETURN
694. [0:0] -A dscp_prerouting -p tcp -m multiport --sports 53,5353 -m multiport --dports 0:65535 -m comment --comment "DNS tcp" -j DSCP --set-dscp 0x28
695. [0:0] -A dscp_prerouting -p tcp -m multiport --sports 53,5353 -m multiport --dports 0:65535 -m comment --comment "DNS tcp" -j RETURN
696. [0:0] -A dscp_prerouting -p tcp -m multiport --sports 0:65535 -m multiport --dports 65001,65301,65011 -m comment --comment "OMR vpn" -j DSCP --set-dscp 0x30
697. [0:0] -A dscp_prerouting -p tcp -m multiport --sports 0:65535 -m multiport --dports 65001,65301,65011 -m comment --comment "OMR vpn" -j RETURN
698. [0:0] -A dscp_prerouting -p udp -m multiport --sports 0:65535 -m multiport --dports 65001,65301 -m comment --comment "OMR vpn" -j DSCP --set-dscp 0x30
699. [0:0] -A dscp_prerouting -p udp -m multiport --sports 0:65535 -m multiport --dports 65001,65301 -m comment --comment "OMR vpn" -j RETURN
700. [0:0] -A omr-bypass -m set --match-set omr_dst_bypass_usb1 dst -j MARK --set-xmark 0x53918/0xffffffff
701. [0:0] -A omr-bypass -m set --match-set omr_dst_bypass_usb0 dst -j MARK --set-xmark 0x53916/0xffffffff
702. [0:0] -A omr-bypass -m set --match-set omr_dst_bypass_tun0 dst -j MARK --set-xmark 0x53911/0xffffffff
703. [0:0] -A omr-bypass -m set --match-set omr_dst_bypass_eth0 dst -j MARK --set-xmark 0x5398/0xffffffff
704. [0:0] -A omr-bypass -m set --match-set omr_dst_bypass_lo dst -j MARK --set-xmark 0x5397/0xffffffff
705. [0:0] -A omr-bypass -m set --match-set omr_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
706. [0:0] -A omr-bypass-local -m set --match-set omr_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
707. COMMIT
708. # Completed on Wed Nov 11 15:56:13 2020
709. # Generated by iptables-save v1.8.4 on Wed Nov 11 15:56:13 2020
710. *filter
711. :INPUT DROP [0:0]
712. :FORWARD DROP [0:0]
713. :OUTPUT DROP [0:0]
714. :MINIUPNPD - [0:0]
715. :forwarding_lan_rule - [0:0]
716. :forwarding_rule - [0:0]
717. :forwarding_vpn_rule - [0:0]
718. :forwarding_wan_rule - [0:0]
719. :input_lan_rule - [0:0]
720. :input_rule - [0:0]
721. :input_vpn_rule - [0:0]
722. :input_wan_rule - [0:0]
723. :output_lan_rule - [0:0]
724. :output_rule - [0:0]
725. :output_vpn_rule - [0:0]
726. :output_wan_rule - [0:0]
727. :reject - [0:0]
728. :syn_flood - [0:0]
729. :zone_lan_dest_ACCEPT - [0:0]
730. :zone_lan_forward - [0:0]
731. :zone_lan_input - [0:0]
732. :zone_lan_output - [0:0]
733. :zone_lan_src_ACCEPT - [0:0]
734. :zone_vpn_dest_ACCEPT - [0:0]
735. :zone_vpn_forward - [0:0]
736. :zone_vpn_input - [0:0]
737. :zone_vpn_output - [0:0]
738. :zone_vpn_src_REJECT - [0:0]
739. :zone_wan_dest_ACCEPT - [0:0]
740. :zone_wan_dest_REJECT - [0:0]
741. :zone_wan_forward - [0:0]
742. :zone_wan_input - [0:0]
743. :zone_wan_output - [0:0]
744. :zone_wan_src_REJECT - [0:0]
745. [932:88354] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
746. [16196:10506628] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
747. [15894:10486520] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
748. [87:4524] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
749. [293:19352] -A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
750. [0:0] -A INPUT -i usb0 -m comment --comment "!fw3" -j zone_wan_input
751. [0:0] -A INPUT -i usb1 -m comment --comment "!fw3" -j zone_wan_input
752. [9:756] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
753. [0:0] -A INPUT -m comment --comment "!fw3" -j reject
754. [206:185851] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
755. [37:3064] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
756. [0:0] -A FORWARD -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-All-Ping" -j ACCEPT
757. [157:182109] -A FORWARD -p udp -m udp --dport 443 -m comment --comment "!fw3: Block QUIC All" -j DROP
758. [12:678] -A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
759. [0:0] -A FORWARD -i usb0 -m comment --comment "!fw3" -j zone_wan_forward
760. [0:0] -A FORWARD -i usb1 -m comment --comment "!fw3" -j zone_wan_forward
761. [0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
762. [0:0] -A FORWARD -m comment --comment "!fw3" -j reject
763. [893:84984] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
764. [17163:10276546] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
765. [16331:10207491] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
766. [0:0] -A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
767. [231:20774] -A OUTPUT -o usb0 -m comment --comment "!fw3" -j zone_wan_output
768. [198:16404] -A OUTPUT -o usb1 -m comment --comment "!fw3" -j zone_wan_output
769. [403:31877] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
770. [0:0] -A OUTPUT -m comment --comment "!fw3" -j reject
771. [0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
772. [0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
773. [87:4524] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
774. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
775. [0:0] -A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
776. [12:678] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
777. [12:678] -A zone_lan_forward -p tcp -m comment --comment "!fw3: Allow-All-LAN-to-VPN" -j zone_vpn_dest_ACCEPT
778. [0:0] -A zone_lan_forward -p udp -m comment --comment "!fw3: Allow-All-LAN-to-VPN" -j zone_vpn_dest_ACCEPT
779. [0:0] -A zone_lan_forward -p tcp -m comment --comment "!fw3: Allow-Lan-to-Wan" -j zone_wan_dest_ACCEPT
780. [0:0] -A zone_lan_forward -p udp -m comment --comment "!fw3: Allow-Lan-to-Wan" -j zone_wan_dest_ACCEPT
781. [0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
782. [0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
783. [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
784. [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
785. [293:19352] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
786. [0:0] -A zone_lan_input -p udp -m udp --dport 443 -m comment --comment "!fw3: Block QUIC Proxy" -j DROP
787. [87:4524] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
788. [206:14828] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
789. [0:0] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
790. [0:0] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
791. [206:14828] -A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
792. [12:678] -A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
793. [403:31877] -A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
794. [0:0] -A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
795. [0:0] -A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
796. [0:0] -A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
797. [9:756] -A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
798. [9:756] -A zone_vpn_input -p icmp -m comment --comment "!fw3: Allow-VPN-ICMP" -j ACCEPT
799. [0:0] -A zone_vpn_input -p udp -m udp --dport 67 -m comment --comment "!fw3: Allow-DHCP-Request-VPN" -j ACCEPT
800. [0:0] -A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
801. [0:0] -A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_REJECT
802. [403:31877] -A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
803. [403:31877] -A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
804. [0:0] -A zone_vpn_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
805. [23:1380] -A zone_wan_dest_ACCEPT -o usb0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
806. [208:19394] -A zone_wan_dest_ACCEPT -o usb0 -m comment --comment "!fw3" -j ACCEPT
807. [0:0] -A zone_wan_dest_ACCEPT -o usb1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
808. [198:16404] -A zone_wan_dest_ACCEPT -o usb1 -m comment --comment "!fw3" -j ACCEPT
809. [0:0] -A zone_wan_dest_REJECT -o usb0 -m comment --comment "!fw3" -j reject
810. [0:0] -A zone_wan_dest_REJECT -o usb1 -m comment --comment "!fw3" -j reject
811. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
812. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
813. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
814. [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
815. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
816. [0:0] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
817. [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
818. [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
819. [0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
820. [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
821. [0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
822. [429:37178] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
823. [429:37178] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
824. [0:0] -A zone_wan_src_REJECT -i usb0 -m comment --comment "!fw3" -j reject
825. [0:0] -A zone_wan_src_REJECT -i usb1 -m comment --comment "!fw3" -j reject
826. COMMIT
827. # Completed on Wed Nov 11 15:56:13 2020
828. 1: lo: <LOOPBACK,UP,LOWER_UP,80000> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
829. inet 127.0.0.1/8 scope host lo
830. valid_lft forever preferred_lft forever
831. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP,80000> mtu 1500 qdisc mq state UP group default qlen 1000
832. inet 192.168.100.1/24 brd 192.168.100.255 scope global eth0
833. valid_lft forever preferred_lft forever
834. 10: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc fq_codel state UNKNOWN group default qlen 100
835. inet 192.168.42.169/24 brd 192.168.42.255 scope global usb0
836. valid_lft forever preferred_lft forever
837. 11: usb1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
838. inet 192.168.42.149/24 brd 192.168.42.255 scope global usb1
839. valid_lft forever preferred_lft forever
840. 24: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP,80000> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
841. inet 10.255.255.2 peer 10.255.255.1/32 scope global tun0
842. valid_lft forever preferred_lft forever
843. default via 10.255.255.1 dev tun0 table 11
844. 10.255.255.2 dev tun0 table 11 scope link
845. default via 192.168.42.129 dev usb0 table 16
846. 192.168.42.0/24 dev usb0 table 16 scope link
847. default via 192.168.42.129 dev usb1 table 18
848. 192.168.42.0/24 dev usb1 table 18 scope link
849. 192.168.1.0/24 via 192.168.100.2 dev eth0 table lan proto static metric 8
850. 192.168.100.0/24 dev eth0 table lan proto static scope link metric 8
851. default via 10.255.255.1 dev tun0
852. default via 10.255.255.1 dev tun0 metric 11
853. default via 192.168.42.129 dev usb0 metric 16
854. default via 192.168.42.129 dev usb1 metric 18
855. 10.255.255.1 dev tun0 proto kernel scope link src 10.255.255.2
856. 10.255.255.2 dev tun0 scope link metric 11
857. 23.237.137.xxx
858. nexthop via 192.168.42.129 dev usb0 weight 1
859. nexthop via 192.168.42.129 dev usb1 weight 1
860. 127.0.0.0/8 dev lo proto static scope link metric 7
861. 192.168.1.0/24 via 192.168.100.2 dev eth0
862. 192.168.42.0/24 dev usb0 scope link metric 16
863. 192.168.42.0/24 dev usb1 scope link metric 18
864. local 10.255.255.2 dev tun0 table local proto kernel scope host src 10.255.255.2
865. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
866. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
867. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
868. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
869. broadcast 192.168.42.0 dev usb1 table local proto kernel scope link src 192.168.42.149
870. broadcast 192.168.42.0 dev usb0 table local proto kernel scope link src 192.168.42.169
871. local 192.168.42.149 dev usb1 table local proto kernel scope host src 192.168.42.149
872. local 192.168.42.169 dev usb0 table local proto kernel scope host src 192.168.42.169
873. broadcast 192.168.42.255 dev usb1 table local proto kernel scope link src 192.168.42.149
874. broadcast 192.168.42.255 dev usb0 table local proto kernel scope link src 192.168.42.169
875. broadcast 192.168.100.0 dev eth0 table local proto kernel scope link src 192.168.100.1
876. local 192.168.100.1 dev eth0 table local proto kernel scope host src 192.168.100.1
877. broadcast 192.168.100.255 dev eth0 table local proto kernel scope link src 192.168.100.1
878. 0: from all lookup local
879. 0: from 10.255.255.2 lookup 11
880. 0: from 192.168.42.149 lookup 18
881. 0: from 192.168.42.169 lookup 16
882. 1: from all fwmark 0x5397 lookup 7
883. 1: from all fwmark 0x5398 lookup 8
884. 1: from all fwmark 0x53911 lookup 11
885. 1: from all fwmark 0x53916 lookup 16
886. 1: from all fwmark 0x53918 lookup 18
887. 1: from all fwmark 0x539 lookup 991337
888. 100: from all lookup lan
889. 10000: from 192.168.100.1 lookup lan
890. 20000: from all to 192.168.100.1/24 lookup lan
891. 32766: from all lookup main
892. 32767: from all lookup default
893. 90002: from all iif lo lookup lan
894. root@OpenMPTCProuter:~#