API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 18th, 2018
153
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.45 KB | None | 0 0
raw download clone embed print report
  1. root@OpenWRT:/# iptables -L
  2. Chain INPUT (policy ACCEPT)
  3. target prot opt source destination
  4. ndsRTR all -- anywhere anywhere
  5. ACCEPT all -- anywhere anywhere /* !fw3 */
  6. input_rule all -- anywhere anywhere /* !fw3: Custom input rule chain */
  7. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  8. syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
  9. zone_lan_input all -- anywhere anywhere /* !fw3 */
  10. zone_wan_input all -- anywhere anywhere /* !fw3 */
  11. zone_wlan_input all -- anywhere anywhere /* !fw3 */
  12.  
  13. Chain FORWARD (policy DROP)
  14. target prot opt source destination
  15. ndsNET all -- anywhere anywhere
  16. forwarding_rule all -- anywhere anywhere /* !fw3: Custom forwarding rule chain */
  17. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  18. zone_lan_forward all -- anywhere anywhere /* !fw3 */
  19. zone_wan_forward all -- anywhere anywhere /* !fw3 */
  20. zone_wlan_forward all -- anywhere anywhere /* !fw3 */
  21. reject all -- anywhere anywhere /* !fw3 */
  22.  
  23. Chain OUTPUT (policy ACCEPT)
  24. target prot opt source destination
  25. ACCEPT all -- anywhere anywhere /* !fw3 */
  26. output_rule all -- anywhere anywhere /* !fw3: Custom output rule chain */
  27. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
  28. zone_lan_output all -- anywhere anywhere /* !fw3 */
  29. zone_wan_output all -- anywhere anywhere /* !fw3 */
  30. zone_wlan_output all -- anywhere anywhere /* !fw3 */
  31.  
  32. Chain forwarding_lan_rule (1 references)
  33. target prot opt source destination
  34.  
  35. Chain forwarding_rule (1 references)
  36. target prot opt source destination
  37.  
  38. Chain forwarding_wan_rule (1 references)
  39. target prot opt source destination
  40.  
  41. Chain forwarding_wlan_rule (1 references)
  42. target prot opt source destination
  43.  
  44. Chain input_lan_rule (1 references)
  45. target prot opt source destination
  46.  
  47. Chain input_rule (1 references)
  48. target prot opt source destination
  49.  
  50. Chain input_wan_rule (1 references)
  51. target prot opt source destination
  52.  
  53. Chain input_wlan_rule (1 references)
  54. target prot opt source destination
  55.  
  56. Chain ndsAUT (1 references)
  57. target prot opt source destination
  58. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
  59. REJECT all -- anywhere 192.168.0.0/16 reject-with icmp-port-unreachable
  60. REJECT all -- anywhere 10.0.0.0/8 reject-with icmp-port-unreachable
  61. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
  62. ACCEPT udp -- anywhere anywhere udp dpt:domain
  63. ACCEPT tcp -- anywhere anywhere tcp dpt:www
  64. ACCEPT tcp -- anywhere anywhere tcp dpt:https
  65. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
  66. ACCEPT tcp -- anywhere anywhere tcp dpt:81
  67. ACCEPT tcp -- anywhere anywhere tcp dpt:8080
  68. ACCEPT tcp -- anywhere anywhere tcp dpt:8081
  69. REJECT all -- anywhere 192.168.0.0/16 reject-with icmp-port-unreachable
  70. REJECT all -- anywhere 10.0.0.0/8 reject-with icmp-port-unreachable
  71. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
  72. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
  73. ACCEPT udp -- anywhere anywhere udp dpt:domain
  74. ACCEPT tcp -- anywhere anywhere tcp dpt:www
  75. ACCEPT tcp -- anywhere anywhere tcp dpt:https
  76. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
  77.  
  78. Chain ndsNET (1 references)
  79. target prot opt source destination
  80. DROP all -- anywhere anywhere mark match 0x10000/0x30000
  81. DROP all -- anywhere anywhere ctstate INVALID
  82. TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
  83. ACCEPT all -- anywhere anywhere mark match 0x20000/0x30000
  84. ndsAUT all -- anywhere anywhere mark match 0x30000/0x30000
  85. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
  86. ACCEPT udp -- anywhere anywhere udp dpt:domain
  87. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
  88. ACCEPT udp -- anywhere anywhere udp dpt:domain
  89. ACCEPT tcp -- anywhere anywhere tcp dpt:8080
  90. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
  91.  
  92. Chain ndsRTR (1 references)
  93. target prot opt source destination
  94. DROP all -- anywhere anywhere mark match 0x10000/0x30000
  95. DROP all -- anywhere anywhere ctstate INVALID
  96. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
  97. DROP tcp -- anywhere anywhere tcp option=!2 flags:SYN/SYN
  98. ACCEPT tcp -- anywhere anywhere tcp dpt:2050
  99. ACCEPT tcp -- anywhere anywhere tcp dpt:2050
  100. ACCEPT all -- anywhere anywhere mark match 0x20000/0x30000
  101. ACCEPT udp -- anywhere anywhere udp dpt:domain
  102. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
  103. ACCEPT udp -- anywhere anywhere udp dpt:bootps
  104. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
  105. ACCEPT tcp -- anywhere anywhere tcp dpt:www
  106. ACCEPT tcp -- anywhere anywhere tcp dpt:https
  107. ACCEPT tcp -- anywhere anywhere tcp dpt:8080
  108. ACCEPT tcp -- anywhere anywhere tcp dpt:8081
  109. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
  110. ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
  111. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
  112. ACCEPT udp -- anywhere anywhere udp dpt:domain
  113. ACCEPT udp -- anywhere anywhere udp dpt:bootps
  114. ACCEPT tcp -- anywhere anywhere tcp dpt:www
  115. ACCEPT tcp -- anywhere anywhere tcp dpt:https
  116. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
  117.  
  118. Chain ndsTRT (0 references)
  119. target prot opt source destination
  120.  
  121. Chain ndsTRU (0 references)
  122. target prot opt source destination
  123.  
  124. Chain output_lan_rule (1 references)
  125. target prot opt source destination
  126.  
  127. Chain output_rule (1 references)
  128. target prot opt source destination
  129.  
  130. Chain output_wan_rule (1 references)
  131. target prot opt source destination
  132.  
  133. Chain output_wlan_rule (1 references)
  134. target prot opt source destination
  135.  
  136. Chain reject (3 references)
  137. target prot opt source destination
  138. REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
  139. REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
  140.  
  141. Chain syn_flood (1 references)
  142. target prot opt source destination
  143. RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
  144. DROP all -- anywhere anywhere /* !fw3 */
  145.  
  146. Chain zone_lan_dest_ACCEPT (4 references)
  147. target prot opt source destination
  148. ACCEPT all -- anywhere anywhere /* !fw3 */
  149.  
  150. Chain zone_lan_forward (1 references)
  151. target prot opt source destination
  152. forwarding_lan_rule all -- anywhere anywhere /* !fw3: Custom lan forwarding rule chain */
  153. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */
  154. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  155. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  156.  
  157. Chain zone_lan_input (1 references)
  158. target prot opt source destination
  159. input_lan_rule all -- anywhere anywhere /* !fw3: Custom lan input rule chain */
  160. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  161. zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
  162.  
  163. Chain zone_lan_output (1 references)
  164. target prot opt source destination
  165. output_lan_rule all -- anywhere anywhere /* !fw3: Custom lan output rule chain */
  166. zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  167.  
  168. Chain zone_lan_src_ACCEPT (1 references)
  169. target prot opt source destination
  170. ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
  171.  
  172. Chain zone_wan_dest_ACCEPT (29 references)
  173. target prot opt source destination
  174. DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
  175. ACCEPT all -- anywhere anywhere /* !fw3 */
  176.  
  177. Chain zone_wan_dest_DROP (1 references)
  178. target prot opt source destination
  179. DROP all -- anywhere anywhere /* !fw3 */
  180.  
  181. Chain zone_wan_dest_REJECT (1 references)
  182. target prot opt source destination
  183. reject all -- anywhere anywhere /* !fw3 */
  184.  
  185. Chain zone_wan_forward (1 references)
  186. target prot opt source destination
  187. forwarding_wan_rule all -- anywhere anywhere /* !fw3: Custom wan forwarding rule chain */
  188. zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: Allow-IPSec-ESP */
  189. zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: Allow-ISAKMP */
  190. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  191. zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
  192.  
  193. Chain zone_wan_input (1 references)
  194. target prot opt source destination
  195. input_wan_rule all -- anywhere anywhere /* !fw3: Custom wan input rule chain */
  196. ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
  197. ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
  198. ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
  199. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  200. zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
  201.  
  202. Chain zone_wan_output (1 references)
  203. target prot opt source destination
  204. output_wan_rule all -- anywhere anywhere /* !fw3: Custom wan output rule chain */
  205. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  206.  
  207. Chain zone_wan_src_REJECT (1 references)
  208. target prot opt source destination
  209. reject all -- anywhere anywhere /* !fw3 */
  210.  
  211. Chain zone_wlan_dest_ACCEPT (2 references)
  212. target prot opt source destination
  213. ACCEPT all -- anywhere anywhere /* !fw3 */
  214.  
  215. Chain zone_wlan_forward (1 references)
  216. target prot opt source destination
  217. forwarding_wlan_rule all -- anywhere anywhere /* !fw3: Custom wlan forwarding rule chain */
  218. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data /* !fw3: TCP_20 */
  219. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:ftp /* !fw3: TCP_21 */
  220. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:whois /* !fw3: TCP_43 */
  221. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:domain /* !fw3: TCP_53 */
  222. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:www /* !fw3: TCP_80 */
  223. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 /* !fw3: TCP_110 */
  224. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 /* !fw3: TCP_143 */
  225. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:imap3 /* !fw3: TCP_220 */
  226. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:https /* !fw3: TCP_443 */
  227. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:rsync /* !fw3: TCP_873 */
  228. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:ftps-data /* !fw3: TCP_989 */
  229. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:ftps /* !fw3: TCP_990 */
  230. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:991 /* !fw3: TCP_991 */
  231. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:992 /* !fw3: TCP_992 */
  232. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:imaps /* !fw3: TCP_993 */
  233. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s /* !fw3: TCP_995 */
  234. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn /* !fw3: TCP_1194 */
  235. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:1293 /* !fw3: TCP_1293 */
  236. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:svn /* !fw3: TCP_3690 */
  237. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:4321 /* !fw3: TCP_4321 */
  238. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client /* !fw3: TCP_5222 */
  239. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:5223 /* !fw3: TCP_5223 */
  240. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:5228 /* !fw3: TCP_5228 */
  241. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:git /* !fw3: TCP_9418 */
  242. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:hkp /* !fw3: TCP_11371 */
  243. zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:64738 /* !fw3: TCP_64738 */
  244. zone_wan_dest_DROP all -- anywhere anywhere /* !fw3: Deny Guest -> WAN */
  245. zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: Zone wlan to wan forwarding policy */
  246. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
  247. zone_wlan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  248.  
  249. Chain zone_wlan_input (1 references)
  250. target prot opt source destination
  251. input_wlan_rule all -- anywhere anywhere /* !fw3: Custom wlan input rule chain */
  252. ACCEPT tcp -- anywhere anywhere tcp spt:3990 /* !fw3: Allow uam listen */
  253. ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc /* !fw3: Allow DHCP request */
  254. ACCEPT tcp -- anywhere anywhere tcp dpt:domain /* !fw3: Allow DNS Queries */
  255. ACCEPT udp -- anywhere anywhere udp dpt:domain /* !fw3: Allow DNS Queries */
  256. ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
  257. zone_wlan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
  258.  
  259. Chain zone_wlan_output (1 references)
  260. target prot opt source destination
  261. output_wlan_rule all -- anywhere anywhere /* !fw3: Custom wlan output rule chain */
  262. zone_wlan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
  263.  
  264. Chain zone_wlan_src_ACCEPT (1 references)
  265. target prot opt source destination
  266. ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!