Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@OpenWRT:/# iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- ndsRTR all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere /* !fw3 */
- input_rule all -- anywhere anywhere /* !fw3: Custom input rule chain */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
- zone_lan_input all -- anywhere anywhere /* !fw3 */
- zone_wan_input all -- anywhere anywhere /* !fw3 */
- zone_wlan_input all -- anywhere anywhere /* !fw3 */
- Chain FORWARD (policy DROP)
- target prot opt source destination
- ndsNET all -- anywhere anywhere
- forwarding_rule all -- anywhere anywhere /* !fw3: Custom forwarding rule chain */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- zone_lan_forward all -- anywhere anywhere /* !fw3 */
- zone_wan_forward all -- anywhere anywhere /* !fw3 */
- zone_wlan_forward all -- anywhere anywhere /* !fw3 */
- reject all -- anywhere anywhere /* !fw3 */
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- output_rule all -- anywhere anywhere /* !fw3: Custom output rule chain */
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
- zone_lan_output all -- anywhere anywhere /* !fw3 */
- zone_wan_output all -- anywhere anywhere /* !fw3 */
- zone_wlan_output all -- anywhere anywhere /* !fw3 */
- Chain forwarding_lan_rule (1 references)
- target prot opt source destination
- Chain forwarding_rule (1 references)
- target prot opt source destination
- Chain forwarding_wan_rule (1 references)
- target prot opt source destination
- Chain forwarding_wlan_rule (1 references)
- target prot opt source destination
- Chain input_lan_rule (1 references)
- target prot opt source destination
- Chain input_rule (1 references)
- target prot opt source destination
- Chain input_wan_rule (1 references)
- target prot opt source destination
- Chain input_wlan_rule (1 references)
- target prot opt source destination
- Chain ndsAUT (1 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
- REJECT all -- anywhere 192.168.0.0/16 reject-with icmp-port-unreachable
- REJECT all -- anywhere 10.0.0.0/8 reject-with icmp-port-unreachable
- ACCEPT tcp -- anywhere anywhere tcp dpt:domain
- ACCEPT udp -- anywhere anywhere udp dpt:domain
- ACCEPT tcp -- anywhere anywhere tcp dpt:www
- ACCEPT tcp -- anywhere anywhere tcp dpt:https
- ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
- ACCEPT tcp -- anywhere anywhere tcp dpt:81
- ACCEPT tcp -- anywhere anywhere tcp dpt:8080
- ACCEPT tcp -- anywhere anywhere tcp dpt:8081
- REJECT all -- anywhere 192.168.0.0/16 reject-with icmp-port-unreachable
- REJECT all -- anywhere 10.0.0.0/8 reject-with icmp-port-unreachable
- ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
- ACCEPT tcp -- anywhere anywhere tcp dpt:domain
- ACCEPT udp -- anywhere anywhere udp dpt:domain
- ACCEPT tcp -- anywhere anywhere tcp dpt:www
- ACCEPT tcp -- anywhere anywhere tcp dpt:https
- REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
- Chain ndsNET (1 references)
- target prot opt source destination
- DROP all -- anywhere anywhere mark match 0x10000/0x30000
- DROP all -- anywhere anywhere ctstate INVALID
- TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
- ACCEPT all -- anywhere anywhere mark match 0x20000/0x30000
- ndsAUT all -- anywhere anywhere mark match 0x30000/0x30000
- ACCEPT tcp -- anywhere anywhere tcp dpt:domain
- ACCEPT udp -- anywhere anywhere udp dpt:domain
- ACCEPT tcp -- anywhere anywhere tcp dpt:domain
- ACCEPT udp -- anywhere anywhere udp dpt:domain
- ACCEPT tcp -- anywhere anywhere tcp dpt:8080
- REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
- Chain ndsRTR (1 references)
- target prot opt source destination
- DROP all -- anywhere anywhere mark match 0x10000/0x30000
- DROP all -- anywhere anywhere ctstate INVALID
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
- DROP tcp -- anywhere anywhere tcp option=!2 flags:SYN/SYN
- ACCEPT tcp -- anywhere anywhere tcp dpt:2050
- ACCEPT tcp -- anywhere anywhere tcp dpt:2050
- ACCEPT all -- anywhere anywhere mark match 0x20000/0x30000
- ACCEPT udp -- anywhere anywhere udp dpt:domain
- ACCEPT tcp -- anywhere anywhere tcp dpt:domain
- ACCEPT udp -- anywhere anywhere udp dpt:bootps
- ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
- ACCEPT tcp -- anywhere anywhere tcp dpt:www
- ACCEPT tcp -- anywhere anywhere tcp dpt:https
- ACCEPT tcp -- anywhere anywhere tcp dpt:8080
- ACCEPT tcp -- anywhere anywhere tcp dpt:8081
- ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
- ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
- ACCEPT tcp -- anywhere anywhere tcp dpt:domain
- ACCEPT udp -- anywhere anywhere udp dpt:domain
- ACCEPT udp -- anywhere anywhere udp dpt:bootps
- ACCEPT tcp -- anywhere anywhere tcp dpt:www
- ACCEPT tcp -- anywhere anywhere tcp dpt:https
- REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
- Chain ndsTRT (0 references)
- target prot opt source destination
- Chain ndsTRU (0 references)
- target prot opt source destination
- Chain output_lan_rule (1 references)
- target prot opt source destination
- Chain output_rule (1 references)
- target prot opt source destination
- Chain output_wan_rule (1 references)
- target prot opt source destination
- Chain output_wlan_rule (1 references)
- target prot opt source destination
- Chain reject (3 references)
- target prot opt source destination
- REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset
- REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
- Chain syn_flood (1 references)
- target prot opt source destination
- RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
- DROP all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_dest_ACCEPT (4 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_forward (1 references)
- target prot opt source destination
- forwarding_lan_rule all -- anywhere anywhere /* !fw3: Custom lan forwarding rule chain */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_input (1 references)
- target prot opt source destination
- input_lan_rule all -- anywhere anywhere /* !fw3: Custom lan input rule chain */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_output (1 references)
- target prot opt source destination
- output_lan_rule all -- anywhere anywhere /* !fw3: Custom lan output rule chain */
- zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_lan_src_ACCEPT (1 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
- Chain zone_wan_dest_ACCEPT (29 references)
- target prot opt source destination
- DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_dest_DROP (1 references)
- target prot opt source destination
- DROP all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_dest_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_forward (1 references)
- target prot opt source destination
- forwarding_wan_rule all -- anywhere anywhere /* !fw3: Custom wan forwarding rule chain */
- zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: Allow-IPSec-ESP */
- zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: Allow-ISAKMP */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_input (1 references)
- target prot opt source destination
- input_wan_rule all -- anywhere anywhere /* !fw3: Custom wan input rule chain */
- ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
- ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
- ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_output (1 references)
- target prot opt source destination
- output_wan_rule all -- anywhere anywhere /* !fw3: Custom wan output rule chain */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wan_src_REJECT (1 references)
- target prot opt source destination
- reject all -- anywhere anywhere /* !fw3 */
- Chain zone_wlan_dest_ACCEPT (2 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wlan_forward (1 references)
- target prot opt source destination
- forwarding_wlan_rule all -- anywhere anywhere /* !fw3: Custom wlan forwarding rule chain */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data /* !fw3: TCP_20 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:ftp /* !fw3: TCP_21 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:whois /* !fw3: TCP_43 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:domain /* !fw3: TCP_53 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:www /* !fw3: TCP_80 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 /* !fw3: TCP_110 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 /* !fw3: TCP_143 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:imap3 /* !fw3: TCP_220 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:https /* !fw3: TCP_443 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:rsync /* !fw3: TCP_873 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:ftps-data /* !fw3: TCP_989 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:ftps /* !fw3: TCP_990 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:991 /* !fw3: TCP_991 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:992 /* !fw3: TCP_992 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:imaps /* !fw3: TCP_993 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s /* !fw3: TCP_995 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn /* !fw3: TCP_1194 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:1293 /* !fw3: TCP_1293 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:svn /* !fw3: TCP_3690 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:4321 /* !fw3: TCP_4321 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client /* !fw3: TCP_5222 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:5223 /* !fw3: TCP_5223 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:5228 /* !fw3: TCP_5228 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:git /* !fw3: TCP_9418 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:hkp /* !fw3: TCP_11371 */
- zone_wan_dest_ACCEPT tcp -- anywhere anywhere tcp dpt:64738 /* !fw3: TCP_64738 */
- zone_wan_dest_DROP all -- anywhere anywhere /* !fw3: Deny Guest -> WAN */
- zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: Zone wlan to wan forwarding policy */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
- zone_wlan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wlan_input (1 references)
- target prot opt source destination
- input_wlan_rule all -- anywhere anywhere /* !fw3: Custom wlan input rule chain */
- ACCEPT tcp -- anywhere anywhere tcp spt:3990 /* !fw3: Allow uam listen */
- ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc /* !fw3: Allow DHCP request */
- ACCEPT tcp -- anywhere anywhere tcp dpt:domain /* !fw3: Allow DNS Queries */
- ACCEPT udp -- anywhere anywhere udp dpt:domain /* !fw3: Allow DNS Queries */
- ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
- zone_wlan_src_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wlan_output (1 references)
- target prot opt source destination
- output_wlan_rule all -- anywhere anywhere /* !fw3: Custom wlan output rule chain */
- zone_wlan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */
- Chain zone_wlan_src_ACCEPT (1 references)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement