Advertisement
Guest User

Untitled

a guest
Feb 26th, 2021
54
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. root@OpenWrt:~# uci show network; uci show wireless; uci show dhcp; uci show fir
  2. ewall; \
  3. > ip address show; ip route show table all; ip rule show; iptables-save; \
  4. > head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
  5. network.loopback=interface
  6. network.loopback.ifname='lo'
  7. network.loopback.proto='static'
  8. network.loopback.ipaddr='127.0.0.1'
  9. network.loopback.netmask='255.0.0.0'
  10. network.globals=globals
  11. network.globals.ula_prefix='fd06:dc1a:75f4::/48'
  12. network.lan=interface
  13. network.lan.type='bridge'
  14. network.lan.proto='static'
  15. network.lan.netmask='255.255.255.0'
  16. network.lan.ip6assign='60'
  17. network.lan.ifname='eth0 eth1'
  18. network.lan.ipaddr='192.168.0.198'
  19. network.lan.gateway='192.168.0.199'
  20. network.lan.dns='192.168.0.199'
  21. network.@switch[0]=switch
  22. network.@switch[0].name='switch0'
  23. network.@switch[0].reset='1'
  24. network.@switch[0].enable_vlan='1'
  25. network.@switch_vlan[0]=switch_vlan
  26. network.@switch_vlan[0].device='switch0'
  27. network.@switch_vlan[0].vlan='1'
  28. network.@switch_vlan[0].ports='0 1 2 3 4'
  29. network.@switch_vlan[0].vid='1'
  30. network.guest=interface
  31. network.guest.type='bridge'
  32. network.guest.proto='static'
  33. network.guest.ipaddr='192.168.0.1'
  34. network.guest.netmask='255.255.255.0'
  35. network.guest.gateway='192.168.0.199'
  36. wireless.radio0=wifi-device
  37. wireless.radio0.type='mac80211'
  38. wireless.radio0.hwmode='11g'
  39. wireless.radio0.path='platform/soc/a000000.wifi'
  40. wireless.radio0.htmode='HT20'
  41. wireless.radio0.channel='auto'
  42. wireless.radio0.txpower='1'
  43. wireless.radio1=wifi-device
  44. wireless.radio1.type='mac80211'
  45. wireless.radio1.channel='36'
  46. wireless.radio1.hwmode='11a'
  47. wireless.radio1.path='platform/soc/a800000.wifi'
  48. wireless.radio1.htmode='VHT80'
  49. wireless.radio1.disabled='1'
  50. wireless.wifinet2=wifi-iface
  51. wireless.wifinet2.ssid='WLAN_AP'
  52. wireless.wifinet2.encryption='psk2'
  53. wireless.wifinet2.device='radio0'
  54. wireless.wifinet2.mode='ap'
  55. wireless.wifinet2.key='******'
  56. wireless.wifinet2.macfilter='allow'
  57. wireless.wifinet2.maclist='******'
  58. wireless.wifinet2.network='guest'
  59. wireless.guest=wifi-iface
  60. wireless.guest.device='radio0'
  61. wireless.guest.mode='ap'
  62. wireless.guest.network='guest'
  63. wireless.guest.ssid='guest'
  64. wireless.guest.encryption='none'
  65. dhcp.@dnsmasq[0]=dnsmasq
  66. dhcp.@dnsmasq[0].domainneeded='1'
  67. dhcp.@dnsmasq[0].localise_queries='1'
  68. dhcp.@dnsmasq[0].rebind_protection='1'
  69. dhcp.@dnsmasq[0].rebind_localhost='1'
  70. dhcp.@dnsmasq[0].local='/lan/'
  71. dhcp.@dnsmasq[0].domain='lan'
  72. dhcp.@dnsmasq[0].expandhosts='1'
  73. dhcp.@dnsmasq[0].readethers='1'
  74. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  75. dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
  76. dhcp.@dnsmasq[0].localservice='1'
  77. dhcp.@dnsmasq[0].server='192.168.0.199'
  78. dhcp.lan=dhcp
  79. dhcp.lan.interface='lan'
  80. dhcp.lan.dhcpv6='server'
  81. dhcp.lan.ra='server'
  82. dhcp.lan.ra_management='1'
  83. dhcp.lan.ignore='1'
  84. dhcp.wan=dhcp
  85. dhcp.wan.interface='wan'
  86. dhcp.wan.ignore='1'
  87. dhcp.odhcpd=odhcpd
  88. dhcp.odhcpd.maindhcp='0'
  89. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  90. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  91. dhcp.odhcpd.loglevel='4'
  92. dhcp.guest=dhcp
  93. dhcp.guest.interface='guest'
  94. dhcp.guest.start='100'
  95. dhcp.guest.limit='150'
  96. dhcp.guest.leasetime='1h'
  97. dhcp.@host[0]=host
  98. dhcp.@host[0].mac='00:5B:94:A9:61:DC'
  99. dhcp.@host[0].dns='1'
  100. dhcp.@host[0].name='iPad-van-Harald'
  101. dhcp.@host[0].ip='192.168.0.7'
  102. firewall.@defaults[0]=defaults
  103. firewall.@defaults[0].syn_flood='1'
  104. firewall.@defaults[0].input='ACCEPT'
  105. firewall.@defaults[0].output='ACCEPT'
  106. firewall.@defaults[0].forward='REJECT'
  107. firewall.@zone[0]=zone
  108. firewall.@zone[0].name='lan'
  109. firewall.@zone[0].input='ACCEPT'
  110. firewall.@zone[0].output='ACCEPT'
  111. firewall.@zone[0].forward='ACCEPT'
  112. firewall.@zone[1]=zone
  113. firewall.@zone[1].name='wan'
  114. firewall.@zone[1].input='REJECT'
  115. firewall.@zone[1].output='ACCEPT'
  116. firewall.@zone[1].forward='REJECT'
  117. firewall.@zone[1].masq='1'
  118. firewall.@zone[1].mtu_fix='1'
  119. firewall.lan_wan=forwarding
  120. firewall.lan_wan.src='lan'
  121. firewall.lan_wan.dest='wan'
  122. firewall.lan_wan.enabled='0'
  123. firewall.@rule[0]=rule
  124. firewall.@rule[0].name='Allow-DHCP-Renew'
  125. firewall.@rule[0].src='wan'
  126. firewall.@rule[0].proto='udp'
  127. firewall.@rule[0].dest_port='68'
  128. firewall.@rule[0].target='ACCEPT'
  129. firewall.@rule[0].family='ipv4'
  130. firewall.@rule[1]=rule
  131. firewall.@rule[1].name='Allow-Ping'
  132. firewall.@rule[1].src='wan'
  133. firewall.@rule[1].proto='icmp'
  134. firewall.@rule[1].icmp_type='echo-request'
  135. firewall.@rule[1].family='ipv4'
  136. firewall.@rule[1].target='ACCEPT'
  137. firewall.@rule[2]=rule
  138. firewall.@rule[2].name='Allow-IGMP'
  139. firewall.@rule[2].src='wan'
  140. firewall.@rule[2].proto='igmp'
  141. firewall.@rule[2].family='ipv4'
  142. firewall.@rule[2].target='ACCEPT'
  143. firewall.@rule[3]=rule
  144. firewall.@rule[3].name='Allow-DHCPv6'
  145. firewall.@rule[3].src='wan'
  146. firewall.@rule[3].proto='udp'
  147. firewall.@rule[3].src_ip='fc00::/6'
  148. firewall.@rule[3].dest_ip='fc00::/6'
  149. firewall.@rule[3].dest_port='546'
  150. firewall.@rule[3].family='ipv6'
  151. firewall.@rule[3].target='ACCEPT'
  152. firewall.@rule[4]=rule
  153. firewall.@rule[4].name='Allow-MLD'
  154. firewall.@rule[4].src='wan'
  155. firewall.@rule[4].proto='icmp'
  156. firewall.@rule[4].src_ip='fe80::/10'
  157. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  158. firewall.@rule[4].family='ipv6'
  159. firewall.@rule[4].target='ACCEPT'
  160. firewall.@rule[5]=rule
  161. firewall.@rule[5].name='Allow-ICMPv6-Input'
  162. firewall.@rule[5].src='wan'
  163. firewall.@rule[5].proto='icmp'
  164. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  165. firewall.@rule[5].limit='1000/sec'
  166. firewall.@rule[5].family='ipv6'
  167. firewall.@rule[5].target='ACCEPT'
  168. firewall.@rule[6]=rule
  169. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  170. firewall.@rule[6].src='wan'
  171. firewall.@rule[6].dest='*'
  172. firewall.@rule[6].proto='icmp'
  173. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  174. firewall.@rule[6].limit='1000/sec'
  175. firewall.@rule[6].family='ipv6'
  176. firewall.@rule[6].target='ACCEPT'
  177. firewall.@rule[7]=rule
  178. firewall.@rule[7].name='Allow-IPSec-ESP'
  179. firewall.@rule[7].src='wan'
  180. firewall.@rule[7].dest='lan'
  181. firewall.@rule[7].proto='esp'
  182. firewall.@rule[7].target='ACCEPT'
  183. firewall.@rule[8]=rule
  184. firewall.@rule[8].name='Allow-ISAKMP'
  185. firewall.@rule[8].src='wan'
  186. firewall.@rule[8].dest='lan'
  187. firewall.@rule[8].dest_port='500'
  188. firewall.@rule[8].proto='udp'
  189. firewall.@rule[8].target='ACCEPT'
  190. firewall.@include[0]=include
  191. firewall.@include[0].path='/etc/firewall.user'
  192. firewall.guest=zone
  193. firewall.guest.name='guest'
  194. firewall.guest.network='guest'
  195. firewall.guest.input='REJECT'
  196. firewall.guest.output='ACCEPT'
  197. firewall.guest.forward='REJECT'
  198. firewall.guest_wan=forwarding
  199. firewall.guest_wan.src='guest'
  200. firewall.guest_wan.dest='wan'
  201. firewall.guest_dns=rule
  202. firewall.guest_dns.name='Allow-DNS-Guest'
  203. firewall.guest_dns.src='guest'
  204. firewall.guest_dns.dest_port='53'
  205. firewall.guest_dns.proto='tcp udp'
  206. firewall.guest_dns.target='ACCEPT'
  207. firewall.guest_dhcp=rule
  208. firewall.guest_dhcp.name='Allow-DHCP-Guest'
  209. firewall.guest_dhcp.src='guest'
  210. firewall.guest_dhcp.dest_port='67'
  211. firewall.guest_dhcp.family='ipv4'
  212. firewall.guest_dhcp.proto='udp'
  213. firewall.guest_dhcp.target='ACCEPT'
  214. firewall.ssh_int=redirect
  215. firewall.ssh_int.name='Intercept-SSH'
  216. firewall.ssh_int.src='wlan0'
  217. firewall.ssh_int.src_dport='22'
  218. firewall.ssh_int.proto='tcp'
  219. firewall.ssh_int.target='DNAT'
  220. firewall.http_int=redirect
  221. firewall.http_int.name='Intercept-HTTP'
  222. firewall.http_int.src='wlan0'
  223. firewall.http_int.src_dport='8080'
  224. firewall.http_int.proto='tcp'
  225. firewall.http_int.target='DNAT'
  226. firewall.https_int=redirect
  227. firewall.https_int.name='Intercept-HTTPS'
  228. firewall.https_int.src='wlan0'
  229. firewall.https_int.src_dport='8443'
  230. firewall.https_int.proto='tcp'
  231. firewall.https_int.target='DNAT'
  232. firewall.dns_int=redirect
  233. firewall.dns_int.name='Intercept-DNS'
  234. firewall.dns_int.src='wlan0'
  235. firewall.dns_int.src_dport='53'
  236. firewall.dns_int.dest_port='9053'
  237. firewall.dns_int.proto='udp'
  238. firewall.dns_int.target='DNAT'
  239. firewall.tcp_int=redirect
  240. firewall.tcp_int.name='Intercept-TCP'
  241. firewall.tcp_int.src='wlan0'
  242. firewall.tcp_int.dest_port='9040'
  243. firewall.tcp_int.proto='tcp'
  244. firewall.tcp_int.extra='--syn'
  245. firewall.tcp_int.target='DNAT'
  246. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
  247. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  248. inet 127.0.0.1/8 scope host lo
  249. valid_lft forever preferred_lft forever
  250. inet6 ::1/128 scope host
  251. valid_lft forever preferred_lft forever
  252. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
  253. link/ether e8:df:70:72:5b:19 brd ff:ff:ff:ff:ff:ff
  254. 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
  255. link/ether e8:df:70:72:5b:1a brd ff:ff:ff:ff:ff:ff
  256. 5: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  257. link/ether e8:df:70:72:5b:1c brd ff:ff:ff:ff:ff:ff
  258. 27: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
  259. link/ether e8:df:70:72:5b:19 brd ff:ff:ff:ff:ff:ff
  260. inet 192.168.0.198/24 brd 192.168.0.255 scope global br-lan
  261. valid_lft forever preferred_lft forever
  262. inet6 fd06:dc1a:75f4::1/60 scope global
  263. valid_lft forever preferred_lft forever
  264. inet6 fe80::eadf:70ff:fe72:5b19/64 scope link
  265. valid_lft forever preferred_lft forever
  266. 33: br-guest: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
  267. link/ether e8:df:70:72:5b:1b brd ff:ff:ff:ff:ff:ff
  268. inet 192.168.0.1/24 brd 192.168.0.255 scope global br-guest
  269. valid_lft forever preferred_lft forever
  270. inet6 fe80::eadf:70ff:fe72:5b1b/64 scope link
  271. valid_lft forever preferred_lft forever
  272. 34: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest state UP qlen 1000
  273. link/ether e8:df:70:72:5b:1b brd ff:ff:ff:ff:ff:ff
  274. inet6 fe80::eadf:70ff:fe72:5b1b/64 scope link
  275. valid_lft forever preferred_lft forever
  276. 35: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest state UP qlen 1000
  277. link/ether ea:df:70:72:5b:1b brd ff:ff:ff:ff:ff:ff
  278. inet6 fe80::e8df:70ff:fe72:5b1b/64 scope link
  279. valid_lft forever preferred_lft forever
  280. default via 192.168.0.199 dev br-guest
  281. 192.168.0.0/24 dev br-lan scope link src 192.168.0.198
  282. 192.168.0.0/24 dev br-guest scope link src 192.168.0.1
  283. broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
  284. local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
  285. local 127.0.0.1 dev lo table local scope host src 127.0.0.1
  286. broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
  287. broadcast 192.168.0.0 dev br-lan table local scope link src 192.168.0.198
  288. broadcast 192.168.0.0 dev br-guest table local scope link src 192.168.0.1
  289. local 192.168.0.1 dev br-guest table local scope host src 192.168.0.1
  290. local 192.168.0.198 dev br-lan table local scope host src 192.168.0.198
  291. broadcast 192.168.0.255 dev br-lan table local scope link src 192.168.0.198
  292. broadcast 192.168.0.255 dev br-guest table local scope link src 192.168.0.1
  293. fd06:dc1a:75f4::/64 dev br-lan metric 1024
  294. unreachable fd06:dc1a:75f4::/48 dev lo metric 2147483647 error -113
  295. fe80::/64 dev br-lan metric 256
  296. fe80::/64 dev wlan0 metric 256
  297. fe80::/64 dev br-guest metric 256
  298. fe80::/64 dev wlan0-1 metric 256
  299. local ::1 dev lo table local metric 0
  300. anycast fd06:dc1a:75f4:: dev br-lan table local metric 0
  301. local fd06:dc1a:75f4::1 dev br-lan table local metric 0
  302. anycast fe80:: dev br-lan table local metric 0
  303. anycast fe80:: dev br-guest table local metric 0
  304. anycast fe80:: dev wlan0-1 table local metric 0
  305. anycast fe80:: dev wlan0 table local metric 0
  306. local fe80::e8df:70ff:fe72:5b1b dev wlan0-1 table local metric 0
  307. local fe80::eadf:70ff:fe72:5b19 dev br-lan table local metric 0
  308. local fe80::eadf:70ff:fe72:5b1b dev br-guest table local metric 0
  309. local fe80::eadf:70ff:fe72:5b1b dev wlan0 table local metric 0
  310. ff00::/8 dev br-lan table local metric 256
  311. ff00::/8 dev wlan0 table local metric 256
  312. ff00::/8 dev br-guest table local metric 256
  313. ff00::/8 dev wlan0-1 table local metric 256
  314. 0: from all lookup local
  315. 32766: from all lookup main
  316. 32767: from all lookup default
  317. # Generated by iptables-save v1.8.3 on Fri Feb 26 19:29:05 2021
  318. *nat
  319. :PREROUTING ACCEPT [3257:1415076]
  320. :INPUT ACCEPT [130:10025]
  321. :OUTPUT ACCEPT [208:14159]
  322. :POSTROUTING ACCEPT [208:14159]
  323. :postrouting_guest_rule - [0:0]
  324. :postrouting_lan_rule - [0:0]
  325. :postrouting_rule - [0:0]
  326. :postrouting_wan_rule - [0:0]
  327. :prerouting_guest_rule - [0:0]
  328. :prerouting_lan_rule - [0:0]
  329. :prerouting_rule - [0:0]
  330. :prerouting_wan_rule - [0:0]
  331. :zone_guest_postrouting - [0:0]
  332. :zone_guest_prerouting - [0:0]
  333. :zone_lan_postrouting - [0:0]
  334. :zone_lan_prerouting - [0:0]
  335. :zone_wan_postrouting - [0:0]
  336. :zone_wan_prerouting - [0:0]
  337. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  338. -A PREROUTING -i br-guest -m comment --comment "!fw3" -j zone_guest_prerouting
  339. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  340. -A POSTROUTING -o br-guest -m comment --comment "!fw3" -j zone_guest_postrouting
  341. -A zone_guest_postrouting -m comment --comment "!fw3: Custom guest postrouting rule chain" -j postrouting_guest_rule
  342. -A zone_guest_prerouting -m comment --comment "!fw3: Custom guest prerouting rule chain" -j prerouting_guest_rule
  343. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  344. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  345. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  346. -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  347. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  348. COMMIT
  349. # Completed on Fri Feb 26 19:29:05 2021
  350. # Generated by iptables-save v1.8.3 on Fri Feb 26 19:29:05 2021
  351. *mangle
  352. :PREROUTING ACCEPT [6653:1775507]
  353. :INPUT ACCEPT [3526:370456]
  354. :FORWARD ACCEPT [142:9152]
  355. :OUTPUT ACCEPT [4195:1006416]
  356. :POSTROUTING ACCEPT [4059:994061]
  357. COMMIT
  358. # Completed on Fri Feb 26 19:29:05 2021
  359. # Generated by iptables-save v1.8.3 on Fri Feb 26 19:29:05 2021
  360. *filter
  361. :INPUT ACCEPT [32:2827]
  362. :FORWARD DROP [0:0]
  363. :OUTPUT ACCEPT [35:2760]
  364. :forwarding_guest_rule - [0:0]
  365. :forwarding_lan_rule - [0:0]
  366. :forwarding_rule - [0:0]
  367. :forwarding_wan_rule - [0:0]
  368. :input_guest_rule - [0:0]
  369. :input_lan_rule - [0:0]
  370. :input_rule - [0:0]
  371. :input_wan_rule - [0:0]
  372. :output_guest_rule - [0:0]
  373. :output_lan_rule - [0:0]
  374. :output_rule - [0:0]
  375. :output_wan_rule - [0:0]
  376. :reject - [0:0]
  377. :syn_flood - [0:0]
  378. :zone_guest_dest_ACCEPT - [0:0]
  379. :zone_guest_dest_REJECT - [0:0]
  380. :zone_guest_forward - [0:0]
  381. :zone_guest_input - [0:0]
  382. :zone_guest_output - [0:0]
  383. :zone_guest_src_REJECT - [0:0]
  384. :zone_lan_dest_ACCEPT - [0:0]
  385. :zone_lan_forward - [0:0]
  386. :zone_lan_input - [0:0]
  387. :zone_lan_output - [0:0]
  388. :zone_lan_src_ACCEPT - [0:0]
  389. :zone_wan_dest_ACCEPT - [0:0]
  390. :zone_wan_dest_REJECT - [0:0]
  391. :zone_wan_forward - [0:0]
  392. :zone_wan_input - [0:0]
  393. :zone_wan_output - [0:0]
  394. :zone_wan_src_REJECT - [0:0]
  395. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  396. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  397. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  398. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  399. -A INPUT -i br-guest -m comment --comment "!fw3" -j zone_guest_input
  400. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  401. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  402. -A FORWARD -i br-guest -m comment --comment "!fw3" -j zone_guest_forward
  403. -A FORWARD -m comment --comment "!fw3" -j reject
  404. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  405. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  406. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  407. -A OUTPUT -o br-guest -m comment --comment "!fw3" -j zone_guest_output
  408. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  409. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  410. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  411. -A syn_flood -m comment --comment "!fw3" -j DROP
  412. -A zone_guest_dest_ACCEPT -o br-guest -m comment --comment "!fw3" -j ACCEPT
  413. -A zone_guest_dest_REJECT -o br-guest -m comment --comment "!fw3" -j reject
  414. -A zone_guest_forward -m comment --comment "!fw3: Custom guest forwarding rule chain" -j forwarding_guest_rule
  415. -A zone_guest_forward -m comment --comment "!fw3: Zone guest to wan forwarding policy" -j zone_wan_dest_ACCEPT
  416. -A zone_guest_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  417. -A zone_guest_forward -m comment --comment "!fw3" -j zone_guest_dest_REJECT
  418. -A zone_guest_input -m comment --comment "!fw3: Custom guest input rule chain" -j input_guest_rule
  419. -A zone_guest_input -p tcp -m tcp --dport 53 -m comment --comment "!fw3: Allow-DNS-Guest" -j ACCEPT
  420. -A zone_guest_input -p udp -m udp --dport 53 -m comment --comment "!fw3: Allow-DNS-Guest" -j ACCEPT
  421. -A zone_guest_input -p udp -m udp --dport 67 -m comment --comment "!fw3: Allow-DHCP-Guest" -j ACCEPT
  422. -A zone_guest_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  423. -A zone_guest_input -m comment --comment "!fw3" -j zone_guest_src_REJECT
  424. -A zone_guest_output -m comment --comment "!fw3: Custom guest output rule chain" -j output_guest_rule
  425. -A zone_guest_output -m comment --comment "!fw3" -j zone_guest_dest_ACCEPT
  426. -A zone_guest_src_REJECT -i br-guest -m comment --comment "!fw3" -j reject
  427. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  428. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  429. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  430. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  431. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  432. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  433. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  434. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  435. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  436. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  437. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  438. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  439. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  440. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  441. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  442. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  443. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  444. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  445. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  446. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  447. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  448. COMMIT
  449. # Completed on Fri Feb 26 19:29:05 2021
  450. ==> /etc/resolv.conf <==
  451. search lan
  452. nameserver 127.0.0.1
  453.  
  454. ==> /tmp/resolv.conf <==
  455. search lan
  456. nameserver 127.0.0.1
  457.  
  458. ==> /tmp/resolv.conf.auto <==
  459. # Interface lan
  460. nameserver 192.168.0.199
  461. head: /tmp/resolv.*/*: No such file or directory
  462. root@OpenWrt:~#
  463.  
Advertisement
RAW Paste Data Copied
Advertisement