Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@OpenWrt:~# uci show network; uci show wireless; uci show dhcp; uci show fir
- ewall; \
- > ip address show; ip route show table all; ip rule show; iptables-save; \
- > head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
- network.loopback=interface
- network.loopback.ifname='lo'
- network.loopback.proto='static'
- network.loopback.ipaddr='127.0.0.1'
- network.loopback.netmask='255.0.0.0'
- network.globals=globals
- network.globals.ula_prefix='fd06:dc1a:75f4::/48'
- network.lan=interface
- network.lan.type='bridge'
- network.lan.proto='static'
- network.lan.netmask='255.255.255.0'
- network.lan.ip6assign='60'
- network.lan.ifname='eth0 eth1'
- network.lan.ipaddr='192.168.0.198'
- network.lan.gateway='192.168.0.199'
- network.lan.dns='192.168.0.199'
- network.@switch[0]=switch
- network.@switch[0].name='switch0'
- network.@switch[0].reset='1'
- network.@switch[0].enable_vlan='1'
- network.@switch_vlan[0]=switch_vlan
- network.@switch_vlan[0].device='switch0'
- network.@switch_vlan[0].vlan='1'
- network.@switch_vlan[0].ports='0 1 2 3 4'
- network.@switch_vlan[0].vid='1'
- network.guest=interface
- network.guest.type='bridge'
- network.guest.proto='static'
- network.guest.ipaddr='192.168.0.1'
- network.guest.netmask='255.255.255.0'
- network.guest.gateway='192.168.0.199'
- wireless.radio0=wifi-device
- wireless.radio0.type='mac80211'
- wireless.radio0.hwmode='11g'
- wireless.radio0.path='platform/soc/a000000.wifi'
- wireless.radio0.htmode='HT20'
- wireless.radio0.channel='auto'
- wireless.radio0.txpower='1'
- wireless.radio1=wifi-device
- wireless.radio1.type='mac80211'
- wireless.radio1.channel='36'
- wireless.radio1.hwmode='11a'
- wireless.radio1.path='platform/soc/a800000.wifi'
- wireless.radio1.htmode='VHT80'
- wireless.radio1.disabled='1'
- wireless.wifinet2=wifi-iface
- wireless.wifinet2.ssid='WLAN_AP'
- wireless.wifinet2.encryption='psk2'
- wireless.wifinet2.device='radio0'
- wireless.wifinet2.mode='ap'
- wireless.wifinet2.key='******'
- wireless.wifinet2.macfilter='allow'
- wireless.wifinet2.maclist='******'
- wireless.wifinet2.network='guest'
- wireless.guest=wifi-iface
- wireless.guest.device='radio0'
- wireless.guest.mode='ap'
- wireless.guest.network='guest'
- wireless.guest.ssid='guest'
- wireless.guest.encryption='none'
- dhcp.@dnsmasq[0]=dnsmasq
- dhcp.@dnsmasq[0].domainneeded='1'
- dhcp.@dnsmasq[0].localise_queries='1'
- dhcp.@dnsmasq[0].rebind_protection='1'
- dhcp.@dnsmasq[0].rebind_localhost='1'
- dhcp.@dnsmasq[0].local='/lan/'
- dhcp.@dnsmasq[0].domain='lan'
- dhcp.@dnsmasq[0].expandhosts='1'
- dhcp.@dnsmasq[0].readethers='1'
- dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
- dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
- dhcp.@dnsmasq[0].localservice='1'
- dhcp.@dnsmasq[0].server='192.168.0.199'
- dhcp.lan=dhcp
- dhcp.lan.interface='lan'
- dhcp.lan.dhcpv6='server'
- dhcp.lan.ra='server'
- dhcp.lan.ra_management='1'
- dhcp.lan.ignore='1'
- dhcp.wan=dhcp
- dhcp.wan.interface='wan'
- dhcp.wan.ignore='1'
- dhcp.odhcpd=odhcpd
- dhcp.odhcpd.maindhcp='0'
- dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
- dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
- dhcp.odhcpd.loglevel='4'
- dhcp.guest=dhcp
- dhcp.guest.interface='guest'
- dhcp.guest.start='100'
- dhcp.guest.limit='150'
- dhcp.guest.leasetime='1h'
- dhcp.@host[0]=host
- dhcp.@host[0].mac='00:5B:94:A9:61:DC'
- dhcp.@host[0].dns='1'
- dhcp.@host[0].name='iPad-van-Harald'
- dhcp.@host[0].ip='192.168.0.7'
- firewall.@defaults[0]=defaults
- firewall.@defaults[0].syn_flood='1'
- firewall.@defaults[0].input='ACCEPT'
- firewall.@defaults[0].output='ACCEPT'
- firewall.@defaults[0].forward='REJECT'
- firewall.@zone[0]=zone
- firewall.@zone[0].name='lan'
- firewall.@zone[0].input='ACCEPT'
- firewall.@zone[0].output='ACCEPT'
- firewall.@zone[0].forward='ACCEPT'
- firewall.@zone[1]=zone
- firewall.@zone[1].name='wan'
- firewall.@zone[1].input='REJECT'
- firewall.@zone[1].output='ACCEPT'
- firewall.@zone[1].forward='REJECT'
- firewall.@zone[1].masq='1'
- firewall.@zone[1].mtu_fix='1'
- firewall.lan_wan=forwarding
- firewall.lan_wan.src='lan'
- firewall.lan_wan.dest='wan'
- firewall.lan_wan.enabled='0'
- firewall.@rule[0]=rule
- firewall.@rule[0].name='Allow-DHCP-Renew'
- firewall.@rule[0].src='wan'
- firewall.@rule[0].proto='udp'
- firewall.@rule[0].dest_port='68'
- firewall.@rule[0].target='ACCEPT'
- firewall.@rule[0].family='ipv4'
- firewall.@rule[1]=rule
- firewall.@rule[1].name='Allow-Ping'
- firewall.@rule[1].src='wan'
- firewall.@rule[1].proto='icmp'
- firewall.@rule[1].icmp_type='echo-request'
- firewall.@rule[1].family='ipv4'
- firewall.@rule[1].target='ACCEPT'
- firewall.@rule[2]=rule
- firewall.@rule[2].name='Allow-IGMP'
- firewall.@rule[2].src='wan'
- firewall.@rule[2].proto='igmp'
- firewall.@rule[2].family='ipv4'
- firewall.@rule[2].target='ACCEPT'
- firewall.@rule[3]=rule
- firewall.@rule[3].name='Allow-DHCPv6'
- firewall.@rule[3].src='wan'
- firewall.@rule[3].proto='udp'
- firewall.@rule[3].src_ip='fc00::/6'
- firewall.@rule[3].dest_ip='fc00::/6'
- firewall.@rule[3].dest_port='546'
- firewall.@rule[3].family='ipv6'
- firewall.@rule[3].target='ACCEPT'
- firewall.@rule[4]=rule
- firewall.@rule[4].name='Allow-MLD'
- firewall.@rule[4].src='wan'
- firewall.@rule[4].proto='icmp'
- firewall.@rule[4].src_ip='fe80::/10'
- firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
- firewall.@rule[4].family='ipv6'
- firewall.@rule[4].target='ACCEPT'
- firewall.@rule[5]=rule
- firewall.@rule[5].name='Allow-ICMPv6-Input'
- firewall.@rule[5].src='wan'
- firewall.@rule[5].proto='icmp'
- firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
- firewall.@rule[5].limit='1000/sec'
- firewall.@rule[5].family='ipv6'
- firewall.@rule[5].target='ACCEPT'
- firewall.@rule[6]=rule
- firewall.@rule[6].name='Allow-ICMPv6-Forward'
- firewall.@rule[6].src='wan'
- firewall.@rule[6].dest='*'
- firewall.@rule[6].proto='icmp'
- firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
- firewall.@rule[6].limit='1000/sec'
- firewall.@rule[6].family='ipv6'
- firewall.@rule[6].target='ACCEPT'
- firewall.@rule[7]=rule
- firewall.@rule[7].name='Allow-IPSec-ESP'
- firewall.@rule[7].src='wan'
- firewall.@rule[7].dest='lan'
- firewall.@rule[7].proto='esp'
- firewall.@rule[7].target='ACCEPT'
- firewall.@rule[8]=rule
- firewall.@rule[8].name='Allow-ISAKMP'
- firewall.@rule[8].src='wan'
- firewall.@rule[8].dest='lan'
- firewall.@rule[8].dest_port='500'
- firewall.@rule[8].proto='udp'
- firewall.@rule[8].target='ACCEPT'
- firewall.@include[0]=include
- firewall.@include[0].path='/etc/firewall.user'
- firewall.guest=zone
- firewall.guest.name='guest'
- firewall.guest.network='guest'
- firewall.guest.input='REJECT'
- firewall.guest.output='ACCEPT'
- firewall.guest.forward='REJECT'
- firewall.guest_wan=forwarding
- firewall.guest_wan.src='guest'
- firewall.guest_wan.dest='wan'
- firewall.guest_dns=rule
- firewall.guest_dns.name='Allow-DNS-Guest'
- firewall.guest_dns.src='guest'
- firewall.guest_dns.dest_port='53'
- firewall.guest_dns.proto='tcp udp'
- firewall.guest_dns.target='ACCEPT'
- firewall.guest_dhcp=rule
- firewall.guest_dhcp.name='Allow-DHCP-Guest'
- firewall.guest_dhcp.src='guest'
- firewall.guest_dhcp.dest_port='67'
- firewall.guest_dhcp.family='ipv4'
- firewall.guest_dhcp.proto='udp'
- firewall.guest_dhcp.target='ACCEPT'
- firewall.ssh_int=redirect
- firewall.ssh_int.name='Intercept-SSH'
- firewall.ssh_int.src='wlan0'
- firewall.ssh_int.src_dport='22'
- firewall.ssh_int.proto='tcp'
- firewall.ssh_int.target='DNAT'
- firewall.http_int=redirect
- firewall.http_int.name='Intercept-HTTP'
- firewall.http_int.src='wlan0'
- firewall.http_int.src_dport='8080'
- firewall.http_int.proto='tcp'
- firewall.http_int.target='DNAT'
- firewall.https_int=redirect
- firewall.https_int.name='Intercept-HTTPS'
- firewall.https_int.src='wlan0'
- firewall.https_int.src_dport='8443'
- firewall.https_int.proto='tcp'
- firewall.https_int.target='DNAT'
- firewall.dns_int=redirect
- firewall.dns_int.name='Intercept-DNS'
- firewall.dns_int.src='wlan0'
- firewall.dns_int.src_dport='53'
- firewall.dns_int.dest_port='9053'
- firewall.dns_int.proto='udp'
- firewall.dns_int.target='DNAT'
- firewall.tcp_int=redirect
- firewall.tcp_int.name='Intercept-TCP'
- firewall.tcp_int.src='wlan0'
- firewall.tcp_int.dest_port='9040'
- firewall.tcp_int.proto='tcp'
- firewall.tcp_int.extra='--syn'
- firewall.tcp_int.target='DNAT'
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
- link/ether e8:df:70:72:5b:19 brd ff:ff:ff:ff:ff:ff
- 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
- link/ether e8:df:70:72:5b:1a brd ff:ff:ff:ff:ff:ff
- 5: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
- link/ether e8:df:70:72:5b:1c brd ff:ff:ff:ff:ff:ff
- 27: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
- link/ether e8:df:70:72:5b:19 brd ff:ff:ff:ff:ff:ff
- inet 192.168.0.198/24 brd 192.168.0.255 scope global br-lan
- valid_lft forever preferred_lft forever
- inet6 fd06:dc1a:75f4::1/60 scope global
- valid_lft forever preferred_lft forever
- inet6 fe80::eadf:70ff:fe72:5b19/64 scope link
- valid_lft forever preferred_lft forever
- 33: br-guest: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
- link/ether e8:df:70:72:5b:1b brd ff:ff:ff:ff:ff:ff
- inet 192.168.0.1/24 brd 192.168.0.255 scope global br-guest
- valid_lft forever preferred_lft forever
- inet6 fe80::eadf:70ff:fe72:5b1b/64 scope link
- valid_lft forever preferred_lft forever
- 34: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest state UP qlen 1000
- link/ether e8:df:70:72:5b:1b brd ff:ff:ff:ff:ff:ff
- inet6 fe80::eadf:70ff:fe72:5b1b/64 scope link
- valid_lft forever preferred_lft forever
- 35: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest state UP qlen 1000
- link/ether ea:df:70:72:5b:1b brd ff:ff:ff:ff:ff:ff
- inet6 fe80::e8df:70ff:fe72:5b1b/64 scope link
- valid_lft forever preferred_lft forever
- default via 192.168.0.199 dev br-guest
- 192.168.0.0/24 dev br-lan scope link src 192.168.0.198
- 192.168.0.0/24 dev br-guest scope link src 192.168.0.1
- broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
- local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
- local 127.0.0.1 dev lo table local scope host src 127.0.0.1
- broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
- broadcast 192.168.0.0 dev br-lan table local scope link src 192.168.0.198
- broadcast 192.168.0.0 dev br-guest table local scope link src 192.168.0.1
- local 192.168.0.1 dev br-guest table local scope host src 192.168.0.1
- local 192.168.0.198 dev br-lan table local scope host src 192.168.0.198
- broadcast 192.168.0.255 dev br-lan table local scope link src 192.168.0.198
- broadcast 192.168.0.255 dev br-guest table local scope link src 192.168.0.1
- fd06:dc1a:75f4::/64 dev br-lan metric 1024
- unreachable fd06:dc1a:75f4::/48 dev lo metric 2147483647 error -113
- fe80::/64 dev br-lan metric 256
- fe80::/64 dev wlan0 metric 256
- fe80::/64 dev br-guest metric 256
- fe80::/64 dev wlan0-1 metric 256
- local ::1 dev lo table local metric 0
- anycast fd06:dc1a:75f4:: dev br-lan table local metric 0
- local fd06:dc1a:75f4::1 dev br-lan table local metric 0
- anycast fe80:: dev br-lan table local metric 0
- anycast fe80:: dev br-guest table local metric 0
- anycast fe80:: dev wlan0-1 table local metric 0
- anycast fe80:: dev wlan0 table local metric 0
- local fe80::e8df:70ff:fe72:5b1b dev wlan0-1 table local metric 0
- local fe80::eadf:70ff:fe72:5b19 dev br-lan table local metric 0
- local fe80::eadf:70ff:fe72:5b1b dev br-guest table local metric 0
- local fe80::eadf:70ff:fe72:5b1b dev wlan0 table local metric 0
- ff00::/8 dev br-lan table local metric 256
- ff00::/8 dev wlan0 table local metric 256
- ff00::/8 dev br-guest table local metric 256
- ff00::/8 dev wlan0-1 table local metric 256
- 0: from all lookup local
- 32766: from all lookup main
- 32767: from all lookup default
- # Generated by iptables-save v1.8.3 on Fri Feb 26 19:29:05 2021
- *nat
- :PREROUTING ACCEPT [3257:1415076]
- :INPUT ACCEPT [130:10025]
- :OUTPUT ACCEPT [208:14159]
- :POSTROUTING ACCEPT [208:14159]
- :postrouting_guest_rule - [0:0]
- :postrouting_lan_rule - [0:0]
- :postrouting_rule - [0:0]
- :postrouting_wan_rule - [0:0]
- :prerouting_guest_rule - [0:0]
- :prerouting_lan_rule - [0:0]
- :prerouting_rule - [0:0]
- :prerouting_wan_rule - [0:0]
- :zone_guest_postrouting - [0:0]
- :zone_guest_prerouting - [0:0]
- :zone_lan_postrouting - [0:0]
- :zone_lan_prerouting - [0:0]
- :zone_wan_postrouting - [0:0]
- :zone_wan_prerouting - [0:0]
- -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
- -A PREROUTING -i br-guest -m comment --comment "!fw3" -j zone_guest_prerouting
- -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
- -A POSTROUTING -o br-guest -m comment --comment "!fw3" -j zone_guest_postrouting
- -A zone_guest_postrouting -m comment --comment "!fw3: Custom guest postrouting rule chain" -j postrouting_guest_rule
- -A zone_guest_prerouting -m comment --comment "!fw3: Custom guest prerouting rule chain" -j prerouting_guest_rule
- -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
- -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
- -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
- -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
- -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
- COMMIT
- # Completed on Fri Feb 26 19:29:05 2021
- # Generated by iptables-save v1.8.3 on Fri Feb 26 19:29:05 2021
- *mangle
- :PREROUTING ACCEPT [6653:1775507]
- :INPUT ACCEPT [3526:370456]
- :FORWARD ACCEPT [142:9152]
- :OUTPUT ACCEPT [4195:1006416]
- :POSTROUTING ACCEPT [4059:994061]
- COMMIT
- # Completed on Fri Feb 26 19:29:05 2021
- # Generated by iptables-save v1.8.3 on Fri Feb 26 19:29:05 2021
- *filter
- :INPUT ACCEPT [32:2827]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [35:2760]
- :forwarding_guest_rule - [0:0]
- :forwarding_lan_rule - [0:0]
- :forwarding_rule - [0:0]
- :forwarding_wan_rule - [0:0]
- :input_guest_rule - [0:0]
- :input_lan_rule - [0:0]
- :input_rule - [0:0]
- :input_wan_rule - [0:0]
- :output_guest_rule - [0:0]
- :output_lan_rule - [0:0]
- :output_rule - [0:0]
- :output_wan_rule - [0:0]
- :reject - [0:0]
- :syn_flood - [0:0]
- :zone_guest_dest_ACCEPT - [0:0]
- :zone_guest_dest_REJECT - [0:0]
- :zone_guest_forward - [0:0]
- :zone_guest_input - [0:0]
- :zone_guest_output - [0:0]
- :zone_guest_src_REJECT - [0:0]
- :zone_lan_dest_ACCEPT - [0:0]
- :zone_lan_forward - [0:0]
- :zone_lan_input - [0:0]
- :zone_lan_output - [0:0]
- :zone_lan_src_ACCEPT - [0:0]
- :zone_wan_dest_ACCEPT - [0:0]
- :zone_wan_dest_REJECT - [0:0]
- :zone_wan_forward - [0:0]
- :zone_wan_input - [0:0]
- :zone_wan_output - [0:0]
- :zone_wan_src_REJECT - [0:0]
- -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
- -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
- -A INPUT -i br-guest -m comment --comment "!fw3" -j zone_guest_input
- -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
- -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- -A FORWARD -i br-guest -m comment --comment "!fw3" -j zone_guest_forward
- -A FORWARD -m comment --comment "!fw3" -j reject
- -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
- -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
- -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
- -A OUTPUT -o br-guest -m comment --comment "!fw3" -j zone_guest_output
- -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
- -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
- -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
- -A syn_flood -m comment --comment "!fw3" -j DROP
- -A zone_guest_dest_ACCEPT -o br-guest -m comment --comment "!fw3" -j ACCEPT
- -A zone_guest_dest_REJECT -o br-guest -m comment --comment "!fw3" -j reject
- -A zone_guest_forward -m comment --comment "!fw3: Custom guest forwarding rule chain" -j forwarding_guest_rule
- -A zone_guest_forward -m comment --comment "!fw3: Zone guest to wan forwarding policy" -j zone_wan_dest_ACCEPT
- -A zone_guest_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_guest_forward -m comment --comment "!fw3" -j zone_guest_dest_REJECT
- -A zone_guest_input -m comment --comment "!fw3: Custom guest input rule chain" -j input_guest_rule
- -A zone_guest_input -p tcp -m tcp --dport 53 -m comment --comment "!fw3: Allow-DNS-Guest" -j ACCEPT
- -A zone_guest_input -p udp -m udp --dport 53 -m comment --comment "!fw3: Allow-DNS-Guest" -j ACCEPT
- -A zone_guest_input -p udp -m udp --dport 67 -m comment --comment "!fw3: Allow-DHCP-Guest" -j ACCEPT
- -A zone_guest_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_guest_input -m comment --comment "!fw3" -j zone_guest_src_REJECT
- -A zone_guest_output -m comment --comment "!fw3: Custom guest output rule chain" -j output_guest_rule
- -A zone_guest_output -m comment --comment "!fw3" -j zone_guest_dest_ACCEPT
- -A zone_guest_src_REJECT -i br-guest -m comment --comment "!fw3" -j reject
- -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
- -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
- -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
- -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
- -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
- -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
- -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
- -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
- -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
- -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
- -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
- -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
- -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
- -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
- -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
- -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
- -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
- -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
- COMMIT
- # Completed on Fri Feb 26 19:29:05 2021
- ==> /etc/resolv.conf <==
- search lan
- nameserver 127.0.0.1
- ==> /tmp/resolv.conf <==
- search lan
- nameserver 127.0.0.1
- ==> /tmp/resolv.conf.auto <==
- # Interface lan
- nameserver 192.168.0.199
- head: /tmp/resolv.*/*: No such file or directory
- root@OpenWrt:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement