API tools faq
paste
Advertisement
BoogeyCZ

Untitled

BoogeyCZ
May 31st, 2017
622
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.91 KB | None | 0 0
raw download clone embed print report
  1. root@openwrt:~# iptables -L -v -n
  2. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  3. pkts bytes target prot opt in out source destination
  4. 1 356 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  5. 151K 174M input_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for input */
  6. 151K 174M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  7. 64 3504 syn_flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 /* !fw3 */
  8. 570 37098 zone_lan_input all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  9. 108 4366 zone_wan_input all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  10. 0 0 zone_wan_input all -- 6in4-wan6 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  11. 0 0 zone_dmz_input all -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  12. 0 0 zone_vpn_input all -- tun0 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  13. 4 288 zone_vpn_client_input all -- tun1 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  14.  
  15. Chain FORWARD (policy DROP 0 packets, 0 bytes)
  16. pkts bytes target prot opt in out source destination
  17. 61322 11M forwarding_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for forwarding */
  18. 60966 11M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  19. 354 38405 zone_lan_forward all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  20. 2 112 zone_wan_forward all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  21. 0 0 zone_wan_forward all -- 6in4-wan6 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  22. 0 0 zone_dmz_forward all -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  23. 0 0 zone_vpn_forward all -- tun0 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  24. 0 0 zone_vpn_client_forward all -- tun1 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  25. 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  26.  
  27. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  28. pkts bytes target prot opt in out source destination
  29. 1 356 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  30. 84631 8911K output_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for output */
  31. 84355 8892K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
  32. 18 1925 zone_lan_output all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  33. 256 16619 zone_wan_output all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  34. 0 0 zone_wan_output all -- * 6in4-wan6 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  35. 1 328 zone_dmz_output all -- * eth0.3 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  36. 0 0 zone_vpn_output all -- * tun0 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  37. 1 84 zone_vpn_client_output all -- * tun1 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  38.  
  39. Chain forwarding_dmz_rule (1 references)
  40. pkts bytes target prot opt in out source destination
  41.  
  42. Chain forwarding_lan_rule (1 references)
  43. pkts bytes target prot opt in out source destination
  44.  
  45. Chain forwarding_rule (1 references)
  46. pkts bytes target prot opt in out source destination
  47.  
  48. Chain forwarding_wan_rule (1 references)
  49. pkts bytes target prot opt in out source destination
  50.  
  51. Chain input_dmz_rule (1 references)
  52. pkts bytes target prot opt in out source destination
  53.  
  54. Chain input_lan_rule (1 references)
  55. pkts bytes target prot opt in out source destination
  56.  
  57. Chain input_rule (1 references)
  58. pkts bytes target prot opt in out source destination
  59.  
  60. Chain input_wan_rule (1 references)
  61. pkts bytes target prot opt in out source destination
  62.  
  63. Chain output_dmz_rule (1 references)
  64. pkts bytes target prot opt in out source destination
  65.  
  66. Chain output_lan_rule (1 references)
  67. pkts bytes target prot opt in out source destination
  68.  
  69. Chain output_rule (1 references)
  70. pkts bytes target prot opt in out source destination
  71.  
  72. Chain output_wan_rule (1 references)
  73. pkts bytes target prot opt in out source destination
  74.  
  75. Chain reject (8 references)
  76. pkts bytes target prot opt in out source destination
  77. 28 1164 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */ reject-with tcp-reset
  78. 3 142 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */ reject-with icmp-port-unreachable
  79.  
  80. Chain syn_flood (1 references)
  81. pkts bytes target prot opt in out source destination
  82. 64 3504 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50 /* !fw3 */
  83. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  84.  
  85. Chain zone_dmz_dest_ACCEPT (2 references)
  86. pkts bytes target prot opt in out source destination
  87. 1 328 ACCEPT all -- * eth0.3 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  88.  
  89. Chain zone_dmz_dest_REJECT (1 references)
  90. pkts bytes target prot opt in out source destination
  91. 0 0 reject all -- * eth0.3 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  92.  
  93. Chain zone_dmz_forward (1 references)
  94. pkts bytes target prot opt in out source destination
  95. 0 0 forwarding_dmz_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for forwarding */
  96. 0 0 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: forwarding dmz -> wan */
  97. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
  98. 0 0 zone_dmz_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  99.  
  100. Chain zone_dmz_input (1 references)
  101. pkts bytes target prot opt in out source destination
  102. 0 0 input_dmz_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for input */
  103. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
  104. 0 0 zone_dmz_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  105.  
  106. Chain zone_dmz_output (1 references)
  107. pkts bytes target prot opt in out source destination
  108. 1 328 output_dmz_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for output */
  109. 1 328 zone_dmz_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  110.  
  111. Chain zone_dmz_src_ACCEPT (1 references)
  112. pkts bytes target prot opt in out source destination
  113. 0 0 ACCEPT all -- eth0.3 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED /* !fw3 */
  114.  
  115. Chain zone_lan_dest_ACCEPT (4 references)
  116. pkts bytes target prot opt in out source destination
  117. 163 22990 ACCEPT all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  118.  
  119. Chain zone_lan_forward (1 references)
  120. pkts bytes target prot opt in out source destination
  121. 354 38405 forwarding_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for forwarding */
  122. 354 38405 zone_dmz_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: forwarding lan -> dmz */
  123. 354 38405 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: forwarding lan -> wan */
  124. 189 24761 zone_vpn_client_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: forwarding lan -> vpn_client */
  125. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
  126. 145 21065 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  127.  
  128. Chain zone_lan_input (1 references)
  129. pkts bytes target prot opt in out source destination
  130. 570 37098 input_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for input */
  131. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
  132. 570 37098 zone_lan_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  133.  
  134. Chain zone_lan_output (1 references)
  135. pkts bytes target prot opt in out source destination
  136. 18 1925 output_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for output */
  137. 18 1925 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  138.  
  139. Chain zone_lan_src_ACCEPT (1 references)
  140. pkts bytes target prot opt in out source destination
  141. 570 37098 ACCEPT all -- br-lan * 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED /* !fw3 */
  142.  
  143. Chain zone_vpn_client_dest_ACCEPT (2 references)
  144. pkts bytes target prot opt in out source destination
  145. 45 3780 ACCEPT all -- * tun1 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  146.  
  147. Chain zone_vpn_client_dest_REJECT (1 references)
  148. pkts bytes target prot opt in out source destination
  149. 0 0 reject all -- * tun1 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  150.  
  151. Chain zone_vpn_client_forward (1 references)
  152. pkts bytes target prot opt in out source destination
  153. 0 0 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: forwarding vpn_client -> lan */
  154. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
  155. 0 0 zone_vpn_client_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  156.  
  157. Chain zone_vpn_client_input (1 references)
  158. pkts bytes target prot opt in out source destination
  159. 2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* !fw3: VPN_client-ping */
  160. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
  161. 2 120 zone_vpn_client_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  162.  
  163. Chain zone_vpn_client_output (1 references)
  164. pkts bytes target prot opt in out source destination
  165. 1 84 zone_vpn_client_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  166.  
  167. Chain zone_vpn_client_src_ACCEPT (1 references)
  168. pkts bytes target prot opt in out source destination
  169. 2 120 ACCEPT all -- tun1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED /* !fw3 */
  170.  
  171. Chain zone_vpn_dest_ACCEPT (1 references)
  172. pkts bytes target prot opt in out source destination
  173. 0 0 ACCEPT all -- * tun0 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  174.  
  175. Chain zone_vpn_dest_REJECT (1 references)
  176. pkts bytes target prot opt in out source destination
  177. 0 0 reject all -- * tun0 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  178.  
  179. Chain zone_vpn_forward (1 references)
  180. pkts bytes target prot opt in out source destination
  181. 0 0 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: forwarding vpn -> lan */
  182. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
  183. 0 0 zone_vpn_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  184.  
  185. Chain zone_vpn_input (1 references)
  186. pkts bytes target prot opt in out source destination
  187. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
  188. 0 0 zone_vpn_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  189.  
  190. Chain zone_vpn_output (1 references)
  191. pkts bytes target prot opt in out source destination
  192. 0 0 zone_vpn_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  193.  
  194. Chain zone_vpn_src_ACCEPT (1 references)
  195. pkts bytes target prot opt in out source destination
  196. 0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED /* !fw3 */
  197.  
  198. Chain zone_wan_dest_ACCEPT (3 references)
  199. pkts bytes target prot opt in out source destination
  200. 421 30263 ACCEPT all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  201. 0 0 ACCEPT all -- * 6in4-wan6 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  202.  
  203. Chain zone_wan_dest_REJECT (1 references)
  204. pkts bytes target prot opt in out source destination
  205. 0 0 reject all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  206. 0 0 reject all -- * 6in4-wan6 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  207.  
  208. Chain zone_wan_forward (2 references)
  209. pkts bytes target prot opt in out source destination
  210. 2 112 forwarding_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for forwarding */
  211. 2 112 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
  212. 0 0 zone_wan_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  213.  
  214. Chain zone_wan_input (2 references)
  215. pkts bytes target prot opt in out source destination
  216. 108 4366 input_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for input */
  217. 2 660 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 /* !fw3: Allow-DHCP-Renew */
  218. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* !fw3: Allow-Ping */
  219. 75 2400 ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Allow-IGMP */
  220. 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 /* !fw3: VPN */
  221. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
  222. 31 1306 zone_wan_src_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  223.  
  224. Chain zone_wan_output (2 references)
  225. pkts bytes target prot opt in out source destination
  226. 256 16619 output_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for output */
  227. 256 16619 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  228.  
  229. Chain zone_wan_src_REJECT (1 references)
  230. pkts bytes target prot opt in out source destination
  231. 31 1306 reject all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
  232. 0 0 reject all -- 6in4-wan6 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!