Created
April 8, 2015 21:08
-
-
Save raldred/ad6de0f76a5095b21fda to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@OpenWrt:~# iptables -L | |
| Chain INPUT (policy ACCEPT) | |
| target prot opt source destination | |
| delegate_input all -- anywhere anywhere | |
| Chain FORWARD (policy DROP) | |
| target prot opt source destination | |
| delegate_forward all -- anywhere anywhere | |
| Chain OUTPUT (policy ACCEPT) | |
| target prot opt source destination | |
| delegate_output all -- anywhere anywhere | |
| Chain delegate_forward (1 references) | |
| target prot opt source destination | |
| forwarding_rule all -- anywhere anywhere /* user chain for forwarding */ | |
| ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
| zone_lan_forward all -- anywhere anywhere | |
| zone_wan_forward all -- anywhere anywhere | |
| zone_vpn_forward all -- anywhere anywhere | |
| reject all -- anywhere anywhere | |
| Chain delegate_input (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere | |
| input_rule all -- anywhere anywhere /* user chain for input */ | |
| ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
| syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN | |
| zone_lan_input all -- anywhere anywhere | |
| zone_wan_input all -- anywhere anywhere | |
| zone_vpn_input all -- anywhere anywhere | |
| Chain delegate_output (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere | |
| output_rule all -- anywhere anywhere /* user chain for output */ | |
| ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED | |
| zone_lan_output all -- anywhere anywhere | |
| zone_wan_output all -- anywhere anywhere | |
| zone_vpn_output all -- anywhere anywhere | |
| Chain forwarding_lan_rule (1 references) | |
| target prot opt source destination | |
| Chain forwarding_rule (1 references) | |
| target prot opt source destination | |
| Chain forwarding_vpn_rule (1 references) | |
| target prot opt source destination | |
| Chain forwarding_wan_rule (1 references) | |
| target prot opt source destination | |
| Chain input_lan_rule (1 references) | |
| target prot opt source destination | |
| Chain input_rule (1 references) | |
| target prot opt source destination | |
| Chain input_vpn_rule (1 references) | |
| target prot opt source destination | |
| Chain input_wan_rule (1 references) | |
| target prot opt source destination | |
| Chain output_lan_rule (1 references) | |
| target prot opt source destination | |
| Chain output_rule (1 references) | |
| target prot opt source destination | |
| Chain output_vpn_rule (1 references) | |
| target prot opt source destination | |
| Chain output_wan_rule (1 references) | |
| target prot opt source destination | |
| Chain reject (5 references) | |
| target prot opt source destination | |
| REJECT tcp -- anywhere anywhere reject-with tcp-reset | |
| REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | |
| Chain syn_flood (1 references) | |
| target prot opt source destination | |
| RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 | |
| DROP all -- anywhere anywhere | |
| Chain zone_lan_dest_ACCEPT (4 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere | |
| Chain zone_lan_forward (1 references) | |
| target prot opt source destination | |
| forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */ | |
| zone_vpn_dest_ACCEPT tcp -- anywhere anywhere /* LAN->VPN */ | |
| zone_vpn_dest_ACCEPT udp -- anywhere anywhere /* LAN->VPN */ | |
| zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */ | |
| ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ | |
| zone_lan_dest_ACCEPT all -- anywhere anywhere | |
| Chain zone_lan_input (1 references) | |
| target prot opt source destination | |
| input_lan_rule all -- anywhere anywhere /* user chain for input */ | |
| ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ | |
| zone_lan_src_ACCEPT all -- anywhere anywhere | |
| Chain zone_lan_output (1 references) | |
| target prot opt source destination | |
| output_lan_rule all -- anywhere anywhere /* user chain for output */ | |
| zone_lan_dest_ACCEPT all -- anywhere anywhere | |
| Chain zone_lan_src_ACCEPT (1 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere | |
| Chain zone_vpn_dest_ACCEPT (3 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere | |
| Chain zone_vpn_dest_REJECT (1 references) | |
| target prot opt source destination | |
| reject all -- anywhere anywhere | |
| Chain zone_vpn_forward (1 references) | |
| target prot opt source destination | |
| forwarding_vpn_rule all -- anywhere anywhere /* user chain for forwarding */ | |
| zone_lan_dest_ACCEPT tcp -- anywhere anywhere /* VPN->LAN */ | |
| zone_lan_dest_ACCEPT udp -- anywhere anywhere /* VPN->LAN */ | |
| ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ | |
| zone_vpn_dest_REJECT all -- anywhere anywhere | |
| Chain zone_vpn_input (1 references) | |
| target prot opt source destination | |
| input_vpn_rule all -- anywhere anywhere /* user chain for input */ | |
| ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ | |
| zone_vpn_src_REJECT all -- anywhere anywhere | |
| Chain zone_vpn_output (1 references) | |
| target prot opt source destination | |
| output_vpn_rule all -- anywhere anywhere /* user chain for output */ | |
| zone_vpn_dest_ACCEPT all -- anywhere anywhere | |
| Chain zone_vpn_src_REJECT (1 references) | |
| target prot opt source destination | |
| reject all -- anywhere anywhere | |
| Chain zone_wan_dest_ACCEPT (2 references) | |
| target prot opt source destination | |
| ACCEPT all -- anywhere anywhere | |
| Chain zone_wan_dest_REJECT (1 references) | |
| target prot opt source destination | |
| reject all -- anywhere anywhere | |
| Chain zone_wan_forward (1 references) | |
| target prot opt source destination | |
| forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */ | |
| ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ | |
| zone_wan_dest_REJECT all -- anywhere anywhere | |
| Chain zone_wan_input (1 references) | |
| target prot opt source destination | |
| input_wan_rule all -- anywhere anywhere /* user chain for input */ | |
| ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */ | |
| ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */ | |
| ACCEPT tcp -- anywhere anywhere tcp dpt:65535 /* SSH in */ | |
| ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ | |
| zone_wan_src_REJECT all -- anywhere anywhere | |
| Chain zone_wan_output (1 references) | |
| target prot opt source destination | |
| output_wan_rule all -- anywhere anywhere /* user chain for output */ | |
| zone_wan_dest_ACCEPT all -- anywhere anywhere | |
| Chain zone_wan_src_REJECT (1 references) | |
| target prot opt source destination | |
| reject all -- anywhere anywhere |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment