Skip to content

Instantly share code, notes, and snippets.

@raldred
Created April 8, 2015 21:08
Show Gist options
  • Save raldred/ad6de0f76a5095b21fda to your computer and use it in GitHub Desktop.
Save raldred/ad6de0f76a5095b21fda to your computer and use it in GitHub Desktop.
root@OpenWrt:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
delegate_input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
delegate_forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
delegate_output all -- anywhere anywhere
Chain delegate_forward (1 references)
target prot opt source destination
forwarding_rule all -- anywhere anywhere /* user chain for forwarding */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
zone_lan_forward all -- anywhere anywhere
zone_wan_forward all -- anywhere anywhere
zone_vpn_forward all -- anywhere anywhere
reject all -- anywhere anywhere
Chain delegate_input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
input_rule all -- anywhere anywhere /* user chain for input */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
zone_lan_input all -- anywhere anywhere
zone_wan_input all -- anywhere anywhere
zone_vpn_input all -- anywhere anywhere
Chain delegate_output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
output_rule all -- anywhere anywhere /* user chain for output */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
zone_lan_output all -- anywhere anywhere
zone_wan_output all -- anywhere anywhere
zone_vpn_output all -- anywhere anywhere
Chain forwarding_lan_rule (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_vpn_rule (1 references)
target prot opt source destination
Chain forwarding_wan_rule (1 references)
target prot opt source destination
Chain input_lan_rule (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_vpn_rule (1 references)
target prot opt source destination
Chain input_wan_rule (1 references)
target prot opt source destination
Chain output_lan_rule (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination
Chain output_vpn_rule (1 references)
target prot opt source destination
Chain output_wan_rule (1 references)
target prot opt source destination
Chain reject (5 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all -- anywhere anywhere
Chain zone_lan_dest_ACCEPT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain zone_lan_forward (1 references)
target prot opt source destination
forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */
zone_vpn_dest_ACCEPT tcp -- anywhere anywhere /* LAN->VPN */
zone_vpn_dest_ACCEPT udp -- anywhere anywhere /* LAN->VPN */
zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */
zone_lan_dest_ACCEPT all -- anywhere anywhere
Chain zone_lan_input (1 references)
target prot opt source destination
input_lan_rule all -- anywhere anywhere /* user chain for input */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */
zone_lan_src_ACCEPT all -- anywhere anywhere
Chain zone_lan_output (1 references)
target prot opt source destination
output_lan_rule all -- anywhere anywhere /* user chain for output */
zone_lan_dest_ACCEPT all -- anywhere anywhere
Chain zone_lan_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain zone_vpn_dest_ACCEPT (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain zone_vpn_dest_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain zone_vpn_forward (1 references)
target prot opt source destination
forwarding_vpn_rule all -- anywhere anywhere /* user chain for forwarding */
zone_lan_dest_ACCEPT tcp -- anywhere anywhere /* VPN->LAN */
zone_lan_dest_ACCEPT udp -- anywhere anywhere /* VPN->LAN */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */
zone_vpn_dest_REJECT all -- anywhere anywhere
Chain zone_vpn_input (1 references)
target prot opt source destination
input_vpn_rule all -- anywhere anywhere /* user chain for input */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */
zone_vpn_src_REJECT all -- anywhere anywhere
Chain zone_vpn_output (1 references)
target prot opt source destination
output_vpn_rule all -- anywhere anywhere /* user chain for output */
zone_vpn_dest_ACCEPT all -- anywhere anywhere
Chain zone_vpn_src_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain zone_wan_dest_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain zone_wan_dest_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain zone_wan_forward (1 references)
target prot opt source destination
forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */
zone_wan_dest_REJECT all -- anywhere anywhere
Chain zone_wan_input (1 references)
target prot opt source destination
input_wan_rule all -- anywhere anywhere /* user chain for input */
ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */
ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */
ACCEPT tcp -- anywhere anywhere tcp dpt:65535 /* SSH in */
ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */
zone_wan_src_REJECT all -- anywhere anywhere
Chain zone_wan_output (1 references)
target prot opt source destination
output_wan_rule all -- anywhere anywhere /* user chain for output */
zone_wan_dest_ACCEPT all -- anywhere anywhere
Chain zone_wan_src_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment