Skip to content

Instantly share code, notes, and snippets.

@FreifunkUFO

FreifunkUFO/gist:3471e5aea18ac5320d23

Created November 24, 2014 15:06
Show Gist options
  • Save FreifunkUFO/3471e5aea18ac5320d23 to your computer and use it in GitHub Desktop.
Save FreifunkUFO/3471e5aea18ac5320d23 to your computer and use it in GitHub Desktop.
Download ZIP
fw3 print vor und nach firewall restart
Raw
gistfile1.txt
***
*** VERBINDUNG: /dev/tty.usbserial-A90R7D51
*** Datum 24.11.14
*** Uhrzeit 16:04:31
***
U-Boot 1.1.4 (Aug 7 2012 - 09:50:35)
U-boot DB120
DRAM: 128 MB
id read 0x100000ff
flash size 8MB, sector count = 128
Flash: 8 MB
Using default environment
PCIe Reset OK!!!!!!
In: serial
Out: serial
Err: serial
Net: ag934x_enet_initialize...
No valid address in Flash. Using fixed address
No valid address in Flash. Using fixed address
wasp reset mask:c03300
WASP ----> S27 PHY
: cfg1 0x5 cfg2 0x7114
eth0: ba:be:fa:ce:08:41
s27 reg init
athrs27_phy_setup ATHR_PHY_CONTROL 4 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 4 :10
eth0 up
WASP ----> S27 PHY
: cfg1 0xf cfg2 0x7214
eth1: ba:be:fa:ce:08:41
s27 reg init lan
ATHRS27: resetting s27
ATHRS27: s27 reset done
athrs27_phy_setup ATHR_PHY_CONTROL 0 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 0 :10
athrs27_phy_setup ATHR_PHY_CONTROL 1 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 1 :10
athrs27_phy_setup ATHR_PHY_CONTROL 2 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 2 :10
athrs27_phy_setup ATHR_PHY_CONTROL 3 :1000
athrs27_phy_setup ATHR_PHY_SPEC_STAUS 3 :10
eth1 up
eth0, eth1
Autobooting in 1 seconds
## Booting image at 9f020000 ...
Uncompressing Kernel Image ... OK
Starting kernel ...
[ 0.000000] Linux version 3.14.18 (walter@freifunkvm) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r43351) ) #1 Mon Nov 24 09:40:16 CET 2014
[ 0.000000] bootconsole [early0] enabled
[ 0.000000] CPU0 revision is: 0001974c (MIPS 74Kc)
[ 0.000000] SoC: Atheros AR9344 rev 2
[ 0.000000] Determined physical RAM map:
[ 0.000000] memory: 08000000 @ 00000000 (usable)
[ 0.000000] Initrd not found or empty - disabling initrd
[ 0.000000] Zone ranges:
[ 0.000000] Normal [mem 0x00000000-0x07ffffff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x00000000-0x07ffffff]
[ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32512
[ 0.000000] Kernel command line: board=TL-WDR3500 console=ttyS0,115200 rootfstype=squashfs,jffs2 noinitrd
[ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Writing ErrCtl register=00000000
[ 0.000000] Readback ErrCtl register=00000000
[ 0.000000] Memory: 125920K/131072K available (2512K kernel code, 126K rwdata, 516K rodata, 228K init, 191K bss, 5152K reserved)
[ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] NR_IRQS:51
[ 0.000000] Clocks: CPU:560.000MHz, DDR:450.000MHz, AHB:225.000MHz, Ref:40.000MHz
[ 0.000000] Calibrating delay loop... 278.93 BogoMIPS (lpj=1394688)
[ 0.070000] pid_max: default: 32768 minimum: 301
[ 0.070000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.080000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.080000] NET: Registered protocol family 16
[ 0.090000] MIPS: machine is TP-LINK TL-WDR3500
[ 0.100000] registering PCI controller with io_map_base unset
[ 0.510000] bio: create slab <bio-0> at 0
[ 0.520000] PCI host bridge to bus 0000:00
[ 0.520000] pci_bus 0000:00: root bus resource [mem 0x10000000-0x13ffffff]
[ 0.530000] pci_bus 0000:00: root bus resource [io 0x0000]
[ 0.530000] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
[ 0.540000] pci 0000:00:00.0: invalid calibration data
[ 0.540000] pci 0000:00:00.0: BAR 0: assigned [mem 0x10000000-0x1001ffff 64bit]
[ 0.550000] pci 0000:00:00.0: BAR 6: assigned [mem 0x10020000-0x1002ffff pref]
[ 0.550000] pci 0000:00:00.0: using irq 40 for pin 1
[ 0.560000] Switched to clocksource MIPS
[ 0.560000] NET: Registered protocol family 2
[ 0.570000] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.570000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.580000] TCP: Hash tables configured (established 1024 bind 1024)
[ 0.590000] TCP: reno registered
[ 0.590000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[ 0.600000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[ 0.600000] NET: Registered protocol family 1
[ 0.610000] futex hash table entries: 256 (order: -1, 3072 bytes)
[ 0.630000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 0.630000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[ 0.650000] msgmni has been set to 245
[ 0.650000] io scheduler noop registered
[ 0.650000] io scheduler deadline registered (default)
[ 0.660000] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[ 0.690000] serial8250.0: ttyS0 at MMIO 0x18020000 (irq = 11, base_baud = 2500000) is a 16550A
[ 0.700000] console [ttyS0] enabled
[ 0.700000] console [ttyS0] enabled
[ 0.710000] bootconsole [early0] disabled
[ 0.710000] bootconsole [early0] disabled
[ 0.720000] m25p80 spi0.0: found en25q64, expected m25p80
[ 0.720000] m25p80 spi0.0: en25q64 (8192 Kbytes)
[ 0.730000] 5 tp-link partitions found on MTD device spi0.0
[ 0.740000] Creating 5 MTD partitions on "spi0.0":
[ 0.740000] 0x000000000000-0x000000020000 : "u-boot"
[ 0.750000] 0x000000020000-0x00000013af1c : "kernel"
[ 0.750000] mtd: partition "kernel" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.770000] 0x00000013af1c-0x0000007f0000 : "rootfs"
[ 0.770000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[ 0.790000] mtd: device 2 (rootfs) set to be root filesystem
[ 0.790000] 1 squashfs-split partitions found on MTD device rootfs
[ 0.800000] 0x000000410000-0x0000007f0000 : "rootfs_data"
[ 0.800000] 0x0000007f0000-0x000000800000 : "art"
[ 0.810000] 0x000000020000-0x0000007f0000 : "firmware"
[ 0.830000] libphy: ag71xx_mdio: probed
[ 1.390000] ag71xx-mdio.1: Found an AR934X built-in switch
[ 2.420000] eth0: Atheros AG71xx at 0xba000000, irq 5, mode:GMII
[ 3.050000] ag71xx ag71xx.0: connected to PHY at ag71xx-mdio.1:04 [uid=004dd042, driver=Generic PHY]
[ 3.060000] eth1: Atheros AG71xx at 0xb9000000, irq 4, mode:MII
[ 3.060000] TCP: cubic registered
[ 3.070000] NET: Registered protocol family 17
[ 3.070000] Bridge firewalling registered
[ 3.080000] 8021q: 802.1Q VLAN Support v1.8
[ 3.090000] VFS: Mounted root (squashfs filesystem) readonly on device 31:2.
[ 3.090000] Freeing unused kernel memory: 228K (80377000 - 803b0000)
procd: Console is alive
procd: - watchdog -
[ 5.430000] usbcore: registered new interface driver usbfs
[ 5.440000] usbcore: registered new interface driver hub
[ 5.440000] usbcore: registered new device driver usb
[ 5.450000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 5.460000] ehci-platform: EHCI generic platform driver
[ 5.470000] ehci-platform ehci-platform: EHCI Host Controller
[ 5.470000] ehci-platform ehci-platform: new USB bus registered, assigned bus number 1
[ 5.480000] ehci-platform ehci-platform: irq 3, io mem 0x1b000000
[ 5.510000] ehci-platform ehci-platform: USB 2.0 started, EHCI 1.00
[ 5.510000] hub 1-0:1.0: USB hub found
[ 5.520000] hub 1-0:1.0: 1 port detected
procd: - preinit -
[ 7.920000] random: mktemp urandom read with 65 bits of entropy available
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
jffs2 is ready
jffs2 is ready
[ 11.150000] jffs2: notice: (344) jffs2_build_xattr_subsystem: complete building xattr subsystem, 1 of xdatum (1 unchecked, 0 orphan) and 27 of xref (0 dead, 7 orphan) found.
switching to overlay
procd: - early -
procd: - watchdog -
procd: - ubus -
procd: - init -
Please press Enter to activate this console.
[ 13.810000] NET: Registered protocol family 10
[ 13.820000] tun: Universal TUN/TAP device driver, 1.6
[ 13.820000] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[ 13.840000] batman_adv: B.A.T.M.A.N. advanced 2014.3.0 (compatibility version 15) loaded
[ 13.860000] u32 classifier
[ 13.860000] input device check on
[ 13.870000] Actions configured
[ 13.870000] Mirror/redirect action on
[ 13.880000] netem: version 1.3
[ 13.920000] Loading modules backported from Linux version master-2014-11-04-0-gf3660a2
[ 13.930000] Backport generated by backports.git backports-20141023-2-g4ff890b
[ 13.940000] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 13.960000] nf_conntrack version 0.5.0 (1971 buckets, 7884 max)
[ 14.050000] xt_time: kernel timezone is -0000
[ 14.090000] cfg80211: Calling CRDA to update world regulatory domain
[ 14.090000] cfg80211: World regulatory domain updated:
[ 14.100000] cfg80211: DFS Master region: unset
[ 14.100000] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[ 14.110000] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[ 14.120000] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[ 14.130000] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[ 14.140000] cfg80211: (5170000 KHz - 5250000 KHz @ 160000 KHz), (N/A, 2000 mBm), (N/A)
[ 14.150000] cfg80211: (5250000 KHz - 5330000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s)
[ 14.150000] cfg80211: (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s)
[ 14.160000] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 14.170000] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)
[ 14.440000] cfg80211: Calling CRDA for country: US
[ 14.440000] cfg80211: Regulatory domain changed to country: US
[ 14.450000] cfg80211: DFS Master region: FCC
[ 14.450000] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[ 14.460000] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 3000 mBm), (N/A)
[ 14.470000] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 1700 mBm), (N/A)
[ 14.480000] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz), (N/A, 2300 mBm), (0 s)
[ 14.490000] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 3000 mBm), (N/A)
[ 14.500000] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
[ 14.500000] ieee80211 phy0: Atheros AR9340 Rev:2 mem=0xb8100000, irq=47
[ 14.510000] PCI: Enabling device 0000:00:00.0 (0000 -> 0002)
[ 14.560000] ieee80211 phy1: Atheros AR9300 Rev:4 mem=0xb0000000, irq=40
[ 23.230000] random: nonblocking pool is initialized
[ 24.750000] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 24.750000] device eth0 entered promiscuous mode
[ 24.760000] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[ 24.800000] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[ 24.820000] IPv6: ADDRCONF(NETDEV_UP): br-mesh12: link is not ready
[ 24.830000] IPv6: ADDRCONF(NETDEV_UP): br-mesh14: link is not ready
[ 26.470000] cfg80211: Calling CRDA for country: DE
[ 26.520000] cfg80211: Regulatory domain changed to country: DE
[ 26.520000] cfg80211: DFS Master region: ETSI
[ 26.530000] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[ 26.540000] cfg80211: (2400000 KHz - 2483000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[ 26.550000] cfg80211: (5150000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 26.550000] cfg80211: (5250000 KHz - 5350000 KHz @ 80000 KHz), (N/A, 2000 mBm), (0 s)
[ 26.560000] cfg80211: (5470000 KHz - 5725000 KHz @ 80000 KHz), (N/A, 2700 mBm), (0 s)
[ 26.570000] cfg80211: (57240000 KHz - 65880000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
[ 29.020000] IPv6: ADDRCONF(NETDEV_UP): wlan1-1: link is not ready
[ 29.070000] device wlan1-2 entered promiscuous mode
[ 29.080000] br-mesh12: port 1(wlan1-2) entered forwarding state
[ 29.080000] br-mesh12: port 1(wlan1-2) entered forwarding state
[ 29.090000] IPv6: ADDRCONF(NETDEV_UP): wlan1-2: link is not ready
[ 29.160000] device wlan1-3 entered promiscuous mode
[ 29.160000] br-mesh14: port 1(wlan1-3) entered forwarding state
[ 29.170000] br-mesh14: port 1(wlan1-3) entered forwarding state
[ 29.180000] IPv6: ADDRCONF(NETDEV_UP): wlan1-3: link is not ready
[ 29.330000] IPv6: ADDRCONF(NETDEV_UP): wlan0-1: link is not ready
[ 29.330000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-1: link becomes ready
[ 29.340000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-2: link becomes ready
[ 29.350000] IPv6: ADDRCONF(NETDEV_CHANGE): br-mesh12: link becomes ready
[ 29.360000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-3: link becomes ready
[ 29.360000] IPv6: ADDRCONF(NETDEV_CHANGE): br-mesh14: link becomes ready
[ 29.460000] device wlan0-1 entered promiscuous mode
[ 29.540000] br-mesh12: port 2(wlan0-1) entered forwarding state
[ 29.550000] br-mesh12: port 2(wlan0-1) entered forwarding state
[ 29.550000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0-1: link becomes ready
[ 29.620000] device wlan0-2 entered promiscuous mode
[ 29.620000] br-mesh14: port 2(wlan0-2) entered forwarding state
[ 29.630000] br-mesh14: port 2(wlan0-2) entered forwarding state
[ 29.640000] IPv6: ADDRCONF(NETDEV_UP): wlan0-2: link is not ready
[ 29.690000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0-2: link becomes ready
[ 29.710000] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 29.870000] wlan1: Created IBSS using preconfigured BSSID 02:44:ca:ff:ee:ee
[ 29.870000] wlan1: Creating new IBSS network, BSSID 02:44:ca:ff:ee:ee
[ 29.880000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 30.180000] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 30.250000] wlan0: Created IBSS using preconfigured BSSID 02:ca:ff:ee:ba:be
[ 30.260000] wlan0: Creating new IBSS network, BSSID 02:ca:ff:ee:ba:be
[ 30.270000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 31.030000] batman_adv: bat14: Adding interface: wlan0.14
[ 31.040000] batman_adv: bat14: The MTU of interface wlan0.14 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 31.060000] batman_adv: bat14: Interface activated: wlan0.14
[ 31.080000] br-mesh12: port 1(wlan1-2) entered forwarding state
[ 31.160000] 8021q: adding VLAN 0 to HW filter on device bat14
[ 31.170000] br-mesh14: port 1(wlan1-3) entered forwarding state
[ 31.170000] device bat14 entered promiscuous mode
[ 31.180000] br-mesh14: port 3(bat14) entered forwarding state
[ 31.180000] br-mesh14: port 3(bat14) entered forwarding state
[ 31.400000] batman_adv: bat12: Adding interface: wlan0.12
[ 31.400000] batman_adv: bat12: The MTU of interface wlan0.12 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 31.430000] batman_adv: bat12: Interface activated: wlan0.12
[ 31.460000] 8021q: adding VLAN 0 to HW filter on device bat12
[ 31.460000] device bat12 entered promiscuous mode
[ 31.470000] br-mesh12: port 3(bat12) entered forwarding state
[ 31.470000] br-mesh12: port 3(bat12) entered forwarding state
[ 31.500000] batman_adv: bat14: Adding interface: wlan1.14
[ 31.500000] batman_adv: bat14: The MTU of interface wlan1.14 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 31.530000] batman_adv: bat14: Interface activated: wlan1.14
[ 31.550000] br-mesh12: port 2(wlan0-1) entered forwarding state
[ 31.630000] br-mesh14: port 2(wlan0-2) entered forwarding state
[ 31.730000] batman_adv: bat12: Adding interface: wlan1.12
[ 31.740000] batman_adv: bat12: The MTU of interface wlan1.12 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 31.760000] batman_adv: bat12: Interface activated: wlan1.12
[ 33.180000] br-mesh14: port 3(bat14) entered forwarding state
[ 33.210000] batman_adv: bat12: Changing gw mode from: off to: client
[ 33.470000] br-mesh12: port 3(bat12) entered forwarding state
procd: - init complete -
BusyBox v1.22.1 (2014-11-24 09:32:40 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __ OLSR
| |.-----.-----.-----.| | | |.----.| |_ +
| - || _ | -__| || | | || _|| _| bat
|_______|| __|_____|__|__||________||__| |____| man
|__| W I R E L E S S F R E E D O M !!! adv
FREIFUNK LEIPZIG http://leipzig.freifunk.net
logread -f // syslog Ausgabe auf Konsole
neigh.sh // OLSR Nachbarn anzeigen
batctl -m bat12 o // batman-adv nachbarn anzeigen
iw dev wlan0 station dump // WLAN Nachbarn mit Details
traceroute -n 10.61.104.2 // Traceroute via OLSR
batctl -m bat12 tr 10.61.71.1 // Traceroute via batman-adv
ip a s // alle IPs anzeigen
ip r s t all // gesamte Routingtabelle
===============================================================
root@234-44:/#
root@234-44:/#
root@234-44:/# ping 1^2.
root@234-44:/# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: sendto: Operation not permitted
root@234-44:/#
root@234-44:/# fw3 print
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
Warning: Section 'zone_freifunk' cannot resolve device of network 'wireless1dhcp'
Warning: Option 'ffdhcp'.leasetime is unknown
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -N delegate_input
iptables -t filter -N delegate_output
iptables -t filter -N delegate_forward
iptables -t filter -N reject
iptables -t filter -N input_rule
iptables -t filter -N output_rule
iptables -t filter -N forwarding_rule
iptables -t filter -N syn_flood
iptables -t filter -N zone_lan_input
iptables -t filter -N zone_lan_output
iptables -t filter -N zone_lan_forward
iptables -t filter -N zone_lan_src_ACCEPT
iptables -t filter -N zone_lan_dest_ACCEPT
iptables -t filter -N input_lan_rule
iptables -t filter -N output_lan_rule
iptables -t filter -N forwarding_lan_rule
iptables -t filter -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
iptables -t filter -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
iptables -t filter -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
iptables -t filter -N zone_wan_input
iptables -t filter -N zone_wan_output
iptables -t filter -N zone_wan_forward
iptables -t filter -N zone_wan_src_REJECT
iptables -t filter -N zone_wan_dest_ACCEPT
iptables -t filter -N zone_wan_dest_REJECT
iptables -t filter -N input_wan_rule
iptables -t filter -N output_wan_rule
iptables -t filter -N forwarding_wan_rule
iptables -t filter -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
iptables -t filter -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
iptables -t filter -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
iptables -t filter -N zone_freifunk_input
iptables -t filter -N zone_freifunk_output
iptables -t filter -N zone_freifunk_forward
iptables -t filter -N zone_freifunk_src_ACCEPT
iptables -t filter -N zone_freifunk_dest_ACCEPT
iptables -t filter -N input_freifunk_rule
iptables -t filter -N output_freifunk_rule
iptables -t filter -N forwarding_freifunk_rule
iptables -t filter -A zone_freifunk_input -m comment --comment "user chain for input" -j input_freifunk_rule
iptables -t filter -A zone_freifunk_output -m comment --comment "user chain for output" -j output_freifunk_rule
iptables -t filter -A zone_freifunk_forward -m comment --comment "user chain for forwarding" -j forwarding_freifunk_rule
iptables -t filter -A INPUT -j delegate_input
iptables -t filter -A OUTPUT -j delegate_output
iptables -t filter -A FORWARD -j delegate_forward
iptables -t filter -A delegate_input -i lo -j ACCEPT
iptables -t filter -A delegate_output -o lo -j ACCEPT
iptables -t filter -A delegate_input -m comment --comment "user chain for input" -j input_rule
iptables -t filter -A delegate_output -m comment --comment "user chain for output" -j output_rule
iptables -t filter -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
iptables -t filter -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
iptables -t filter -A syn_flood -j DROP
iptables -t filter -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
iptables -t filter -A reject -p tcp -j REJECT --reject-with tcp-reset
iptables -t filter -A reject -j REJECT --reject-with icmp-port-unreachable
iptables -t filter -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment Allow-DHCP-Renew -j ACCEPT
iptables -t filter -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment Allow-Ping -j ACCEPT
iptables -t filter -A zone_freifunk_input -p icmp -m comment --comment "@rule[5]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 80 -m comment --comment "@rule[6]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 443 -m comment --comment "@rule[7]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 22 -m comment --comment "@rule[8]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p udp -m udp --dport 698 -m comment --comment "@rule[9]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 17990 -m comment --comment "@rule[10]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p udp -m udp --dport 53 -m comment --comment "@rule[11]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p udp -m udp --sport 68 --dport 67 -m comment --comment "@rule[12]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 8082 -m comment --comment "@rule[13]" -j ACCEPT
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> freifunk" -j zone_freifunk_dest_ACCEPT
iptables -t filter -A zone_freifunk_forward -m comment --comment "forwarding freifunk -> wan" -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_freifunk_forward -m comment --comment "forwarding freifunk -> freifunk" -j zone_freifunk_dest_ACCEPT
iptables -t filter -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_lan_input -j zone_lan_src_ACCEPT
iptables -t filter -A zone_lan_forward -j zone_lan_dest_ACCEPT
iptables -t filter -A zone_lan_output -j zone_lan_dest_ACCEPT
iptables -t filter -A zone_lan_src_ACCEPT -i br-lan -j ACCEPT
iptables -t filter -A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
iptables -t filter -A delegate_input -i br-lan -j zone_lan_input
iptables -t filter -A delegate_output -o br-lan -j zone_lan_output
iptables -t filter -A delegate_forward -i br-lan -j zone_lan_forward
iptables -t filter -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_wan_input -j zone_wan_src_REJECT
iptables -t filter -A zone_wan_forward -j zone_wan_dest_REJECT
iptables -t filter -A zone_wan_output -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_freifunk_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_freifunk_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_freifunk_input -j zone_freifunk_src_ACCEPT
iptables -t filter -A zone_freifunk_forward -j zone_freifunk_dest_ACCEPT
iptables -t filter -A zone_freifunk_output -j zone_freifunk_dest_ACCEPT
iptables -t filter -A zone_freifunk_src_ACCEPT -i wlan0 -j ACCEPT
iptables -t filter -A zone_freifunk_dest_ACCEPT -o wlan0 -j ACCEPT
iptables -t filter -A delegate_input -i wlan0 -j zone_freifunk_input
iptables -t filter -A delegate_output -o wlan0 -j zone_freifunk_output
iptables -t filter -A delegate_forward -i wlan0 -j zone_freifunk_forward
iptables -t filter -A zone_freifunk_src_ACCEPT -i wlan1 -j ACCEPT
iptables -t filter -A zone_freifunk_dest_ACCEPT -o wlan1 -j ACCEPT
iptables -t filter -A delegate_input -i wlan1 -j zone_freifunk_input
iptables -t filter -A delegate_output -o wlan1 -j zone_freifunk_output
iptables -t filter -A delegate_forward -i wlan1 -j zone_freifunk_forward
iptables -t filter -A zone_freifunk_src_ACCEPT -i eth1 -j ACCEPT
iptables -t filter -A zone_freifunk_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -A delegate_input -i eth1 -j zone_freifunk_input
iptables -t filter -A delegate_output -o eth1 -j zone_freifunk_output
iptables -t filter -A delegate_forward -i eth1 -j zone_freifunk_forward
iptables -t filter -A delegate_forward -j reject
iptables -t nat -N delegate_prerouting
iptables -t nat -N delegate_postrouting
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
iptables -t nat -N zone_lan_postrouting
iptables -t nat -N zone_lan_prerouting
iptables -t nat -N prerouting_lan_rule
iptables -t nat -N postrouting_lan_rule
iptables -t nat -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
iptables -t nat -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
iptables -t nat -N zone_wan_postrouting
iptables -t nat -N zone_wan_prerouting
iptables -t nat -N prerouting_wan_rule
iptables -t nat -N postrouting_wan_rule
iptables -t nat -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
iptables -t nat -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
iptables -t nat -N zone_freifunk_postrouting
iptables -t nat -N zone_freifunk_prerouting
iptables -t nat -N prerouting_freifunk_rule
iptables -t nat -N postrouting_freifunk_rule
iptables -t nat -A zone_freifunk_prerouting -m comment --comment "user chain for prerouting" -j prerouting_freifunk_rule
iptables -t nat -A zone_freifunk_postrouting -m comment --comment "user chain for postrouting" -j postrouting_freifunk_rule
iptables -t nat -D PREROUTING -j delegate_prerouting
iptables -t nat -A PREROUTING -j delegate_prerouting
iptables -t nat -D POSTROUTING -j delegate_postrouting
iptables -t nat -A POSTROUTING -j delegate_postrouting
iptables -t nat -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
iptables -t nat -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
iptables -t nat -D delegate_prerouting -i br-lan -j zone_lan_prerouting
iptables -t nat -A delegate_prerouting -i br-lan -j zone_lan_prerouting
iptables -t nat -D delegate_postrouting -o br-lan -j zone_lan_postrouting
iptables -t nat -A delegate_postrouting -o br-lan -j zone_lan_postrouting
iptables -t nat -A zone_wan_postrouting -j MASQUERADE
iptables -t nat -A zone_freifunk_postrouting -s 192.168.1.0/255.255.255.0 -j MASQUERADE
iptables -t nat -D delegate_prerouting -i wlan0 -j zone_freifunk_prerouting
iptables -t nat -A delegate_prerouting -i wlan0 -j zone_freifunk_prerouting
iptables -t nat -D delegate_postrouting -o wlan0 -j zone_freifunk_postrouting
iptables -t nat -A delegate_postrouting -o wlan0 -j zone_freifunk_postrouting
iptables -t nat -D delegate_prerouting -i wlan1 -j zone_freifunk_prerouting
iptables -t nat -A delegate_prerouting -i wlan1 -j zone_freifunk_prerouting
iptables -t nat -D delegate_postrouting -o wlan1 -j zone_freifunk_postrouting
iptables -t nat -A delegate_postrouting -o wlan1 -j zone_freifunk_postrouting
iptables -t nat -D delegate_prerouting -i eth1 -j zone_freifunk_prerouting
iptables -t nat -A delegate_prerouting -i eth1 -j zone_freifunk_prerouting
iptables -t nat -D delegate_postrouting -o eth1 -j zone_freifunk_postrouting
iptables -t nat -A delegate_postrouting -o eth1 -j zone_freifunk_postrouting
iptables -t mangle -N mssfix
iptables -t mangle -N fwmark
iptables -t mangle -D FORWARD -j mssfix
iptables -t mangle -A FORWARD -j mssfix
iptables -t mangle -D PREROUTING -j fwmark
iptables -t mangle -A PREROUTING -j fwmark
root@234-44:/#
root@234-44:/#
root@234-44:/# /et
root@234-44:/# /etc/
ini
root@234-44:/# /etc/init
.
root@234-44:/# /etc/init.d/
fire
root@234-44:/# /etc/init.d/firewall
restart
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
Warning: Section 'zone_freifunk' cannot resolve device of network 'wireless1dhcp'
Warning: Option 'ffdhcp'.leasetime is unknown
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Zone 'freifunk'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule #5
* Rule #6
* Rule #7
* Rule #8
* Rule #9
* Rule #10
* Rule #11
* Rule #12
* Rule #13
* Forward 'lan' -> 'wan'
* Forward 'lan' -> 'freifunk'
* Forward 'freifunk' -> 'wan'
* Forward 'freifunk' -> 'freifunk'
Warning: iptc_commit(): No chain/target/match by that name
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Zone 'freifunk'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'freifunk'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/etc/firewall.freifunk'
root@234-44:/# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=64 time=0.309 ms
^C
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.309/0.309/0.309 ms
root@234-44:/#
root@234-44:/# ping 192.168.1.1
root@234-44:/# /etc/init.d/firewall restart
root@234-44:/# fw3 print
root@234-44:/# ping 192.168.1.1
root@234-44:/# fw3 print
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
Warning: Section 'zone_freifunk' cannot resolve device of network 'wireless1dhcp'
Warning: Option 'ffdhcp'.leasetime is unknown
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -N delegate_input
iptables -t filter -N delegate_output
iptables -t filter -N delegate_forward
iptables -t filter -N reject
iptables -t filter -N input_rule
iptables -t filter -N output_rule
iptables -t filter -N forwarding_rule
iptables -t filter -N syn_flood
iptables -t filter -N zone_lan_input
iptables -t filter -N zone_lan_output
iptables -t filter -N zone_lan_forward
iptables -t filter -N zone_lan_src_ACCEPT
iptables -t filter -N zone_lan_dest_ACCEPT
iptables -t filter -N input_lan_rule
iptables -t filter -N output_lan_rule
iptables -t filter -N forwarding_lan_rule
iptables -t filter -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
iptables -t filter -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
iptables -t filter -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
iptables -t filter -N zone_wan_input
iptables -t filter -N zone_wan_output
iptables -t filter -N zone_wan_forward
iptables -t filter -N zone_wan_src_REJECT
iptables -t filter -N zone_wan_dest_ACCEPT
iptables -t filter -N zone_wan_dest_REJECT
iptables -t filter -N input_wan_rule
iptables -t filter -N output_wan_rule
iptables -t filter -N forwarding_wan_rule
iptables -t filter -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
iptables -t filter -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
iptables -t filter -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
iptables -t filter -N zone_freifunk_input
iptables -t filter -N zone_freifunk_output
iptables -t filter -N zone_freifunk_forward
iptables -t filter -N zone_freifunk_src_ACCEPT
iptables -t filter -N zone_freifunk_dest_ACCEPT
iptables -t filter -N input_freifunk_rule
iptables -t filter -N output_freifunk_rule
iptables -t filter -N forwarding_freifunk_rule
iptables -t filter -A zone_freifunk_input -m comment --comment "user chain for input" -j input_freifunk_rule
iptables -t filter -A zone_freifunk_output -m comment --comment "user chain for output" -j output_freifunk_rule
iptables -t filter -A zone_freifunk_forward -m comment --comment "user chain for forwarding" -j forwarding_freifunk_rule
iptables -t filter -A INPUT -j delegate_input
iptables -t filter -A OUTPUT -j delegate_output
iptables -t filter -A FORWARD -j delegate_forward
iptables -t filter -A delegate_input -i lo -j ACCEPT
iptables -t filter -A delegate_output -o lo -j ACCEPT
iptables -t filter -A delegate_input -m comment --comment "user chain for input" -j input_rule
iptables -t filter -A delegate_output -m comment --comment "user chain for output" -j output_rule
iptables -t filter -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
iptables -t filter -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
iptables -t filter -A syn_flood -j DROP
iptables -t filter -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
iptables -t filter -A reject -p tcp -j REJECT --reject-with tcp-reset
iptables -t filter -A reject -j REJECT --reject-with icmp-port-unreachable
iptables -t filter -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment Allow-DHCP-Renew -j ACCEPT
iptables -t filter -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment Allow-Ping -j ACCEPT
iptables -t filter -A zone_freifunk_input -p icmp -m comment --comment "@rule[5]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 80 -m comment --comment "@rule[6]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 443 -m comment --comment "@rule[7]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 22 -m comment --comment "@rule[8]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p udp -m udp --dport 698 -m comment --comment "@rule[9]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 17990 -m comment --comment "@rule[10]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p udp -m udp --dport 53 -m comment --comment "@rule[11]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p udp -m udp --sport 68 --dport 67 -m comment --comment "@rule[12]" -j ACCEPT
iptables -t filter -A zone_freifunk_input -p tcp -m tcp --dport 8082 -m comment --comment "@rule[13]" -j ACCEPT
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> freifunk" -j zone_freifunk_dest_ACCEPT
iptables -t filter -A zone_freifunk_forward -m comment --comment "forwarding freifunk -> wan" -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_freifunk_forward -m comment --comment "forwarding freifunk -> freifunk" -j zone_freifunk_dest_ACCEPT
iptables -t filter -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_lan_input -j zone_lan_src_ACCEPT
iptables -t filter -A zone_lan_forward -j zone_lan_dest_ACCEPT
iptables -t filter -A zone_lan_output -j zone_lan_dest_ACCEPT
iptables -t filter -A zone_lan_src_ACCEPT -i br-lan -j ACCEPT
iptables -t filter -A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
iptables -t filter -A delegate_input -i br-lan -j zone_lan_input
iptables -t filter -A delegate_output -o br-lan -j zone_lan_output
iptables -t filter -A delegate_forward -i br-lan -j zone_lan_forward
iptables -t filter -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_wan_input -j zone_wan_src_REJECT
iptables -t filter -A zone_wan_forward -j zone_wan_dest_REJECT
iptables -t filter -A zone_wan_output -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_freifunk_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_freifunk_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_freifunk_input -j zone_freifunk_src_ACCEPT
iptables -t filter -A zone_freifunk_forward -j zone_freifunk_dest_ACCEPT
iptables -t filter -A zone_freifunk_output -j zone_freifunk_dest_ACCEPT
iptables -t filter -A zone_freifunk_src_ACCEPT -i wlan0 -j ACCEPT
iptables -t filter -A zone_freifunk_dest_ACCEPT -o wlan0 -j ACCEPT
iptables -t filter -A delegate_input -i wlan0 -j zone_freifunk_input
iptables -t filter -A delegate_output -o wlan0 -j zone_freifunk_output
iptables -t filter -A delegate_forward -i wlan0 -j zone_freifunk_forward
iptables -t filter -A zone_freifunk_src_ACCEPT -i wlan1 -j ACCEPT
iptables -t filter -A zone_freifunk_dest_ACCEPT -o wlan1 -j ACCEPT
iptables -t filter -A delegate_input -i wlan1 -j zone_freifunk_input
iptables -t filter -A delegate_output -o wlan1 -j zone_freifunk_output
iptables -t filter -A delegate_forward -i wlan1 -j zone_freifunk_forward
iptables -t filter -A zone_freifunk_src_ACCEPT -i eth1 -j ACCEPT
iptables -t filter -A zone_freifunk_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -A delegate_input -i eth1 -j zone_freifunk_input
iptables -t filter -A delegate_output -o eth1 -j zone_freifunk_output
iptables -t filter -A delegate_forward -i eth1 -j zone_freifunk_forward
iptables -t filter -A delegate_forward -j reject
iptables -t nat -N delegate_prerouting
iptables -t nat -N delegate_postrouting
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
iptables -t nat -N zone_lan_postrouting
iptables -t nat -N zone_lan_prerouting
iptables -t nat -N prerouting_lan_rule
iptables -t nat -N postrouting_lan_rule
iptables -t nat -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
iptables -t nat -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
iptables -t nat -N zone_wan_postrouting
iptables -t nat -N zone_wan_prerouting
iptables -t nat -N prerouting_wan_rule
iptables -t nat -N postrouting_wan_rule
iptables -t nat -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
iptables -t nat -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
iptables -t nat -N zone_freifunk_postrouting
iptables -t nat -N zone_freifunk_prerouting
iptables -t nat -N prerouting_freifunk_rule
iptables -t nat -N postrouting_freifunk_rule
iptables -t nat -A zone_freifunk_prerouting -m comment --comment "user chain for prerouting" -j prerouting_freifunk_rule
iptables -t nat -A zone_freifunk_postrouting -m comment --comment "user chain for postrouting" -j postrouting_freifunk_rule
iptables -t nat -D PREROUTING -j delegate_prerouting
iptables -t nat -A PREROUTING -j delegate_prerouting
iptables -t nat -D POSTROUTING -j delegate_postrouting
iptables -t nat -A POSTROUTING -j delegate_postrouting
iptables -t nat -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
iptables -t nat -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
iptables -t nat -D delegate_prerouting -i br-lan -j zone_lan_prerouting
iptables -t nat -A delegate_prerouting -i br-lan -j zone_lan_prerouting
iptables -t nat -D delegate_postrouting -o br-lan -j zone_lan_postrouting
iptables -t nat -A delegate_postrouting -o br-lan -j zone_lan_postrouting
iptables -t nat -A zone_wan_postrouting -j MASQUERADE
iptables -t nat -A zone_freifunk_postrouting -s 192.168.1.0/255.255.255.0 -j MASQUERADE
iptables -t nat -D delegate_prerouting -i wlan0 -j zone_freifunk_prerouting
iptables -t nat -A delegate_prerouting -i wlan0 -j zone_freifunk_prerouting
iptables -t nat -D delegate_postrouting -o wlan0 -j zone_freifunk_postrouting
iptables -t nat -A delegate_postrouting -o wlan0 -j zone_freifunk_postrouting
iptables -t nat -D delegate_prerouting -i wlan1 -j zone_freifunk_prerouting
iptables -t nat -A delegate_prerouting -i wlan1 -j zone_freifunk_prerouting
iptables -t nat -D delegate_postrouting -o wlan1 -j zone_freifunk_postrouting
iptables -t nat -A delegate_postrouting -o wlan1 -j zone_freifunk_postrouting
iptables -t nat -D delegate_prerouting -i eth1 -j zone_freifunk_prerouting
iptables -t nat -A delegate_prerouting -i eth1 -j zone_freifunk_prerouting
iptables -t nat -D delegate_postrouting -o eth1 -j zone_freifunk_postrouting
iptables -t nat -A delegate_postrouting -o eth1 -j zone_freifunk_postrouting
iptables -t mangle -N mssfix
iptables -t mangle -N fwmark
iptables -t mangle -D FORWARD -j mssfix
iptables -t mangle -A FORWARD -j mssfix
iptables -t mangle -D PREROUTING -j fwmark
iptables -t mangle -A PREROUTING -j fwmark
root@234-44:/#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment