Ticket #13141: fw3_6_print_broken.txt

File fw3_6_print_broken.txt, 6.4 KB (added by hnyman <hannu.nyman@…>, 5 years ago)
1root@OpenWrt:~# fw3 -6 print
2Warning: Unable to locate ipset utility, disabling ipset support
3Warning: Section @zone[1] (wan) cannot resolve device of network 'Sierra3g'
4Warning: Section @zone[1] (wan) cannot resolve device of network 'henet'
5Warning: Option @rule[0]._name is unknown
6Warning: Option @rule[1]._name is unknown
7Warning: Option @rule[2]._name is unknown
8Warning: Option @rule[3]._name is unknown
9Warning: Option @rule[4]._name is unknown
10Warning: Option @rule[7]._name is unknown
11Warning: Option @rule[8]._name is unknown
12Warning: Option @rule[9]._name is unknown
13Warning: Option @rule[10]._name is unknown
14Warning: Option @redirect[0]._name is unknown
15Warning: Option @redirect[1]._name is unknown
16Warning: Option @redirect[2]._name is unknown
17Warning: Option @redirect[3]._name is unknown
18Warning: Option @redirect[4]._name is unknown
23:delegate_input - [0:0]
24:delegate_output - [0:0]
25:delegate_forward - [0:0]
26:reject - [0:0]
27:syn_flood - [0:0]
28:zone_lan_input - [0:0]
29:zone_lan_output - [0:0]
30:zone_lan_forward - [0:0]
31:zone_lan_src_ACCEPT - [0:0]
32:zone_lan_dest_ACCEPT - [0:0]
33:zone_lan_dest_REJECT - [0:0]
34-A zone_lan_input -j input_lan_rule -m comment --comment "user chain for lan input"
35-A zone_lan_output -j output_lan_rule -m comment --comment "user chain for lan output"
36-A zone_lan_forward -j forwarding_lan_rule -m comment --comment "user chain for lan forwarding"
37:zone_wan_input - [0:0]
38:zone_wan_output - [0:0]
39:zone_wan_forward - [0:0]
40:zone_wan_src_REJECT - [0:0]
41:zone_wan_dest_ACCEPT - [0:0]
42:zone_wan_dest_REJECT - [0:0]
43-A zone_wan_input -j input_wan_rule -m comment --comment "user chain for wan input"
44-A zone_wan_output -j output_wan_rule -m comment --comment "user chain for wan output"
45-A zone_wan_forward -j forwarding_wan_rule -m comment --comment "user chain for wan forwarding"
46-A INPUT -j delegate_input
47-A OUTPUT -j delegate_output
48-A FORWARD -j delegate_forward
49-A delegate_input -i lo -j ACCEPT
50-A delegate_output -o lo -j ACCEPT
51-A delegate_input -j input_rule -m comment --comment "user chain for input"
52-A delegate_output -j output_rule -m comment --comment "user chain for output"
53-A delegate_forward -j forwarding_rule -m comment --comment "user chain for forwarding"
54-A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
55-A delegate_input -m conntrack --ctstate INVALID -j DROP
56-A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
57-A delegate_output -m conntrack --ctstate INVALID -j DROP
58-A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
59-A delegate_forward -m conntrack --ctstate INVALID -j DROP
60-A syn_flood -p tcp --syn -m limit --limit 25/second --limit-burst 50 -j RETURN
61-A syn_flood -j DROP
62-A delegate_input -p tcp --syn -j syn_flood
63-A reject -p tcp -j REJECT --reject-with tcp-reset
64-A reject -j REJECT --reject-with port-unreach
65-A zone_wan_input -p 17 -s fe80::/10 -d fe80::/10 --sport 547 --dport 546 -j ACCEPT
66-A zone_wan_input -p 58 --icmpv6-type 128 -m limit --limit 1000/second -j ACCEPT
67-A zone_wan_input -p 58 --icmpv6-type 129 -m limit --limit 1000/second -j ACCEPT
68-A zone_wan_input -p 58 --icmpv6-type 1 -m limit --limit 1000/second -j ACCEPT
69-A zone_wan_input -p 58 --icmpv6-type 2 -m limit --limit 1000/second -j ACCEPT
70-A zone_wan_input -p 58 --icmpv6-type 3 -m limit --limit 1000/second -j ACCEPT
71-A zone_wan_input -p 58 --icmpv6-type 4/0 -m limit --limit 1000/second -j ACCEPT
72-A zone_wan_input -p 58 --icmpv6-type 4/1 -m limit --limit 1000/second -j ACCEPT
73-A zone_wan_input -p 58 --icmpv6-type 133 -m limit --limit 1000/second -j ACCEPT
74-A zone_wan_input -p 58 --icmpv6-type 135 -m limit --limit 1000/second -j ACCEPT
75-A zone_wan_input -p 58 --icmpv6-type 134 -m limit --limit 1000/second -j ACCEPT
76-A zone_wan_input -p 58 --icmpv6-type 136 -m limit --limit 1000/second -j ACCEPT
77-A zone_wan_forward -p 58 --icmpv6-type 128 -m limit --limit 1000/second -j ACCEPT
78-A zone_wan_forward -p 58 --icmpv6-type 129 -m limit --limit 1000/second -j ACCEPT
79-A zone_wan_forward -p 58 --icmpv6-type 1 -m limit --limit 1000/second -j ACCEPT
80-A zone_wan_forward -p 58 --icmpv6-type 2 -m limit --limit 1000/second -j ACCEPT
81-A zone_wan_forward -p 58 --icmpv6-type 3 -m limit --limit 1000/second -j ACCEPT
82-A zone_wan_forward -p 58 --icmpv6-type 4/0 -m limit --limit 1000/second -j ACCEPT
83-A zone_wan_forward -p 58 --icmpv6-type 4/1 -m limit --limit 1000/second -j ACCEPT
84-A delegate_forward -p all -s fc00::/7 -m comment --comment "Enforce-ULA-Border-Src" -j zone_wan_dest_REJECT
85-A delegate_forward -p all -d fc00::/7 -m comment --comment "Enforce-ULA-Border-Dest" -j zone_wan_dest_REJECT
86-A zone_wan_forward -p 17 --dport 49001 -j zone_lan_dest_ACCEPT
87-A zone_wan_forward -p 6 --dport 18622 -j zone_lan_dest_ACCEPT
88-A zone_wan_forward -p 17 --dport 18622 -j zone_lan_dest_ACCEPT
89-A zone_lan_forward -m comment --comment "forwarding lan->wan" -j zone_wan_dest_ACCEPT
90-A zone_lan_input -j zone_lan_src_ACCEPT
91-A zone_lan_forward -j zone_lan_dest_REJECT
92-A zone_lan_output -j zone_lan_dest_ACCEPT
93-A zone_lan_src_ACCEPT -i br-lan -j ACCEPT
94-A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
95-A zone_lan_dest_REJECT -o br-lan -j reject
96-A delegate_input -i br-lan -j zone_lan_input
97-A delegate_forward -i br-lan -j zone_lan_forward
98-A delegate_output -o br-lan -j zone_lan_output
99-A zone_wan_input -j zone_wan_src_REJECT
100-A zone_wan_forward -j zone_wan_dest_REJECT
101-A zone_wan_output -j zone_wan_dest_ACCEPT
102-A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
103-A zone_wan_src_REJECT -i eth1 -j reject
104-A zone_wan_dest_REJECT -o eth1 -j reject
105-A delegate_input -i eth1 -j zone_wan_input
106-A delegate_forward -i eth1 -j zone_wan_forward
107-A delegate_output -o eth1 -j zone_wan_output
108-A zone_wan_dest_ACCEPT -o 6in4-sixxs -j ACCEPT
109-A zone_wan_src_REJECT -i 6in4-sixxs -j reject
110-A zone_wan_dest_REJECT -o 6in4-sixxs -j reject
111-A delegate_input -i 6in4-sixxs -j zone_wan_input
112-A delegate_forward -i 6in4-sixxs -j zone_wan_forward
113-A delegate_output -o 6in4-sixxs -j zone_wan_output
114-A delegate_forward -j reject
117:mssfix - [0:0]
118-A FORWARD -j mssfix
119-A mssfix -o eth1 -p tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
120-A mssfix -o 6in4-sixxs -p tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
123:notrack - [0:0]
124-A PREROUTING -j notrack