Ребят такая проблема, есть роутер МГТС, там есть ipv6, но по каким-то причинам, он только пингуется из вне, а так чтобы попасть на какой-то порт не пускает... Вот думаю это провайдер глушит все порты на ipv6 кроме пинга или это iptables?
Поднял на 2222 порту SSH, из вне никак к нему не подключится, пишет следующее: The checked port (2222, service EtherNet/IP-1) is offline/unreachable
Reason: Connection refused (111)
iptables-save моего роутера... Посмотрите пож-та.
# Generated by iptables-save v1.4.16.3 on Fri Aug 14 12:06:49 2020
*raw
:PREROUTING ACCEPT [56800:10255250]
:OUTPUT ACCEPT [29614:30538625]
:HIGH_PRI_PACKETS - [0:0]
:HIGH_RING_SESSION - [0:0]
:RAW_PRE_ALGS - [0:0]
-A PREROUTING -j RAW_PRE_ALGS
-A PREROUTING -j HIGH_RING_SESSION
-A PREROUTING -j HIGH_PRI_PACKETS
-A OUTPUT -p udp -m multiport --sports 5060 -j CT --helper sip
-A HIGH_RING_SESSION -p igmp -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p ipv6-icmp -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --sport 123 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --sport 67 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --sport 68 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --dport 67 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --dport 68 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --sport 53 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --dport 53 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --sport 546 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --sport 547 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --dport 546 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --dport 547 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p udp -m udp --dport 5060 -j MARK --set-xmark 0x100000/0x100000
-A HIGH_RING_SESSION -p tcp -m tcp --dport 7547 -j MARK --set-xmark 0x100000/0x100000
-A RAW_PRE_ALGS -p tcp -m multiport --dports 21 -j CT --helper ftp
-A RAW_PRE_ALGS -p tcp -m multiport --sports 21 -j CT --helper ftp
-A RAW_PRE_ALGS -p udp -m multiport --dports 69 -j CT --helper tftp
-A RAW_PRE_ALGS -p udp -m multiport --sports 69 -j CT --helper tftp
-A RAW_PRE_ALGS -p tcp -m multiport --dports 6667 -j CT --helper irc
-A RAW_PRE_ALGS -p tcp -m multiport --sports 6667 -j CT --helper irc
-A RAW_PRE_ALGS -p tcp -m multiport --dports 1723 -j CT --helper pptp
-A RAW_PRE_ALGS -p tcp -m multiport --sports 1723 -j CT --helper pptp
-A RAW_PRE_ALGS -p tcp -m multiport --dports 554 -j CT --helper rtsp
-A RAW_PRE_ALGS -p tcp -m multiport --sports 554 -j CT --helper rtsp
-A RAW_PRE_ALGS -p udp -m udp --sport 500 --dport 500 -j CT --helper ipsec
-A RAW_PRE_ALGS -p udp -m udp --sport 500 --dport 500 -j CT --helper ipsec
-A RAW_PRE_ALGS -p udp -m multiport --dports 1719 -j CT --helper RAS
-A RAW_PRE_ALGS -p udp -m multiport --sports 1719 -j CT --helper RAS
-A RAW_PRE_ALGS -p tcp -m multiport --dports 1720 -j CT --helper Q.931
-A RAW_PRE_ALGS -p tcp -m multiport --sports 1720 -j CT --helper Q.931
COMMIT
# Completed on Fri Aug 14 12:06:49 2020
# Generated by iptables-save v1.4.16.3 on Fri Aug 14 12:06:49 2020
*nat
:PREROUTING ACCEPT [50663:9219756]
:INPUT ACCEPT [4908:495637]
:OUTPUT ACCEPT [10971:1260971]
:POSTROUTING ACCEPT [10695:1178121]
:POST_DMZ - [0:0]
:POST_DMZ_WAN0 - [0:0]
:POST_DMZ_WAN1 - [0:0]
:POST_LOCAL - [0:0]
:POST_NAT - [0:0]
:POST_NAT_WAN0 - [0:0]
:POST_NAT_WAN1 - [0:0]
:POST_PORT_MAP - [0:0]
:POST_PORT_MAP_WAN0 - [0:0]
:POST_PORT_MAP_WAN1 - [0:0]
:POST_PORT_TRG - [0:0]
:POST_PORT_TRG_WAN0 - [0:0]
:POST_PORT_TRG_WAN1 - [0:0]
:POST_SNAT - [0:0]
:POST_SNAT_WAN0 - [0:0]
:POST_SNAT_WAN1 - [0:0]
:PRE_DMZ - [0:0]
:PRE_DMZ_WAN0 - [0:0]
:PRE_DMZ_WAN1 - [0:0]
:PRE_LOCAL - [0:0]
:PRE_MGNT_LAN - [0:0]
:PRE_MGNT_WAN - [0:0]
:PRE_PORT_MAP - [0:0]
:PRE_PORT_MAP_WAN0 - [0:0]
:PRE_PORT_MAP_WAN1 - [0:0]
:PRE_PORT_TRG - [0:0]
:PRE_PORT_TRG_WAN0 - [0:0]
:PRE_PORT_TRG_WAN1 - [0:0]
:PRE_SNAT - [0:0]
:PRE_SNAT_WAN0 - [0:0]
:PRE_SNAT_WAN1 - [0:0]
:PRE_UPNP - [0:0]
-A PREROUTING -j PRE_LOCAL
-A PREROUTING -j PRE_SNAT
-A PREROUTING -j PRE_PORT_TRG
-A PREROUTING -j PRE_PORT_MAP
-A PREROUTING -j PRE_UPNP
-A PREROUTING -j PRE_DMZ
-A POSTROUTING -j POST_LOCAL
-A POSTROUTING -j POST_SNAT
-A POSTROUTING -j POST_DMZ
-A POSTROUTING -j POST_PORT_TRG
-A POSTROUTING -j POST_PORT_MAP
-A POSTROUTING -j POST_NAT
-A POST_DMZ -m connmark ! --mark 0x2/0x3e -j POST_DMZ_WAN1
-A POST_DMZ -m connmark ! --mark 0x2/0x3e -j POST_DMZ_WAN0
-A POST_NAT -o nas1 -j POST_NAT_WAN1
-A POST_NAT -o nas0 -j POST_NAT_WAN0
-A POST_NAT_WAN0 -s 192.168.0.0/16 -o nas0 -j MASQUERADE
-A POST_NAT_WAN0 -s 172.16.0.0/12 -o nas0 -j MASQUERADE
-A POST_NAT_WAN0 -s 10.0.0.0/8 -o nas0 -j MASQUERADE
-A POST_NAT_WAN1 -s 192.168.0.0/16 -o nas1 -j MASQUERADE
-A POST_NAT_WAN1 -s 172.16.0.0/12 -o nas1 -j MASQUERADE
-A POST_NAT_WAN1 -s 10.0.0.0/8 -o nas1 -j MASQUERADE
-A POST_PORT_MAP -m connmark ! --mark 0x2/0x3e -j POST_PORT_MAP_WAN1
-A POST_PORT_MAP -m connmark ! --mark 0x2/0x3e -j POST_PORT_MAP_WAN0
-A POST_PORT_MAP_WAN0 -s 192.168.1.0/24 -d 192.168.1.74/32 -p tcp -m tcp --dport 2222 -j SNAT --to-source 10.132.33.183
-A POST_PORT_TRG -o nas1 -j POST_PORT_TRG_WAN1
-A POST_PORT_TRG -o nas0 -j POST_PORT_TRG_WAN0
-A POST_SNAT -o nas1 -j POST_SNAT_WAN1
-A POST_SNAT -o nas0 -j POST_SNAT_WAN0
-A PRE_DMZ -j PRE_DMZ_WAN1
-A PRE_DMZ -j PRE_DMZ_WAN0
-A PRE_LOCAL -m helper --helper sip -j ACCEPT
-A PRE_LOCAL ! -i br0 -p udp -m udp --dport 68 -j ACCEPT
-A PRE_LOCAL -i br0 -j PRE_MGNT_LAN
-A PRE_LOCAL ! -i br0 -j PRE_MGNT_WAN
-A PRE_LOCAL -i nas0 -p tcp -m tcp --dport 7547 -j ACCEPT
-A PRE_MGNT_LAN -i br0 -p tcp -m tcp --dport 80 -j DNAT --to-destination :80
-A PRE_MGNT_LAN -i br0 -p tcp -m tcp --dport 23 -j DNAT --to-destination :23
-A PRE_MGNT_LAN -i br0 -p tcp -m tcp --dport 22 -j DNAT --to-destination :22
-A PRE_MGNT_WAN -i nas0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination :80
-A PRE_PORT_MAP -j PRE_PORT_MAP_WAN1
-A PRE_PORT_MAP -j PRE_PORT_MAP_WAN0
-A PRE_PORT_MAP_WAN0 -d 10.132.33.183/32 -p tcp -m tcp --dport 8888 -j DNAT --to-destination 192.168.1.74:2222 --base 8888
-A PRE_PORT_TRG -i nas1 -j PRE_PORT_TRG_WAN1
-A PRE_PORT_TRG -i nas0 -j PRE_PORT_TRG_WAN0
-A PRE_SNAT -i nas1 -j PRE_SNAT_WAN1
-A PRE_SNAT -i nas0 -j PRE_SNAT_WAN0
COMMIT
# Completed on Fri Aug 14 12:06:49 2020
# Generated by iptables-save v1.4.16.3 on Fri Aug 14 12:06:49 2020
*mangle
:PREROUTING ACCEPT [174662:34786758]
:INPUT ACCEPT [84792:10583073]
:FORWARD ACCEPT [44033:15567447]
:OUTPUT ACCEPT [76207:45011655]
:POSTROUTING ACCEPT [120841:60600093]
:DNS_DSCP - [0:0]
:DNS_PBIT - [0:0]
:IGMP_DSCP - [0:0]
:IGMP_PBIT - [0:0]
:IP_PING_DSCP - [0:0]
:IP_PING_PBIT - [0:0]
:MGNT_DSCP - [0:0]
:MGNT_PBIT - [0:0]
:NTP_DSCP - [0:0]
:NTP_PBIT - [0:0]
:OUTPUT_QOS_CLS_POLICY - [0:0]
:POST_QOS_CLS_POLICY - [0:0]
:POST_QOS_CLS_POLICY_WAN - [0:0]
:PRE_DRP - [0:0]
:PRE_QOS_CLS_POLICY - [0:0]
:PRE_QOS_CLS_POLICY_WAN - [0:0]
:PRE_QOS_CLS_WLAN_MAIN - [0:0]
:PRE_RP - [0:0]
:REMOTE_ACCESS - [0:0]
:VOIP - [0:0]
-A PREROUTING -i br0 -j PRE_DRP
-A PREROUTING -i br0 -j PRE_RP
-A PREROUTING -j REMOTE_ACCESS
-A PREROUTING -j PRE_QOS_CLS_POLICY
-A FORWARD -o br0 -m dscp --dscp 0x08 -j SC_MARK --set-xmark 0x400/0xffffffff
-A FORWARD -o br0 -m dscp --dscp 0x08 -j RETURN
-A OUTPUT -j MGNT_DSCP
-A OUTPUT -j MGNT_PBIT
-A OUTPUT -j VOIP
-A OUTPUT -j DNS_DSCP
-A OUTPUT -j DNS_PBIT
-A OUTPUT -j IGMP_DSCP
-A OUTPUT -j IGMP_PBIT
-A OUTPUT -j IP_PING_DSCP
-A OUTPUT -j IP_PING_PBIT
-A OUTPUT -p udp -m udp --dport 123 -j NTP_DSCP
-A OUTPUT -p udp -m udp --dport 123 -j NTP_PBIT
-A OUTPUT -j OUTPUT_QOS_CLS_POLICY
-A POSTROUTING -j POST_QOS_CLS_POLICY
-A POST_QOS_CLS_POLICY -o nas0+ -j POST_QOS_CLS_POLICY_WAN
-A POST_QOS_CLS_POLICY -o nas1+ -j POST_QOS_CLS_POLICY_WAN
-A POST_QOS_CLS_POLICY -o nas2+ -j POST_QOS_CLS_POLICY_WAN
-A POST_QOS_CLS_POLICY -o nas3+ -j POST_QOS_CLS_POLICY_WAN
-A POST_QOS_CLS_POLICY -o nas4+ -j POST_QOS_CLS_POLICY_WAN
-A POST_QOS_CLS_POLICY -o ppp+ -j POST_QOS_CLS_POLICY_WAN
-A PRE_QOS_CLS_POLICY -i nas0+ -j PRE_QOS_CLS_POLICY_WAN
-A PRE_QOS_CLS_POLICY -i nas1+ -j PRE_QOS_CLS_POLICY_WAN
-A PRE_QOS_CLS_POLICY -i nas2+ -j PRE_QOS_CLS_POLICY_WAN
-A PRE_QOS_CLS_POLICY -i nas3+ -j PRE_QOS_CLS_POLICY_WAN
-A PRE_QOS_CLS_POLICY -i nas4+ -j PRE_QOS_CLS_POLICY_WAN
-A PRE_QOS_CLS_POLICY -i ppp+ -j PRE_QOS_CLS_POLICY_WAN
-A PRE_QOS_CLS_POLICY -i ra0 -j PRE_QOS_CLS_WLAN_MAIN
-A PRE_QOS_CLS_POLICY -i ra1 -j PRE_QOS_CLS_WLAN_MAIN
-A REMOTE_ACCESS -i br0 -p tcp -m tcp --dport 80 -j CONNMARK --set-xmark 0x1/0x1
-A REMOTE_ACCESS -i br0 -p tcp -m tcp --dport 23 -j CONNMARK --set-xmark 0x1/0x1
-A REMOTE_ACCESS -i br0 -p tcp -m tcp --dport 22 -j CONNMARK --set-xmark 0x1/0x1
-A REMOTE_ACCESS -i nas0 -p tcp -m tcp --dport 8080 -j CONNMARK --set-xmark 0x1/0x1
-A VOIP -p udp -m udp --sport 5060 -j MARK --set-xmark 0x200000/0x200000
-A VOIP -p udp -m udp --sport 50000:60000 -j MARK --set-xmark 0x200000/0x200000
-A VOIP -p udp -m udp --sport 5060 -j MARK --set-xmark 0x1000000/0x1c00000
-A VOIP -p udp -m udp --sport 50000:60000 -j MARK --set-xmark 0x1800000/0x1c00000
COMMIT
# Completed on Fri Aug 14 12:06:49 2020
# Generated by iptables-save v1.4.16.3 on Fri Aug 14 12:06:49 2020
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [444:52773]
:FWD_ADVANCED - [0:0]
:FWD_ALGS - [0:0]
:FWD_ALGS_H.245 - [0:0]
:FWD_ALGS_Q.931 - [0:0]
:FWD_ALGS_RAS - [0:0]
:FWD_ALGS_ftp - [0:0]
:FWD_ALGS_ipsec - [0:0]
:FWD_ALGS_irc - [0:0]
:FWD_ALGS_l2tp - [0:0]
:FWD_ALGS_pptp - [0:0]
:FWD_ALGS_rtsp - [0:0]
:FWD_ALGS_sip - [0:0]
:FWD_ALGS_tftp - [0:0]
:FWD_DMZ - [0:0]
:FWD_DMZ_WAN0 - [0:0]
:FWD_DMZ_WAN1 - [0:0]
:FWD_DOS_WAN0 - [0:0]
:FWD_DOS_WAN1 - [0:0]
:FWD_FW - [0:0]
:FWD_GENERAL - [0:0]
:FWD_ICMP - [0:0]
:FWD_LOCK - [0:0]
:FWD_LOCK_LAN - [0:0]
:FWD_LOCK_WAN0 - [0:0]
:FWD_LOCK_WAN1 - [0:0]
:FWD_PARENT_CTRL - [0:0]
:FWD_POLICY - [0:0]
:FWD_POLICY_IN_LAN - [0:0]
:FWD_POLICY_IN_WAN0 - [0:0]
:FWD_POLICY_IN_WAN1 - [0:0]
:FWD_POLICY_OUT_LAN - [0:0]
:FWD_POLICY_OUT_WAN0 - [0:0]
:FWD_POLICY_OUT_WAN1 - [0:0]
:FWD_PORT_MAP - [0:0]
:FWD_PORT_MAP_WAN0 - [0:0]
:FWD_PORT_MAP_WAN1 - [0:0]
:FWD_PORT_TRG - [0:0]
:FWD_PORT_TRG_WAN0 - [0:0]
:FWD_PORT_TRG_WAN1 - [0:0]
:FWD_SHORT - [0:0]
:FWD_SKIP - [0:0]
:FWD_SNAT - [0:0]
:FWD_SNAT_WAN0 - [0:0]
:FWD_SNAT_WAN1 - [0:0]
:FWD_SPI - [0:0]
:FWD_TCPMSS - [0:0]
:FWD_TCPSCAN0 - [0:0]
:FWD_TCPSCAN1 - [0:0]
:FWD_UPNP - [0:0]
:FWD_URL_FILTER - [0:0]
:FWD_VPN - [0:0]
:FWD_WHITE_BLACK - [0:0]
:INPUT_DOS_LAN - [0:0]
:INPUT_DOS_WAN0 - [0:0]
:INPUT_DOS_WAN1 - [0:0]
:INPUT_FRAGGLE_LAN - [0:0]
:INPUT_FRAGGLE_WAN0 - [0:0]
:INPUT_FRAGGLE_WAN1 - [0:0]
:INPUT_FW - [0:0]
:INPUT_LAN_SRC - [0:0]
:INPUT_MGNT - [0:0]
:INPUT_MGNT_LAN - [0:0]
:INPUT_MGNT_WAN - [0:0]
:INPUT_MGNT_WAN0 - [0:0]
:INPUT_MGNT_WAN1 - [0:0]
:INPUT_MGNT_WAN_TRUST_NETWORK - [0:0]
:INPUT_REPLY_PING - [0:0]
:INPUT_RESPONSE_PING - [0:0]
:INPUT_SHORT - [0:0]
:INPUT_SMURF_LAN - [0:0]
:INPUT_SMURF_WAN0 - [0:0]
:INPUT_SMURF_WAN1 - [0:0]
:INPUT_SPI - [0:0]
:INPUT_TCPSCAN0 - [0:0]
:INPUT_TCPSCAN1 - [0:0]
:INPUT_WAN_SERVICE0 - [0:0]
:INPUT_WAN_SERVICE1 - [0:0]
:INPUT_WINNUKE_LAN - [0:0]
:INPUT_WINNUKE_WAN0 - [0:0]
:INPUT_WINNUKE_WAN1 - [0:0]
:udpEcho_packets - [0:0]
-A INPUT -p igmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_MGNT
-A INPUT -j INPUT_SHORT
-A INPUT -j INPUT_REPLY_PING
-A INPUT -j INPUT_FW
-A INPUT -j INPUT_SPI
-A INPUT -i eth0.6.10 -j ACCEPT
-A INPUT -j udpEcho_packets
-A FORWARD -j FWD_WHITE_BLACK
-A FORWARD -j FWD_SKIP
-A FORWARD -j FWD_PARENT_CTRL
-A FORWARD -j FWD_URL_FILTER
-A FORWARD -j FWD_GENERAL
-A FORWARD -j FWD_TCPMSS
-A FORWARD -j FWD_LOCK
-A FORWARD -j FWD_POLICY
-A FORWARD -j FWD_ADVANCED
-A FORWARD -j FWD_SHORT
-A FORWARD -j FWD_PORT_TRG
-A FORWARD -j FWD_SNAT
-A FORWARD -j FWD_PORT_MAP
-A FORWARD -j FWD_UPNP
-A FORWARD -j FWD_DMZ
-A FORWARD -j FWD_VPN
-A FORWARD -j FWD_ALGS
-A FORWARD -j FWD_FW
-A FORWARD -j FWD_SPI
-A FORWARD -j FWD_ICMP
-A OUTPUT -j CONNMARK --set-xmark 0x2/0x3e
-A OUTPUT -o br0 -p icmp -j ACCEPT
-A OUTPUT -p icmp -m conntrack --ctstate INVALID -j DROP
-A FWD_ALGS -j FWD_ALGS_l2tp
-A FWD_ALGS -j FWD_ALGS_ftp
-A FWD_ALGS -j FWD_ALGS_tftp
-A FWD_ALGS -j FWD_ALGS_sip
-A FWD_ALGS -j FWD_ALGS_pptp
-A FWD_ALGS -j FWD_ALGS_rtsp
-A FWD_ALGS -j FWD_ALGS_ipsec
-A FWD_ALGS -j FWD_ALGS_irc
-A FWD_ALGS -j FWD_ALGS_RAS
-A FWD_ALGS -j FWD_ALGS_Q.931
-A FWD_ALGS -j FWD_ALGS_H.245
-A FWD_ALGS_Q.931 -p tcp -m multiport --sports 1720 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_Q.931 -p tcp -m multiport --dports 1720 -j ACCEPT
-A FWD_ALGS_Q.931 -m helper --helper "Q.931" -j ACCEPT
-A FWD_ALGS_RAS -p udp -m multiport --dports 1718 -j ACCEPT
-A FWD_ALGS_RAS -p udp -m multiport --sports 1718 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_RAS -p udp -m multiport --sports 1719 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_RAS -p udp -m multiport --dports 1719 -j ACCEPT
-A FWD_ALGS_RAS -m helper --helper RAS -j ACCEPT
-A FWD_ALGS_RAS -p tcp -m multiport --dports 1503 -j ACCEPT
-A FWD_ALGS_RAS -p tcp -m multiport --sports 1503 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_ftp -p tcp -m multiport --sports 21 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_ftp -p tcp -m multiport --dports 21 -j ACCEPT
-A FWD_ALGS_ftp -m helper --helper ftp -j ACCEPT
-A FWD_ALGS_ipsec -p esp -j ACCEPT
-A FWD_ALGS_ipsec -p ah -j ACCEPT
-A FWD_ALGS_ipsec -p udp -m udp --sport 500 --dport 500 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_ipsec -p udp -m udp --sport 500 --dport 500 -j ACCEPT
-A FWD_ALGS_ipsec -m helper --helper ipsec -j ACCEPT
-A FWD_ALGS_irc -p tcp -m multiport --sports 6667 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_irc -p tcp -m multiport --dports 6667 -j ACCEPT
-A FWD_ALGS_irc -m helper --helper irc -j ACCEPT
-A FWD_ALGS_l2tp -p udp -m multiport --sports 1701 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_l2tp -p udp -m multiport --dports 1701 -j ACCEPT
-A FWD_ALGS_pptp -p tcp -m multiport --sports 1723 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_pptp -p tcp -m multiport --dports 1723 -j ACCEPT
-A FWD_ALGS_pptp -m helper --helper pptp -j ACCEPT
-A FWD_ALGS_rtsp -p tcp -m multiport --sports 554 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_rtsp -p tcp -m multiport --dports 554 -j ACCEPT
-A FWD_ALGS_rtsp -m helper --helper rtsp -j ACCEPT
-A FWD_ALGS_tftp -p udp -m multiport --sports 69 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FWD_ALGS_tftp -p udp -m multiport --dports 69 -j ACCEPT
-A FWD_ALGS_tftp -m helper --helper tftp -j ACCEPT
-A FWD_DMZ -i nas1 -j FWD_DMZ_WAN1
-A FWD_DMZ -i nas0 -j FWD_DMZ_WAN0
-A FWD_DOS_WAN0 -p udp -m limit --limit 100/sec --limit-burst 100 -m conntrack --ctstate INVALID,NEW -j RETURN
-A FWD_DOS_WAN0 -p udp -m limit --limit 1/min --limit-burst 1 -m conntrack --ctstate INVALID,NEW -j LOG --log-prefix "{Firewall-33554433,300} UDP flood attack from WAN0 has been detected,"
-A FWD_DOS_WAN0 -p udp -m conntrack --ctstate INVALID,NEW -j DROP
-A FWD_DOS_WAN1 -p udp -m limit --limit 100/sec --limit-burst 100 -m conntrack --ctstate INVALID,NEW -j RETURN
-A FWD_DOS_WAN1 -p udp -m limit --limit 1/min --limit-burst 1 -m conntrack --ctstate INVALID,NEW -j LOG --log-prefix "{Firewall-33554433,300} UDP flood attack from WAN1 has been detected,"
-A FWD_DOS_WAN1 -p udp -m conntrack --ctstate INVALID,NEW -j DROP
-A FWD_FW -i nas1 -p udp -j FWD_DOS_WAN1
-A FWD_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j FWD_TCPSCAN1
-A FWD_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j FWD_TCPSCAN1
-A FWD_FW -i nas1 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j FWD_TCPSCAN1
-A FWD_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j FWD_TCPSCAN1
-A FWD_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j FWD_TCPSCAN1
-A FWD_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j FWD_TCPSCAN1
-A FWD_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j FWD_TCPSCAN1
-A FWD_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG RST -j FWD_TCPSCAN1
-A FWD_FW -i nas0 -p udp -j FWD_DOS_WAN0
-A FWD_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j FWD_TCPSCAN0
-A FWD_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j FWD_TCPSCAN0
-A FWD_FW -i nas0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j FWD_TCPSCAN0
-A FWD_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j FWD_TCPSCAN0
-A FWD_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j FWD_TCPSCAN0
-A FWD_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j FWD_TCPSCAN0
-A FWD_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j FWD_TCPSCAN0
-A FWD_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG RST -j FWD_TCPSCAN0
-A FWD_ICMP -i br0 -p icmp -j ACCEPT
-A FWD_LOCK -i br0 ! -o br0 -j FWD_LOCK_LAN
-A FWD_LOCK -i nas1 -j FWD_LOCK_WAN1
-A FWD_LOCK -i nas0 -j FWD_LOCK_WAN0
-A FWD_POLICY -i br0 -j FWD_POLICY_IN_LAN
-A FWD_POLICY -o br0 -j FWD_POLICY_OUT_LAN
-A FWD_POLICY -i nas1 -j FWD_POLICY_IN_WAN1
-A FWD_POLICY -o nas1 -j FWD_POLICY_OUT_WAN1
-A FWD_POLICY -i nas0 -j FWD_POLICY_IN_WAN0
-A FWD_POLICY -o nas0 -j FWD_POLICY_OUT_WAN0
-A FWD_PORT_MAP -i nas1 -j FWD_PORT_MAP_WAN1
-A FWD_PORT_MAP -i nas0 -j FWD_PORT_MAP_WAN0
-A FWD_PORT_MAP_WAN0 -d 192.168.1.74/32 -i nas0 -j LOG --log-prefix "[PortMapping], ACCEPT"
-A FWD_PORT_MAP_WAN0 -d 192.168.1.74/32 -i nas0 -j ACCEPT
-A FWD_PORT_TRG -i nas1 -j FWD_PORT_TRG_WAN1
-A FWD_PORT_TRG -i nas0 -j FWD_PORT_TRG_WAN0
-A FWD_SHORT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FWD_SHORT -p icmp -m conntrack --ctstate RELATED -j ACCEPT
-A FWD_SKIP -d 224.0.0.0/4 -j ACCEPT
-A FWD_SNAT -i nas1 -j FWD_SNAT_WAN1
-A FWD_SNAT -i nas0 -j FWD_SNAT_WAN0
-A FWD_SPI -i br0 -m conntrack --ctstate NEW -j ACCEPT
-A FWD_TCPMSS -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FWD_TCPSCAN0 -m limit --limit 10/sec --limit-burst 1 -j RETURN
-A FWD_TCPSCAN0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "[Firewall] TCP Scan"
-A FWD_TCPSCAN0 -j DROP
-A FWD_TCPSCAN1 -m limit --limit 10/sec --limit-burst 1 -j RETURN
-A FWD_TCPSCAN1 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "[Firewall] TCP Scan"
-A FWD_TCPSCAN1 -j DROP
-A INPUT_DOS_LAN -p udp -m limit --limit 100/sec --limit-burst 100 -m conntrack --ctstate INVALID,NEW -j RETURN
-A INPUT_DOS_LAN -p udp -m limit --limit 1/min --limit-burst 1 -m conntrack --ctstate INVALID,NEW -j LOG --log-prefix "{Firewall-33554434,300} UDP flood attack from LAN has been detected,"
-A INPUT_DOS_LAN -p icmp -m limit --limit 100/sec --limit-burst 100 -m conntrack --ctstate INVALID,NEW -j RETURN
-A INPUT_DOS_LAN -p icmp -m limit --limit 1/min --limit-burst 1 -m conntrack --ctstate INVALID,NEW -j LOG --log-prefix "{Firewall-33554436,300} ICMP flood attack from LAN has been detected,"
-A INPUT_DOS_WAN0 -p udp -m limit --limit 100/sec --limit-burst 100 -m conntrack --ctstate INVALID,NEW -j RETURN
-A INPUT_DOS_WAN0 -p udp -m limit --limit 1/min --limit-burst 1 -m conntrack --ctstate INVALID,NEW -j LOG --log-prefix "{Firewall-33554433,300} UDP flood attack from WAN0 has been detected,"
-A INPUT_DOS_WAN0 -p udp -m conntrack --ctstate INVALID,NEW -j DROP
-A INPUT_DOS_WAN0 -p icmp -m limit --limit 100/sec --limit-burst 100 -m conntrack --ctstate INVALID,NEW -j RETURN
-A INPUT_DOS_WAN0 -p icmp -m limit --limit 1/min --limit-burst 1 -m conntrack --ctstate INVALID,NEW -j LOG --log-prefix "{Firewall-33554433,300} ICMP flood attack from WAN0 has been detected,"
-A INPUT_DOS_WAN0 -p icmp -m conntrack --ctstate INVALID,NEW -j DROP
-A INPUT_DOS_WAN0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 100/sec --limit-burst 100 -j RETURN
-A INPUT_DOS_WAN0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554433,300} TCP SYN flood attack from WAN0 has been detected,"
-A INPUT_DOS_WAN0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A INPUT_DOS_WAN0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -m limit --limit 100/sec --limit-burst 100 -j RETURN
-A INPUT_DOS_WAN0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554433,300} TCP FIN flood attack from WAN0 has been detected,"
-A INPUT_DOS_WAN0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP
-A INPUT_DOS_WAN1 -p udp -m limit --limit 100/sec --limit-burst 100 -m conntrack --ctstate INVALID,NEW -j RETURN
-A INPUT_DOS_WAN1 -p udp -m limit --limit 1/min --limit-burst 1 -m conntrack --ctstate INVALID,NEW -j LOG --log-prefix "{Firewall-33554433,300} UDP flood attack from WAN1 has been detected,"
-A INPUT_DOS_WAN1 -p udp -m conntrack --ctstate INVALID,NEW -j DROP
-A INPUT_DOS_WAN1 -p icmp -m limit --limit 100/sec --limit-burst 100 -m conntrack --ctstate INVALID,NEW -j RETURN
-A INPUT_DOS_WAN1 -p icmp -m limit --limit 1/min --limit-burst 1 -m conntrack --ctstate INVALID,NEW -j LOG --log-prefix "{Firewall-33554433,300} ICMP flood attack from WAN1 has been detected,"
-A INPUT_DOS_WAN1 -p icmp -m conntrack --ctstate INVALID,NEW -j DROP
-A INPUT_DOS_WAN1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 100/sec --limit-burst 100 -j RETURN
-A INPUT_DOS_WAN1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554433,300} TCP SYN flood attack from WAN1 has been detected,"
-A INPUT_DOS_WAN1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A INPUT_DOS_WAN1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -m limit --limit 100/sec --limit-burst 100 -j RETURN
-A INPUT_DOS_WAN1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554433,300} TCP FIN flood attack from WAN1 has been detected,"
-A INPUT_DOS_WAN1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP
-A INPUT_FRAGGLE_LAN -m limit --limit 10/sec --limit-burst 20 -j RETURN
-A INPUT_FRAGGLE_LAN -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554442,300} Fraggle attack from LAN has been detected, DROP"
-A INPUT_FRAGGLE_LAN -j DROP
-A INPUT_FRAGGLE_WAN0 -m limit --limit 10/sec --limit-burst 20 -j RETURN
-A INPUT_FRAGGLE_WAN0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554441,300} Fraggle attack from WAN0 has been detected, DROP"
-A INPUT_FRAGGLE_WAN0 -j DROP
-A INPUT_FRAGGLE_WAN1 -m limit --limit 10/sec --limit-burst 20 -j RETURN
-A INPUT_FRAGGLE_WAN1 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554441,300} Fraggle attack from WAN1 has been detected, DROP"
-A INPUT_FRAGGLE_WAN1 -j DROP
-A INPUT_FW -i br0 -p udp -j INPUT_DOS_LAN
-A INPUT_FW -i br0 -p icmp -j INPUT_DOS_LAN
-A INPUT_FW -i br0 -p tcp -m multiport --dports 137,138,139,113,53 -m tcp --tcp-flags URG URG -j INPUT_WINNUKE_LAN
-A INPUT_FW -i br0 -p icmp -m icmp --icmp-type 8 -m addrtype --dst-type BROADCAST -j INPUT_SMURF_LAN
-A INPUT_FW -i br0 -p udp -m addrtype --dst-type BROADCAST -j INPUT_FRAGGLE_LAN
-A INPUT_FW ! -i br0 -p icmp -j INPUT_RESPONSE_PING
-A INPUT_FW -s 192.168.1.0/24 ! -i br0 -p tcp -j INPUT_LAN_SRC
-A INPUT_FW -s 192.168.1.0/24 ! -i br0 -p udp -j INPUT_LAN_SRC
-A INPUT_FW -i nas1 -p udp -j INPUT_WAN_SERVICE1
-A INPUT_FW -i nas1 -p tcp -j INPUT_WAN_SERVICE1
-A INPUT_FW -i nas1 -p udp -j INPUT_DOS_WAN1
-A INPUT_FW -i nas1 -p icmp -j INPUT_DOS_WAN1
-A INPUT_FW -i nas1 -p tcp -m multiport --dports 137,138,139,113,53 -m tcp --tcp-flags URG URG -j INPUT_WINNUKE_WAN1
-A INPUT_FW -i nas1 -p icmp -m icmp --icmp-type 8 -m addrtype --dst-type BROADCAST -j INPUT_SMURF_WAN1
-A INPUT_FW -i nas1 -p udp -m addrtype --dst-type BROADCAST -j INPUT_FRAGGLE_WAN1
-A INPUT_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j INPUT_TCPSCAN1
-A INPUT_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j INPUT_TCPSCAN1
-A INPUT_FW -i nas1 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j INPUT_TCPSCAN1
-A INPUT_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j INPUT_TCPSCAN1
-A INPUT_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INPUT_TCPSCAN1
-A INPUT_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j INPUT_TCPSCAN1
-A INPUT_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INPUT_TCPSCAN1
-A INPUT_FW -i nas1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG RST -j INPUT_TCPSCAN1
-A INPUT_FW -i nas0 -p udp -j INPUT_WAN_SERVICE0
-A INPUT_FW -i nas0 -p tcp -j INPUT_WAN_SERVICE0
-A INPUT_FW -i nas0 -p udp -j INPUT_DOS_WAN0
-A INPUT_FW -i nas0 -p icmp -j INPUT_DOS_WAN0
-A INPUT_FW -i nas0 -p tcp -m multiport --dports 137,138,139,113,53 -m tcp --tcp-flags URG URG -j INPUT_WINNUKE_WAN0
-A INPUT_FW -i nas0 -p icmp -m icmp --icmp-type 8 -m addrtype --dst-type BROADCAST -j INPUT_SMURF_WAN0
-A INPUT_FW -i nas0 -p udp -m addrtype --dst-type BROADCAST -j INPUT_FRAGGLE_WAN0
-A INPUT_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j INPUT_TCPSCAN0
-A INPUT_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j INPUT_TCPSCAN0
-A INPUT_FW -i nas0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j INPUT_TCPSCAN0
-A INPUT_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j INPUT_TCPSCAN0
-A INPUT_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INPUT_TCPSCAN0
-A INPUT_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j INPUT_TCPSCAN0
-A INPUT_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j INPUT_TCPSCAN0
-A INPUT_FW -i nas0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG RST -j INPUT_TCPSCAN0
-A INPUT_LAN_SRC -m limit --limit 10/sec --limit-burst 10 -j RETURN
-A INPUT_LAN_SRC -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554443,300} LAN source attack from WAN has been detected, DROP"
-A INPUT_LAN_SRC -j DROP
-A INPUT_MGNT -p udp -m udp --dport 68 -j ACCEPT
-A INPUT_MGNT -i br0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT_MGNT -i br0 -j INPUT_MGNT_LAN
-A INPUT_MGNT ! -i br0 -j INPUT_MGNT_WAN
-A INPUT_MGNT_LAN -i br0 -p tcp -m tcp --dport 80 -m connmark --mark 0x1/0x1 -j ACCEPT
-A INPUT_MGNT_LAN -i br0 -p tcp -m tcp --dport 80 -j DROP
-A INPUT_MGNT_LAN -i br0 -p tcp -m tcp --dport 443 -j DROP
-A INPUT_MGNT_LAN -i br0 -p tcp -m tcp --dport 23 -m connmark --mark 0x1/0x1 -j ACCEPT
-A INPUT_MGNT_LAN -i br0 -p tcp -m tcp --dport 23 -j DROP
-A INPUT_MGNT_LAN -i br0 -p tcp -m tcp --dport 22 -m connmark --mark 0x1/0x1 -j ACCEPT
-A INPUT_MGNT_LAN -i br0 -p tcp -m tcp --dport 22 -j DROP
-A INPUT_MGNT_LAN -i br0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT_MGNT_WAN -i nas1 -j INPUT_MGNT_WAN1
-A INPUT_MGNT_WAN -i nas0 -j INPUT_MGNT_WAN0
-A INPUT_MGNT_WAN -i nas0 -p tcp -m tcp --dport 80 -m connmark --mark 0x1/0x1 -j ACCEPT
-A INPUT_MGNT_WAN -i nas0 -p tcp -m tcp --dport 80 -j DROP
-A INPUT_MGNT_WAN -i nas0 -p tcp -m tcp --dport 443 -j DROP
-A INPUT_MGNT_WAN -i nas0 -p tcp -m tcp --dport 23 -j DROP
-A INPUT_MGNT_WAN -i nas0 -p tcp -m tcp --dport 22 -j DROP
-A INPUT_MGNT_WAN -i nas0 -p tcp -m tcp --dport 7547 -j ACCEPT
-A INPUT_MGNT_WAN -i nas0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT_MGNT_WAN_TRUST_NETWORK -j DROP
-A INPUT_SHORT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT_SMURF_LAN -m limit --limit 10/sec --limit-burst 20 -j RETURN
-A INPUT_SMURF_LAN -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554440,300} Smurf attack from LAN has been detected, DROP"
-A INPUT_SMURF_LAN -j DROP
-A INPUT_SMURF_WAN0 -m limit --limit 10/sec --limit-burst 10 -j RETURN
-A INPUT_SMURF_WAN0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554439,300} Smurf attack from WAN0 has been detected, DROP"
-A INPUT_SMURF_WAN0 -j DROP
-A INPUT_SMURF_WAN1 -m limit --limit 10/sec --limit-burst 10 -j RETURN
-A INPUT_SMURF_WAN1 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554439,300} Smurf attack from WAN1 has been detected, DROP"
-A INPUT_SMURF_WAN1 -j DROP
-A INPUT_SPI -i br0 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT_SPI -i lo -m conntrack --ctstate NEW -j ACCEPT
-A INPUT_TCPSCAN0 -m limit --limit 10/sec --limit-burst 1 -j RETURN
-A INPUT_TCPSCAN0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "[Firewall] TCP Scan"
-A INPUT_TCPSCAN0 -j DROP
-A INPUT_TCPSCAN1 -m limit --limit 10/sec --limit-burst 1 -j RETURN
-A INPUT_TCPSCAN1 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "[Firewall] TCP Scan"
-A INPUT_TCPSCAN1 -j DROP
-A INPUT_WAN_SERVICE0 -p udp -m multiport --dports 53,67,137,138,139,445 -j LOG --log-prefix "[Firewall], DROP"
-A INPUT_WAN_SERVICE0 -p udp -m multiport --dports 53,67,137,138,139,445 -j DROP
-A INPUT_WAN_SERVICE0 -p tcp -m multiport --dports 53,67,137,138,139,445 -j LOG --log-prefix "[Firewall], DROP"
-A INPUT_WAN_SERVICE0 -p tcp -m multiport --dports 53,67,137,138,139,445 -j DROP
-A INPUT_WAN_SERVICE1 -p udp -m multiport --dports 53,67,137,138,139,445 -j LOG --log-prefix "[Firewall], DROP"
-A INPUT_WAN_SERVICE1 -p udp -m multiport --dports 53,67,137,138,139,445 -j DROP
-A INPUT_WAN_SERVICE1 -p tcp -m multiport --dports 53,67,137,138,139,445 -j LOG --log-prefix "[Firewall], DROP"
-A INPUT_WAN_SERVICE1 -p tcp -m multiport --dports 53,67,137,138,139,445 -j DROP
-A INPUT_WINNUKE_LAN -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554438,300} Winnuke attack from LAN has been detected, DROP"
-A INPUT_WINNUKE_LAN -j DROP
-A INPUT_WINNUKE_WAN0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554437,300} Winnuke attack from WAN0 has been detected, DROP"
-A INPUT_WINNUKE_WAN0 -j DROP
-A INPUT_WINNUKE_WAN1 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "{Firewall-33554437,300} Winnuke attack from WAN1 has been detected, DROP"
-A INPUT_WINNUKE_WAN1 -j DROP
COMMIT
# Completed on Fri Aug 14 12:06:49 2020
