|
|
|
## Explanation of IP Tables Rules
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
```
|
|
```
|
|
127|shell@rk312x:/ $ iptables --list
|
|
|
|
iptables v1.4.20: can't initialize iptables table `filter': Permission denied (you must be root)
|
|
|
|
Perhaps iptables or your kernel needs to be upgraded.
|
|
|
|
3|shell@rk312x:/ $ su
|
|
|
|
root@rk312x:/ # iptables --list
|
|
|
|
Chain INPUT (policy ACCEPT)
|
|
Chain INPUT (policy ACCEPT)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
bw_INPUT all -- anywhere anywhere
|
|
bw_INPUT all -- anywhere anywhere
|
|
fw_INPUT all -- anywhere anywhere
|
|
fw_INPUT all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain FORWARD (policy ACCEPT)
|
|
Chain FORWARD (policy ACCEPT)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
oem_fwd all -- anywhere anywhere
|
|
oem_fwd all -- anywhere anywhere
|
|
fw_FORWARD all -- anywhere anywhere
|
|
fw_FORWARD all -- anywhere anywhere
|
|
bw_FORWARD all -- anywhere anywhere
|
|
bw_FORWARD all -- anywhere anywhere
|
|
natctrl_FORWARD all -- anywhere anywhere
|
|
natctrl_FORWARD all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain OUTPUT (policy ACCEPT)
|
|
Chain OUTPUT (policy ACCEPT)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
oem_out all -- anywhere anywhere
|
|
oem_out all -- anywhere anywhere
|
|
fw_OUTPUT all -- anywhere anywhere
|
|
fw_OUTPUT all -- anywhere anywhere
|
|
st_OUTPUT all -- anywhere anywhere
|
|
st_OUTPUT all -- anywhere anywhere
|
|
bw_OUTPUT all -- anywhere anywhere
|
|
bw_OUTPUT all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
```
|
|
Chain bw_FORWARD (1 references)
|
|
Chain bw_FORWARD (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain bw_INPUT (1 references)
|
|
Chain bw_INPUT (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
|
|
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
|
|
all -- anywhere anywhere owner socket exists
|
|
all -- anywhere anywhere owner socket exists
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain bw_OUTPUT (1 references)
|
|
Chain bw_OUTPUT (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
|
|
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
|
|
all -- anywhere anywhere owner socket exists
|
|
all -- anywhere anywhere owner socket exists
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain bw_costly_shared (0 references)
|
|
Chain bw_costly_shared (0 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
bw_penalty_box all -- anywhere anywhere
|
|
bw_penalty_box all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain bw_happy_box (0 references)
|
|
Chain bw_happy_box (0 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain bw_penalty_box (1 references)
|
|
Chain bw_penalty_box (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain fw_FORWARD (1 references)
|
|
Chain fw_FORWARD (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain fw_INPUT (1 references)
|
|
Chain fw_INPUT (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
fw_standby all -- anywhere anywhere
|
|
fw_standby all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain fw_OUTPUT (1 references)
|
|
Chain fw_OUTPUT (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
fw_standby all -- anywhere anywhere
|
|
fw_standby all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain fw_dozable (0 references)
|
|
Chain fw_dozable (0 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
RETURN all -- anywhere anywhere owner UID match 0-9999
|
|
RETURN all -- anywhere anywhere owner UID match 0-9999
|
|
DROP all -- anywhere anywhere
|
|
DROP all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain fw_standby (2 references)
|
|
Chain fw_standby (2 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain natctrl_FORWARD (1 references)
|
|
Chain natctrl_FORWARD (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
DROP all -- anywhere anywhere
|
|
DROP all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain natctrl_tether_counters (0 references)
|
|
Chain natctrl_tether_counters (0 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain oem_fwd (1 references)
|
|
Chain oem_fwd (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain oem_out (1 references)
|
|
Chain oem_out (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain st_OUTPUT (1 references)
|
|
Chain st_OUTPUT (1 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain st_clear_caught (2 references)
|
|
Chain st_clear_caught (2 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain st_clear_detect (0 references)
|
|
Chain st_clear_detect (0 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
REJECT all -- anywhere anywhere connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable
|
|
REJECT all -- anywhere anywhere connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable
|
... | @@ -96,12 +131,16 @@ CONNMARK udp -- anywhere anywhere u32 "0x0>>0x16&0x3 |
... | @@ -96,12 +131,16 @@ CONNMARK udp -- anywhere anywhere u32 "0x0>>0x16&0x3 |
|
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
|
|
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
|
|
st_clear_caught tcp -- anywhere anywhere state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0"
|
|
st_clear_caught tcp -- anywhere anywhere state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0"
|
|
st_clear_caught udp -- anywhere anywhere
|
|
st_clear_caught udp -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain st_penalty_log (0 references)
|
|
Chain st_penalty_log (0 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
CONNMARK all -- anywhere anywhere CONNMARK or 0x1000000
|
|
CONNMARK all -- anywhere anywhere CONNMARK or 0x1000000
|
|
NFLOG all -- anywhere anywhere
|
|
NFLOG all -- anywhere anywhere
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
Chain st_penalty_reject (0 references)
|
|
Chain st_penalty_reject (0 references)
|
|
target prot opt source destination
|
|
target prot opt source destination
|
|
CONNMARK all -- anywhere anywhere CONNMARK or 0x2000000
|
|
CONNMARK all -- anywhere anywhere CONNMARK or 0x2000000
|
... | | ... | |