# Don't know much about upnp cause I have it disabled but anyways: # NAT loopback been broken since r44148 # same broken shit here but I'm not really worried since I have the r44112 on other partition so it's easy to just boot EA8500 back to other part. # haven't really dug into it...all I know is BS has it screwed up. # At first I thought port forwarding was broken but NO, anyone and myself can get to my website from the WAN side so stupid NAT loopback is # screwed like it was a year or so back on several builds until BS fixed it. # Of course I can get to website using its local IP or its static lease name....(I also use local DNS) # All that is a PITA for myself and anyone here that lots of bookmarks to stuff on mrjcd.com. # I have an isolated guest network (br1) but also have IPs to any machine I have the webserver running on opened to br1. # Ain't really looked too hard at what's fucked but you might notice any build after r44112 the '0' is now 'all' ::::::::::::::::::: DD-WRT v3.0-r44188 std (c) 2020 NewMedia-NET GmbH Release: 08/14/20 Board: Linksys EA8500 ========================================================== ___ ___ _ _____ ______ ____ ___ / _ \/ _ \___| | /| / / _ \/_ __/ _ __|_ / / _ \ / // / // /___/ |/ |/ / , _/ / / | |/ //_ <_/ // / /____/____/ |__/|__/_/|_| /_/ |___/____(_)___/ DD-WRT v3.0 http://www.dd-wrt.com ========================================================== BusyBox v1.32.0 (2020-08-14 00:19:03 +03) built-in shell (ash) root@Citadel-Station-Homeworld:~# iptables -vnL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5 1755 ACCEPT udp -- br1 * 0.0.0.0/0 0.0.0.0/0 multiport dports 53,67 81 6804 DROP all -- br1 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 ACCEPT udp -- br1 * 0.0.0.0/0 0.0.0.0/0 multiport dports 53,67 0 0 DROP all -- br1 * 0.0.0.0/0 0.0.0.0/0 state NEW 1472 412K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT udp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:xxxxx (ovpn port redacted by mrjcd) 0 0 ACCEPT all -- tun2 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520 0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520 237 47491 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP icmp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0 152 11790 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 ACCEPT udp -- br1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT udp -- br1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 DROP all -- br1 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0 144 11542 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- br1 br0 0.0.0.0/0 10.72.28.16 state NEW 0 0 ACCEPT all -- br1 br0 0.0.0.0/0 10.72.28.2 state NEW 0 0 ACCEPT all -- br1 br0 0.0.0.0/0 10.72.28.1 state NEW 0 0 DROP all -- br1 br0 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 ACCEPT all -- br1 br0 0.0.0.0/0 10.72.28.16 state NEW 0 0 ACCEPT all -- br1 br0 0.0.0.0/0 10.72.28.2 state NEW 0 0 ACCEPT all -- br1 br0 0.0.0.0/0 10.72.28.1 state NEW 0 0 DROP all -- br1 br0 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 DROP all -- br1 * 0.0.0.0/0 10.72.28.0/24 state NEW 0 0 ACCEPT 47 -- * vlan2 10.72.28.0/24 0.0.0.0/0 0 0 ACCEPT tcp -- * vlan2 10.72.28.0/24 0.0.0.0/0 tcp dpt:1723 0 0 ACCEPT all -- tun2 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * tun2 0.0.0.0/0 0.0.0.0/0 4757 3932K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 261 35771 upnp all -- * * 0.0.0.0/0 0.0.0.0/0 129 15595 lan2wan all -- br1 * 0.0.0.0/0 0.0.0.0/0 261 35771 lan2wan all -- * * 0.0.0.0/0 0.0.0.0/0 28 1680 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0 95 18012 ACCEPT all -- br0 vlan2 0.0.0.0/0 0.0.0.0/0 129 15595 ACCEPT all -- br1 vlan2 0.0.0.0/0 0.0.0.0/0 9 484 ACCEPT tcp -- * * 0.0.0.0/0 10.72.28.1 tcp dpt:80 0 0 DROP tcp -- * * 0.0.0.0/0 10.72.28.2 tcp spt:80 0 0 ACCEPT udp -- * * 0.0.0.0/0 10.72.28.51 udp dpt:xxxxx (ovpn port redacted by mrjcd) 0 0 ACCEPT udp -- * * 0.0.0.0/0 10.72.28.52 udp dpt:xxxxx (ovpn port redacted by mrjcd) 0 0 DROP tcp -- * * 0.0.0.0/0 10.72.28.16 tcp spt:80 0 0 TRIGGER all -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 TRIGGER all -- vlan2 eth0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 TRIGGER all -- vlan2 eth1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 TRIGGER all -- vlan2 vlan1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- vlan1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- vlan1 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 TRIGGER all -- vlan2 ath0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- ath0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ath0 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 TRIGGER all -- vlan2 ath0.1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- ath0.1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ath0.1 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 TRIGGER all -- vlan2 ath1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- ath1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ath1 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 TRIGGER all -- vlan2 ath1.1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- ath1.1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ath1.1 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 DROP all -- br0 br1 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 TRIGGER all -- vlan2 br1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 0 0 trigger_out all -- br1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 1334 packets, 115K bytes) pkts bytes target prot opt in out source destination 360 160K ACCEPT all -- * br0 0.0.0.0/0 0.0.0.0/0 9 1832 ACCEPT all -- * br1 0.0.0.0/0 0.0.0.0/0 Chain advgrp_1 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_10 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_11 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_12 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_13 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_14 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_15 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_16 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_17 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_18 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_19 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_2 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_20 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_3 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_4 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_5 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_6 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_7 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_8 (0 references) pkts bytes target prot opt in out source destination Chain advgrp_9 (0 references) pkts bytes target prot opt in out source destination Chain grp_1 (0 references) pkts bytes target prot opt in out source destination Chain grp_10 (0 references) pkts bytes target prot opt in out source destination Chain grp_11 (0 references) pkts bytes target prot opt in out source destination Chain grp_12 (0 references) pkts bytes target prot opt in out source destination Chain grp_13 (0 references) pkts bytes target prot opt in out source destination Chain grp_14 (0 references) pkts bytes target prot opt in out source destination Chain grp_15 (0 references) pkts bytes target prot opt in out source destination Chain grp_16 (0 references) pkts bytes target prot opt in out source destination Chain grp_17 (0 references) pkts bytes target prot opt in out source destination Chain grp_18 (0 references) pkts bytes target prot opt in out source destination Chain grp_19 (0 references) pkts bytes target prot opt in out source destination Chain grp_2 (0 references) pkts bytes target prot opt in out source destination Chain grp_20 (0 references) pkts bytes target prot opt in out source destination Chain grp_3 (0 references) pkts bytes target prot opt in out source destination Chain grp_4 (0 references) pkts bytes target prot opt in out source destination Chain grp_5 (0 references) pkts bytes target prot opt in out source destination Chain grp_6 (0 references) pkts bytes target prot opt in out source destination Chain grp_7 (0 references) pkts bytes target prot opt in out source destination Chain grp_8 (0 references) pkts bytes target prot opt in out source destination Chain grp_9 (0 references) pkts bytes target prot opt in out source destination Chain lan2wan (2 references) pkts bytes target prot opt in out source destination Chain logaccept (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logbrute (0 references) pkts bytes target prot opt in out source destination 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: BRUTEFORCE side: source mask: 255.255.255.255 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ! recent: UPDATE seconds: 60 hit_count: 4 name: BRUTEFORCE side: source mask: 255.255.255.255 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min burst 1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logdrop (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 7 level 4 prefix "DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset Chain trigger_out (9 references) pkts bytes target prot opt in out source destination Chain upnp (1 references) pkts bytes target prot opt in out source destination root@Citadel-Station-Homeworld:~#