4 WAN
=$
(nvram_get wan_ifname
)
8 for T
in filter nat mangle
; do
13 $IPT -t filter
-A INPUT
-m state
--state INVALID
-j DROP
14 $IPT -t filter
-A INPUT
-m state
--state RELATED
,ESTABLISHED
-j ACCEPT
15 $IPT -t filter
-A INPUT
-p icmp
-j ACCEPT
16 $IPT -t filter
-A INPUT
-i $WAN -p tcp
-j REJECT
--reject-with tcp-reset
17 $IPT -t filter
-A INPUT
-i $WAN -j REJECT
--reject-with icmp-port-unreachable
18 $IPT -t filter
-A FORWARD
-m state
--state INVALID
-j DROP
19 $IPT -t filter
-A FORWARD
-m state
--state RELATED
,ESTABLISHED
-j ACCEPT
20 $IPT -t filter
-A FORWARD
-i $WAN -m state
--state NEW
,INVALID
-j DROP
21 $IPT -t filter
-A FORWARD
-o $WAN -p tcp
--tcp-flags SYN
,RST SYN
-j TCPMSS
--clamp-mss-to-pmtu
23 $IPT -t nat
-A POSTROUTING
-o $WAN -j MASQUERADE
This page took 0.047761 seconds and 5 git commands to generate.