===== Netzwerke ===== ==== 134.97.126.0/24 ==== ^ Eigenschaft ^ Wert ^ | Domain | bytespeicher.local | | Exit via | Alphacron | ==== Firewall ==== #related freigeben iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #RA ip6tables -A INPUT -s fe80::203:97ff:fe2a:b400 -j ACCEPT ip6tables -A INPUT -s ff00::/8 -j ACCEPT ip6tables -A INPUT -s fe80::/10 -j ACCEPT #ICMP iptables -A INPUT -p icmp -j ACCEPT iptables -A FORWARD -p icmp -j ACCEPT ip6tables -A INPUT -p icmpv6 -j ACCEPT ip6tables -A FORWARD -p icmpv6 -j ACCEPT #INPUT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i br-lan -j ACCEPT iptables -A INPUT -i br-nat -j ACCEPT iptables -A INPUT -s 195.190.142.0/24 -j ACCEPT iptables -A INPUT -s 134.97.0.0/16 -j ACCEPT iptables -A INPUT -s 37.26.200.0/24 -j ACCEPT iptables -A INPUT -s 10.99.0.0/16 -j ACCEPT iptables -A INPUT -s 192.168.126.0/24 -j ACCEPT iptables -A INPUT -p tcp --dport 22348 -j ACCEPT #ssh iptables -A INPUT -s 88.198.111.196 -j ACCEPT #status-kiste ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A INPUT -i br-lan -j ACCEPT ip6tables -A INPUT -s 2001:650::/32 -j ACCEPT ip6tables -A INPUT -p tcp --dport 22348 -j ACCEPT #mtu-fix iptables -A FORWARD -p tcp -o pppoe-wan1 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ip6tables -A FORWARD -p tcp -o pppoe-wan1 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu #FORWARD iptables -A FORWARD -i lo -j ACCEPT iptables -A FORWARD -s 195.190.142.0/24 -j ACCEPT iptables -A FORWARD -s 134.97.0.0/16 -j ACCEPT iptables -A FORWARD -s 37.26.200.0/24 -j ACCEPT iptables -A FORWARD -s 10.99.0.0/16 -j ACCEPT iptables -A FORWARD -s 192.168.126.0/24 -j ACCEPT iptables -A FORWARD -s 88.198.234.12 -d 134.97.126.39 -j ACCEPT #meshvpn iptables -A FORWARD -s 62.141.56.190 -d 134.97.126.39 -j ACCEPT #meshvpn iptables -A FORWARD -s 144.76.76.98 -d 134.97.126.39 -j ACCEPT #meshvpn iptables -A FORWARD -m iprange --dst-range 134.97.126.2-134.97.126.49 -j ACCEPT iptables -A FORWARD -m iprange --dst-range 134.97.126.51-134.97.126.254 -j ACCEPT #alles ausser der .50 zulassen ip6tables -A FORWARD -i lo -j ACCEPT ip6tables -A FORWARD -s 2001:650::/32 -j ACCEPT ip6tables -A FORWARD -d 2001:650:dd4e::/48 -j ACCEPT #SNAT iptables -t nat -A POSTROUTING -o pppoe-wan -s 192.168.126.0/24 -j SNAT --to-source 134.97.126.254 iptables -t nat -A POSTROUTING -o eth0.34 -s 134.97.126.0/24 -j SNAT --to-source 10.99.50.1 iptables -t nat -A POSTROUTING -o eth0.34 -s 192.168.126.0/24 -j SNAT --to-source 10.99.50.1 #ENDDROP iptables -A INPUT -j DROP iptables -A FORWARD -j DROP ip6tables -A INPUT -j DROP ip6tables -A FORWARD -j DROP ===== Software ===== ==== Installierte Pakete ==== * base-files * bmon * busybox * confuse * dnsmasq * dropbear * firewall * fstools * hostapd-common * ip6tables * iptables * iptables-mod-iprange * iw * jshn * jsonfilter * kernel * kmod-ath * kmod-ath9k * kmod-ath9k-common * kmod-cfg80211 * kmod-crypto-aes * kmod-crypto-arc4 * kmod-crypto-core * kmod-gpio-button-hotplug * kmod-ip6tables * kmod-ipt-conntrack * kmod-ipt-core * kmod-ipt-iprange * kmod-ipt-nat * kmod-ipv6 * kmod-ledtrig-usbdev * kmod-lib-crc-ccitt * kmod-mac80211 * kmod-nf-conntrack * kmod-nf-conntrack6 * kmod-nf-ipt * kmod-nf-ipt6 * kmod-nf-nat * kmod-nf-nathelper * kmod-nls-base * kmod-ppp * kmod-pppoe * kmod-pppox * kmod-slhc * kmod-usb-core * kmod-usb2 * libblobmsg-json * libc * libgcc * libip4tc * libip6tc * libiwinfo * libiwinfo-lua * libjson-c * libjson-script * liblua * libncursesw * libnl * libnl-tiny * libpcap * libpthread * libubox * libubus * libubus-lua * libuci * libuci-lua * libxtables * lua * luci * luci-app-firewall * luci-base * luci-lib-ip * luci-lib-nixio * luci-mod-admin-full * luci-proto-ipv6 * luci-proto-ppp * luci-theme-bootstrap * mtd * netifd * odhcp6c * odhcpd * opkg * ppp * ppp-mod-pppoe * procd * rpcd * swconfig * tcpdump * terminfo * uboot-envtools * ubox * ubus * ubusd * uci * uhttpd * uhttpd-mod-ubus * usign * wpad-mini