bytespeicher:netz:gateway-router [Verein zur Förderung von Technikkultur in Erfurt e.V]

Eigenschaft	Wert
Domain	bytespeicher.local
Exit via	Alphacron

Firewall - Custom Rules

#related freigeben
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#RA
ip6tables -A INPUT -s fe80::203:97ff:fe2a:b400 -j ACCEPT

ip6tables -A INPUT -s ff00::/8 -j ACCEPT
ip6tables -A INPUT -s fe80::/10 -j ACCEPT


#ICMP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT

ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A FORWARD -p icmpv6 -j ACCEPT

#INPUT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i br-lan -j ACCEPT 
iptables -A INPUT -i br-nat -j ACCEPT
iptables -A INPUT -s 195.190.142.0/24 -j ACCEPT
iptables -A INPUT -s 134.97.0.0/16 -j ACCEPT
iptables -A INPUT -s 37.26.200.0/24 -j ACCEPT
iptables -A INPUT -s 10.99.0.0/16 -j ACCEPT
iptables -A INPUT -s 192.168.126.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22348 -j ACCEPT #ssh
iptables -A INPUT -s 88.198.111.196 -j ACCEPT #status-kiste

ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -i br-lan -j ACCEPT 
ip6tables -A INPUT -s 2001:650::/32 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 22348 -j ACCEPT

#mtu-fix
iptables -A FORWARD -p tcp -o pppoe-wan1 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
ip6tables -A FORWARD -p tcp -o pppoe-wan1 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

#FORWARD
iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -s 195.190.142.0/24 -j ACCEPT
iptables -A FORWARD -s 134.97.0.0/16 -j ACCEPT
iptables -A FORWARD -s 37.26.200.0/24 -j ACCEPT
iptables -A FORWARD -s 10.99.0.0/16 -j ACCEPT
iptables -A FORWARD -s 192.168.126.0/24 -j ACCEPT

iptables -A FORWARD -s 88.198.234.12 -d 134.97.126.39 -j ACCEPT #meshvpn
iptables -A FORWARD -s 62.141.56.190 -d 134.97.126.39 -j ACCEPT #meshvpn
iptables -A FORWARD -s 144.76.76.98 -d 134.97.126.39 -j ACCEPT #meshvpn

iptables -A FORWARD -m iprange --dst-range 134.97.126.2-134.97.126.49 -j ACCEPT
iptables -A FORWARD -m iprange --dst-range 134.97.126.51-134.97.126.254 -j ACCEPT
#alles ausser der .50 zulassen


ip6tables -A FORWARD -i lo -j ACCEPT
ip6tables -A FORWARD -s 2001:650::/32 -j ACCEPT
ip6tables -A FORWARD -d 2001:650:dd4e::/48 -j ACCEPT

#SNAT
iptables -t nat -A POSTROUTING -o pppoe-wan -s 192.168.126.0/24 -j SNAT --to-source 134.97.126.254
iptables -t nat -A POSTROUTING -o eth0.34 -s 134.97.126.0/24 -j SNAT --to-source 10.99.50.1
iptables -t nat -A POSTROUTING -o eth0.34 -s 192.168.126.0/24 -j SNAT --to-source 10.99.50.1

#ENDDROP
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -j DROP

base-files
bmon
busybox
confuse
dnsmasq
dropbear
firewall
fstools
hostapd-common
ip6tables
iptables
iptables-mod-iprange
iw
jshn
jsonfilter
kernel
kmod-ath
kmod-ath9k
kmod-ath9k-common
kmod-cfg80211
kmod-crypto-aes
kmod-crypto-arc4
kmod-crypto-core
kmod-gpio-button-hotplug
kmod-ip6tables
kmod-ipt-conntrack
kmod-ipt-core
kmod-ipt-iprange
kmod-ipt-nat
kmod-ipv6
kmod-ledtrig-usbdev
kmod-lib-crc-ccitt
kmod-mac80211
kmod-nf-conntrack
kmod-nf-conntrack6
kmod-nf-ipt
kmod-nf-ipt6
kmod-nf-nat
kmod-nf-nathelper
kmod-nls-base
kmod-ppp
kmod-pppoe
kmod-pppox
kmod-slhc
kmod-usb-core
kmod-usb2
libblobmsg-json
libc
libgcc
libip4tc
libip6tc
libiwinfo
libiwinfo-lua
libjson-c
libjson-script
liblua
libncursesw
libnl
libnl-tiny
libpcap
libpthread
libubox
libubus
libubus-lua
libuci
libuci-lua
libxtables
lua
luci
luci-app-firewall
luci-base
luci-lib-ip
luci-lib-nixio
luci-mod-admin-full
luci-proto-ipv6
luci-proto-ppp
luci-theme-bootstrap
mtd
netifd
odhcp6c
odhcpd
opkg
ppp
ppp-mod-pppoe
procd
rpcd
swconfig
tcpdump
terminfo
uboot-envtools
ubox
ubus
ubusd
uci
uhttpd
uhttpd-mod-ubus
usign
wpad-mini

Netzwerke

134.97.126.0/24

Firewall

Software

Installierte Pakete

Verein zur Förderung von Technikkultur in Erfurt e.V