# Generated by iptables-save v1.3.8 on Tue Sep 19 14:29:05 2017
*nat
:PREROUTING ACCEPT [92:6071]
:POSTROUTING ACCEPT [8:1180]
:OUTPUT ACCEPT [8:1180]
:DNSFILTER - [0:0]
:LOCALSRV - [0:0]
:PCREDIRECT - [0:0]
:PUPNP - [0:0]
:VSERVER - [0:0]
:VUPNP - [0:0]
-A PREROUTING -d XXX.XX.XX.XXX -j VSERVER
-A PREROUTING -s 192.168.1.0/255.255.255.0 -p udp -m udp --dport 53 -j DNSFILTER
-A PREROUTING -s 192.168.1.0/255.255.255.0 -p tcp -m tcp --dport 53 -j DNSFILTER
-A POSTROUTING -o eth0 -j PUPNP
-A POSTROUTING -s ! XXX.XX.XX.XXX -o eth0 -j MASQUERADE
-A POSTROUTING -m mark --mark 0x8000/0x8000 -j MASQUERADE
-A DNSFILTER -m mac --mac-source A4:71:74:F5:F1:8C -j DNAT --to-destination 208.67.222.222
-A DNSFILTER -m mac --mac-source 00:26:C6:B6:0A:72 -j RETURN
-A DNSFILTER -m mac --mac-source 78:F8:82:9E:CD:DB -j RETURN
-A VSERVER -p tcp -m tcp --dport 23222 -j DNAT --to-destination 192.168.1.50:23222
-A VSERVER -p udp -m udp --dport 23222 -j DNAT --to-destination 192.168.1.50:23222
-A VSERVER -j VUPNP
COMMIT
# Completed on Tue Sep 19 14:29:05 2017
# Generated by iptables-save v1.3.8 on Tue Sep 19 14:29:05 2017
*mangle
:PREROUTING ACCEPT [106642:10369996]
:INPUT ACCEPT [73791:7725031]
:FORWARD ACCEPT [32491:2593519]
:OUTPUT ACCEPT [70215:224669769]
:POSTROUTING ACCEPT [102735:227270943]
-A PREROUTING -d XXX.XX.XX.XXX -i ! eth0 -j MARK --set-mark 0x8000/0x8000
-A FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -o br0 -j MARK --set-mark 0x1/0x7
COMMIT
# Completed on Tue Sep 19 14:29:05 2017
# Generated by iptables-save v1.3.8 on Tue Sep 19 14:29:05 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [438:808389]
:ACCESS_RESTRICTION - [0:0]
:FUPNP - [0:0]
:INPUT_ICMP - [0:0]
:NSFW - [0:0]
:PControls - [0:0]
:PTCSRVLAN - [0:0]
:PTCSRVWAN - [0:0]
:SECURITY - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j logdrop
-A INPUT -m state --state RELATED,ESTABLISHED -j logaccept
-A INPUT -m state --state INVALID -j logdrop
-A INPUT -i ! br0 -j PTCSRVWAN
-A INPUT -i br0 -j PTCSRVLAN
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --sport 67 --dport 68 -j logaccept
-A INPUT -p icmp -j INPUT_ICMP
-A INPUT -j logdrop
-A FORWARD -m state --state RELATED,ESTABLISHED -j logaccept
-A FORWARD -i ! br0 -o eth0 -j logdrop
-A FORWARD -i eth0 -m state --state INVALID -j logdrop
-A FORWARD -i br0 -o br0 -j logaccept
-A FORWARD -i eth0 -j SECURITY
-A FORWARD -j NSFW
-A FORWARD -m conntrack --ctstate DNAT -j logaccept
-A FORWARD -i br0 -j logaccept
-A INPUT_ICMP -p icmp -m icmp --icmp-type 8 -j RETURN
-A INPUT_ICMP -p icmp -m icmp --icmp-type 13 -j RETURN
-A INPUT_ICMP -p icmp -j logaccept
-A PControls -j logaccept
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j logdrop
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j logdrop
-A SECURITY -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN
-A SECURITY -p icmp -m icmp --icmp-type 8 -j logdrop
-A SECURITY -j RETURN
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT
# Completed on Tue Sep 19 14:29:05 2017