#17685: Active firewall after disabling it in Startup and reboot
------------------------------+----------------------------------
Reporter: philip_petev | Owner: developers
Type: defect | Status: new
Priority: response-needed | Milestone: Chaos Calmer (trunk)
Component: packages | Version: Trunk
Resolution: | Keywords:
------------------------------+----------------------------------
Comment (by philip_petev):
Alright, here they are:
{{{
Table: Filter
Chain INPUT (Policy: ACCEPT, Packets: 5, Traffic: 300.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 42 2.57 KB delegate_input all -- * *
0.0.0.0/0 0.0.0.0/0 -
Chain FORWARD (Policy: DROP, Packets: 0, Traffic: 0.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B delegate_forward all -- * *
0.0.0.0/0 0.0.0.0/0 -
Chain OUTPUT (Policy: ACCEPT, Packets: 28, Traffic: 2.02 KB)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 133 35.13 KB delegate_output all -- *
* 0.0.0.0/0 0.0.0.0/0 -
Chain delegate_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B forwarding_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
2 0 0.00 B ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
3 0 0.00 B zone_lan_forward all -- br-lan *
0.0.0.0/0 0.0.0.0/0 -
4 0 0.00 B zone_wan_forward all -- eth1.1 *
0.0.0.0/0 0.0.0.0/0 -
5 0 0.00 B reject all -- * * 0.0.0.0/0
0.0.0.0/0 -
Chain delegate_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 32 2.13 KB ACCEPT all -- lo *
0.0.0.0/0 0.0.0.0/0 -
2 10 460.00 B input_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for input */
3 0 0.00 B ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 5 300.00 B syn_flood tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
5 5 160.00 B zone_lan_input all -- br-lan *
0.0.0.0/0 0.0.0.0/0 -
6 0 0.00 B zone_wan_input all -- eth1.1 *
0.0.0.0/0 0.0.0.0/0 -
Chain delegate_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 32 2.13 KB ACCEPT all -- * lo
0.0.0.0/0 0.0.0.0/0 -
2 101 33.00 KB output_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for output */
3 3 312.00 B ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 70 30.68 KB zone_lan_output all -- *
br-lan 0.0.0.0/0 0.0.0.0/0 -
5 0 0.00 B zone_wan_output all -- *
eth1.1 0.0.0.0/0 0.0.0.0/0 -
Chain reject (References: 3)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
2 0 0.00 B REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain syn_flood (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 5 300.00 B RETURN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec
burst 50
2 0 0.00 B DROP all -- * * 0.0.0.0/0
0.0.0.0/0 -
Chain zone_lan_dest_ACCEPT (References: 2)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 70 30.68 KB ACCEPT all -- * br-lan
0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B MINIUPNPD all -- * *
0.0.0.0/0 0.0.0.0/0 -
2 0 0.00 B forwarding_lan_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
3 0 0.00 B zone_wan_dest_ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 /* forwarding lan -> wan */
4 0 0.00 B ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate DNAT /* Accept port forwards */
5 0 0.00 B zone_lan_dest_ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 5 160.00 B input_lan_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for input */
2 0 0.00 B ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate DNAT /* Accept port redirections */
3 5 160.00 B zone_lan_src_ACCEPT all -- *
* 0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 70 30.68 KB output_lan_rule all -- *
* 0.0.0.0/0 0.0.0.0/0 /* user chain for output */
2 70 30.68 KB zone_lan_dest_ACCEPT all -- *
* 0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_src_ACCEPT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 5 160.00 B ACCEPT all -- br-lan *
0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_dest_ACCEPT (References: 2)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B ACCEPT all -- * eth1.1 0.0.0.0/0
0.0.0.0/0 -
Chain zone_wan_dest_REJECT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B reject all -- * eth1.1 0.0.0.0/0
0.0.0.0/0 -
Chain zone_wan_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B forwarding_wan_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
2 0 0.00 B ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate DNAT /* Accept port forwards */
3 0 0.00 B zone_wan_dest_REJECT all -- * *
0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B input_wan_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for input */
2 0 0.00 B ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:68 /* Allow-DHCP-Renew */
3 0 0.00 B ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 8 /* Allow-Ping */
4 0 0.00 B ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate DNAT /* Accept port redirections */
5 0 0.00 B zone_wan_src_REJECT all -- * *
0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B output_wan_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for output */
2 0 0.00 B zone_wan_dest_ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_src_REJECT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B reject all -- eth1.1 * 0.0.0.0/0
0.0.0.0/0 -
Table: NAT
Chain PREROUTING (Policy: ACCEPT, Packets: 6, Traffic: 332.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 6 332.00 B delegate_prerouting all -- *
* 0.0.0.0/0 0.0.0.0/0 -
Chain POSTROUTING (Policy: ACCEPT, Packets: 62, Traffic: 4.59 KB)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 62 4.59 KB delegate_postrouting all -- *
* 0.0.0.0/0 0.0.0.0/0 -
Chain delegate_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 62 4.59 KB postrouting_rule all -- *
* 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
2 2 462.00 B zone_lan_postrouting all -- *
br-lan 0.0.0.0/0 0.0.0.0/0 -
3 0 0.00 B zone_wan_postrouting all -- *
eth1.1 0.0.0.0/0 0.0.0.0/0 -
Chain delegate_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 6 332.00 B prerouting_rule all -- *
* 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
2 1 32.00 B zone_lan_prerouting all --
br-lan * 0.0.0.0/0 0.0.0.0/0 -
3 0 0.00 B zone_wan_prerouting all -- eth1.1 *
0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 2 462.00 B postrouting_lan_rule all -- *
* 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
Chain zone_lan_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 1 32.00 B MINIUPNPD all -- * *
0.0.0.0/0 0.0.0.0/0 -
2 1 32.00 B prerouting_lan_rule all -- *
* 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
Chain zone_wan_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B postrouting_wan_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
2 0 0.00 B MASQUERADE all -- * *
0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B prerouting_wan_rule all -- * *
0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
Table: Mangle
Chain PREROUTING (Policy: ACCEPT, Packets: 283, Traffic: 25.47 KB)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 283 25.47 KB fwmark all -- * *
0.0.0.0/0 0.0.0.0/0 -
Chain FORWARD (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B mssfix all -- * * 0.0.0.0/0
0.0.0.0/0 -
Chain mssfix (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 0 0.00 B TCPMSS tcp -- * eth1.1 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 /* wan (mtu_fix) */ TCPMSS clamp to
PMTU
Table: Raw
Chain PREROUTING (Policy: ACCEPT, Packets: 283, Traffic: 25.47 KB)
Rule # Pkts. Traffic Target Prot. Flags In Out
Source Destination Options
1 283 25.47 KB delegate_notrack all -- *
* 0.0.0.0/0 0.0.0.0/0 -
}}}
UPnP is disabled as well and there is no room on WR841N's flash for QoS,
so it's not installed.
Isn't that the point of the presence of Enable/Disable button for any
service, to turn it on and off (completely off)?
--
Ticket URL: <https://dev.openwrt.org/ticket/17685#comment:11>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
