主路由的上网设置解决line 登陆问题

editor
Wordpress建设
2018-08-09
94热度
0评论

https://cryptopunk.me/posts/27406/

利用 FWList 实现路由器

配置网关的 iptables

利用 WList 实现路由器自 _ CryptoPunk FISHERMAN'S BLOG.人生在世，看得穿，又看得远者prevail everywhere._ Netgear WNDR4300路由器手册（

搞了一夜

思路分析

原始的

dnsmasq---gfwlist-127.0.0.1#5353

dnsmasq---accelerated-domains.china.conf：114.114.114.114

iptables 内容导向 1060

1060后， ay控制 --------防火墙默认全局代理

1060后， ay控制 --------匹配cn ip地址，自动free

1060后， ay控制 --------匹配80，443端口全部

结构的问题就是， line 的域名没有包含到里面，查询line域名无法找到ip

................

参考第二

dns 解析只有 g'f'w poroxy

防火墙 set 直接连接，

防火墙内容导向 1060

剩下的就是一样

// 结构的问题就是， line 的域名，line的没有包含到里面，但是中国ip一剔除在外，国外的全部走pr. ！

脚本执行 update_iptables.sh 出错

nxt-opkg （openwrt source ） update error！

nxt-opkg （openwrt source ） ipset iptables-extra error！

修改， nxt-opkg （buffalo source ） ok！

修改脚本执行 update_iptables.sh 出错下载error

独立下载 cn-ip， ok

执行倒入 china-ip txt error！

修改 ok

执行 update_iptables.sh // 很久， ok！

line dns host

line.me

w.line.me

lan.line.me

lcp-checkout.line.me

gw.line.naver.jp

gww.line.naver.jp

gwx.line.naver.jp

gd2.line.naver.jp

gd2g.line.naver.jp

gd2i.line.naver.jp

gd2k.line.naver.jp

gd2w.line.naver.jp

gd2s.line.naver.jp

gd2u.line.naver.jp

gd2v.line.naver.jp

static.line.naver.jp

dl.profile.line.naver.jp

dl.stickershop.line.naver.jp

scdn.line-apps.com

obs.line-apps.com

obs-cn.line-apps.com

obs-tw.line-apps.com

cdn-cn-stk.line-apps.com

xcdn-cn-prf.line-apps.com

xcdn-cn-shp.line-apps.com

xcdn-cn-stk.line-apps.com

https://github.com/racaljk/hosts/blob/master/hosts

https://github.com/racaljk/hosts/issues/886

下面贴出详细过程

root@freebsd:~# vim ip.sh

root@freebsd:~# mv ip.sh update_iptables.sh

root@freebsd:~# vim update_iptables.sh

root@freebsd:~# l up

update_iptables.sh upload/

root@freebsd:~# cat upload/aria2/trackers-list-aria2.sh

#!/bin/sh

list=`wget -qO- https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_all.txt|awk NF|sed ":a;N;s/\n/,/g;ta"`

if [ -z "`grep "bt-tracker" /opt/etc/xiazai/aria2.conf`" ]; then

sed -i '$a bt-tracker='${list} /opt/etc/xiazai/aria2.conf

echo add......

else

sed -i "s@bt-tracker.*@bt-tracker=$list@g" /opt/etc/xiazai/aria2.conf

echo update......

sleep 1

sudo -u smb_guest /opt/etc/init.d/S81aria2 restart

root@freebsd:~# vim update_iptables.sh

root@freebsd:~# chmod +x update_iptables.sh

root@freebsd:/etc# cd dnsmasq.d/

root@freebsd:/etc/dnsmasq.d# l

root@freebsd:/etc/dnsmasq.d# vim accelerated-domains.china.conf

root@freebsd:/etc/dnsmasq.d# mv accelerated-domains.china.conf ~/

root@freebsd:/etc/dnsmasq.d# l ~/

root@freebsd:/etc/dnsmasq.d# l /config

ls: /config: No such file or directory

root@freebsd:/etc/dnsmasq.d# l /etc/config

root@freebsd:/etc/dnsmasq.d# cd

root@freebsd:~# cd /etc

root@freebsd:/etc# l

root@freebsd:/etc/init.d# ./dnsmasq

Syntax: ./dnsmasq [command]

Available commands:

start Start the service

stop Stop the service

restart Restart the service

reload Reload configuration files (or restart if that fails)

enable Enable service autostart

disable Disable service autostart

root@freebsd:/etc/init.d# ./dnsmasq stop

root@freebsd:/etc/init.d# ./dnsmasq start

udhcpc: started, v1.25.1

udhcpc: sending discover

udhcpc: no lease, failing

root@freebsd:/etc/init.d# ll

root@freebsd:/etc/init.d# cd

root@freebsd:~# l

root@freebsd:~# ./update_iptables.sh

./update_iptables.sh: line 3: curl: not found

./update_iptables.sh: line 14: ipset: not found

iptables v1.4.21: Kernel module xt_set is not loaded in.

root@freebsd:~# modprobe xt_set

failed to find a module named xt_set

root@freebsd:~# nxt-opkg update

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/packages/Pack ages.gz.

Updated list of available packages in /var/opkg-lists/openwrt_core.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/packages/Pack ages.sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/kmods/4.14.48 -1-67aac8437e0a20ccc1b19104731443d9/Packages.gz.

Updated list of available packages in /var/opkg-lists/openwrt_kmods.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/kmods/4.14.48 -1-67aac8437e0a20ccc1b19104731443d9/Packages.sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/base/Packages. gz.

Updated list of available packages in /var/opkg-lists/openwrt_base.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/base/Packages. sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/luci/Packages. gz.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/luci/Packages. sig.

Signature check failed.

Remove wrong Signature file.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/packages/Packa ges.gz.

Updated list of available packages in /var/opkg-lists/openwrt_packages.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/packages/Packa ges.sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/routing/Packag es.gz.

Updated list of available packages in /var/opkg-lists/openwrt_routing.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/routing/Packag es.sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/telephony/Pack ages.gz.

Updated list of available packages in /var/opkg-lists/openwrt_telephony.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/telephony/Pack ages.sig.

Signature check passed.

Collected errors:

* opkg_download: Failed to download http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm _cortex-a9/luci/Packages.gz, wget returned 4.

root@freebsd:~# nxt-opkg update

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/packages/Pack ages.gz.

Updated list of available packages in /var/opkg-lists/openwrt_core.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/packages/Pack ages.sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/kmods/4.14.48 -1-67aac8437e0a20ccc1b19104731443d9/Packages.gz.

Updated list of available packages in /var/opkg-lists/openwrt_kmods.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/kmods/4.14.48 -1-67aac8437e0a20ccc1b19104731443d9/Packages.sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/base/Packages. gz.

Updated list of available packages in /var/opkg-lists/openwrt_base.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/base/Packages. sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/luci/Packages. gz.

Updated list of available packages in /var/opkg-lists/openwrt_luci.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/luci/Packages. sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/packages/Packa ges.gz.

Updated list of available packages in /var/opkg-lists/openwrt_packages.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/packages/Packa ges.sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/routing/Packag es.gz.

Updated list of available packages in /var/opkg-lists/openwrt_routing.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/routing/Packag es.sig.

Signature check passed.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/telephony/Pack ages.gz.

Updated list of available packages in /var/opkg-lists/openwrt_telephony.

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/telephony/Pack ages.sig.

Signature check passed.

root@freebsd:~# nxt-opkg install ipset iptables-mod-nat-extra

Installing ipset (6.34-1) to root...

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/packages/arm_cortex-a9/base/ipset_6.3 4-1_arm_cortex-a9.ipk.

Installing iptables-mod-nat-extra (1.6.2-2) to root...

Downloading http://mirrors.linux.ro/lede/downloads/snapshots/targets/bcm53xx/generic/packages/ipta bles-mod-nat-extra_1.6.2-2_arm_cortex-a9.ipk.

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for ipset:

* kernel (= 4.14.61-1-de22d500e522a766cd7f05760785b535) * kernel (= 4.14.61-1-de22d5 00e522a766cd7f05760785b535) *

* opkg_install_cmd: Cannot install package ipset.

* satisfy_dependencies_for: Cannot satisfy the following dependencies for iptables-mod-nat-extra:

* kernel (= 4.14.61-1-de22d500e522a766cd7f05760785b535) *

* opkg_install_cmd: Cannot install package iptables-mod-nat-extra.

root@freebsd:~# l /lib/modules/4.4.25/

drwxr-xr-x 1 root root 4.0K Jul 28 21:35 ./

drwxr-xr-x 1 root root 4.0K Jul 28 21:35 ../

-rw-r--r-- 1 root root 4.3K Dec 16 2017 act_connmark.ko

-rw-r--r-- 1 root root 5.6K Dec 16 2017 act_mirred.ko

-rw-r--r-- 1 root root 4.1K Dec 16 2017 act_skbedit.ko

-rw-r--r-- 1 root root 7.2K Dec 16 2017 aead.ko

-rw-r--r-- 1 root root 29.9K Dec 16 2017 autofs4.ko

-rw-r--r-- 1 root root 4.3K Dec 16 2017 bcma-hcd.ko

-rw-r--r-- 1 root root 8.9K Dec 16 2017 cls_flow.ko

-rw-r--r-- 1 root root 6.6K Dec 16 2017 cls_fw.ko

-rw-r--r-- 1 root root 7.7K Dec 16 2017 cls_route.ko

-rw-r--r-- 1 root root 7.6K Dec 16 2017 cls_tcindex.ko

-rw-r--r-- 1 root root 10.1K Dec 16 2017 cls_u32.ko

-rw-r--r-- 1 root root 2.5K Dec 16 2017 crc-ccitt.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 crc32c_generic.ko

-rw-r--r-- 1 root root 5.4K Dec 16 2017 crypto_null.ko

-rw-r--r-- 1 root root 4.7K Dec 16 2017 cryptomgr.ko

-rw-r--r-- 1 root root 3.7K Dec 16 2017 ecb.ko

-rw-r--r-- 1 root root 38.1K Dec 16 2017 ehci-hcd.ko

-rw-r--r-- 1 root root 7.7K Dec 16 2017 ehci-platform.ko

-rw-r--r-- 1 root root 2.2K Dec 16 2017 em_u32.ko

-rw-r--r-- 1 root root 352.3K Dec 16 2017 ext4.ko

-rw-r--r-- 1 root root 57.6K Dec 16 2017 fat.ko

-rw-r--r-- 1 root root 9.6K Dec 16 2017 gpio-button-hotplug.ko

-rw-r--r-- 1 root root 3.6K Dec 16 2017 gre.ko

-rw-r--r-- 1 root root 50.9K Dec 16 2017 hfs.ko

-rw-r--r-- 1 root root 95.1K Dec 16 2017 hfsplus.ko

-rw-r--r-- 1 root root 6.5K Dec 16 2017 ifb.ko

-rw-r--r-- 1 root root 14.6K Dec 16 2017 ip6_tables.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 ip6t_REJECT.ko

-rw-r--r-- 1 root root 3.4K Dec 16 2017 ip6table_filter.ko

-rw-r--r-- 1 root root 3.6K Dec 16 2017 ip6table_mangle.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 ip6table_raw.ko

-rw-r--r-- 1 root root 14.7K Dec 16 2017 ip_gre.ko

-rw-r--r-- 1 root root 14.9K Dec 16 2017 ip_tables.ko

-rw-r--r-- 1 root root 15.9K Dec 16 2017 ip_tunnel.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 ipt_ECN.ko

-rw-r--r-- 1 root root 2.8K Dec 16 2017 ipt_MASQUERADE.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 ipt_REJECT.ko

-rw-r--r-- 1 root root 3.4K Dec 16 2017 iptable_filter.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 iptable_mangle.ko

-rw-r--r-- 1 root root 3.7K Dec 16 2017 iptable_nat.ko

-rw-r--r-- 1 root root 3.2K Dec 16 2017 iptable_raw.ko

-rw-r--r-- 1 root root 69.3K Dec 16 2017 jbd2.ko

-rw-r--r-- 1 root root 5.6K Dec 16 2017 leds-gpio.ko

-rw-r--r-- 1 root root 10.9K Dec 16 2017 mbcache.ko

-rw-r--r-- 1 root root 79.2K Dec 16 2017 nf_conntrack.ko

-rw-r--r-- 1 root root 5.0K Dec 16 2017 nf_conntrack_amanda.ko

-rw-r--r-- 1 root root 2.3K Dec 16 2017 nf_conntrack_broadcast.ko

-rw-r--r-- 1 root root 8.8K Dec 16 2017 nf_conntrack_ftp.ko

-rw-r--r-- 1 root root 36.5K Dec 16 2017 nf_conntrack_h323.ko

-rw-r--r-- 1 root root 11.4K Dec 16 2017 nf_conntrack_ipv4.ko

-rw-r--r-- 1 root root 11.7K Dec 16 2017 nf_conntrack_ipv6.ko

-rw-r--r-- 1 root root 6.2K Dec 16 2017 nf_conntrack_irc.ko

-rw-r--r-- 1 root root 7.1K Dec 16 2017 nf_conntrack_pptp.ko

-rw-r--r-- 1 root root 6.2K Dec 16 2017 nf_conntrack_proto_gre.ko

-rw-r--r-- 1 root root 5.7K Dec 16 2017 nf_conntrack_rtcache.ko

-rw-r--r-- 1 root root 22.5K Dec 16 2017 nf_conntrack_sip.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 nf_conntrack_snmp.ko

-rw-r--r-- 1 root root 5.8K Dec 16 2017 nf_conntrack_tftp.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 nf_defrag_ipv4.ko

-rw-r--r-- 1 root root 9.4K Dec 16 2017 nf_defrag_ipv6.ko

-rw-r--r-- 1 root root 4.9K Dec 16 2017 nf_log_common.ko

-rw-r--r-- 1 root root 6.3K Dec 16 2017 nf_log_ipv4.ko

-rw-r--r-- 1 root root 6.4K Dec 16 2017 nf_log_ipv6.ko

-rw-r--r-- 1 root root 16.4K Dec 16 2017 nf_nat.ko

-rw-r--r-- 1 root root 2.8K Dec 16 2017 nf_nat_amanda.ko

-rw-r--r-- 1 root root 3.6K Dec 16 2017 nf_nat_ftp.ko

-rw-r--r-- 1 root root 8.3K Dec 16 2017 nf_nat_h323.ko

-rw-r--r-- 1 root root 7.3K Dec 16 2017 nf_nat_ipv4.ko

-rw-r--r-- 1 root root 3.4K Dec 16 2017 nf_nat_irc.ko

-rw-r--r-- 1 root root 3.9K Dec 16 2017 nf_nat_masquerade_ipv4.ko

-rw-r--r-- 1 root root 4.0K Dec 16 2017 nf_nat_pptp.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 nf_nat_proto_gre.ko

-rw-r--r-- 1 root root 2.5K Dec 16 2017 nf_nat_redirect.ko

-rw-r--r-- 1 root root 9.9K Dec 16 2017 nf_nat_sip.ko

-rw-r--r-- 1 root root 10.0K Dec 16 2017 nf_nat_snmp_basic.ko

-rw-r--r-- 1 root root 2.4K Dec 16 2017 nf_nat_tftp.ko

-rw-r--r-- 1 root root 4.0K Dec 16 2017 nf_reject_ipv4.ko

-rw-r--r-- 1 root root 4.6K Dec 16 2017 nf_reject_ipv6.ko

-rw-r--r-- 1 root root 7.5K Dec 16 2017 nls_base.ko

-rw-r--r-- 1 root root 6.3K Dec 16 2017 nls_cp437.ko

-rw-r--r-- 1 root root 78.0K Dec 16 2017 nls_cp932.ko

-rw-r--r-- 1 root root 4.8K Dec 16 2017 nls_iso8859-1.ko

-rw-r--r-- 1 root root 5.3K Dec 16 2017 nls_iso8859-15.ko

-rw-r--r-- 1 root root 2.5K Dec 16 2017 nls_utf8.ko

-rw-r--r-- 1 root root 29.0K Dec 16 2017 ohci-hcd.ko

-rw-r--r-- 1 root root 7.0K Dec 16 2017 ohci-platform.ko

-rw-r--r-- 1 root root 33.3K Dec 16 2017 option.ko

-rw-r--r-- 1 root root 4.2K Dec 16 2017 phy-bcm-ns-usb2.ko

-rw-r--r-- 1 root root 5.2K Dec 16 2017 phy-bcm-ns-usb3.ko

-rw-r--r-- 1 root root 10.7K Dec 16 2017 ppp_async.ko

-rw-r--r-- 1 root root 28.7K Dec 16 2017 ppp_generic.ko

-rw-r--r-- 1 root root 7.8K Dec 16 2017 ppp_mppe.ko

-rw-r--r-- 1 root root 13.5K Dec 16 2017 pppoe.ko

-rw-r--r-- 1 root root 3.7K Dec 16 2017 pppox.ko

-rw-r--r-- 1 root root 10.1K Dec 16 2017 pptp.ko

-rw-r--r-- 1 root root 2.3K Dec 16 2017 region-check.ko

-rw-r--r-- 1 root root 16.1K Dec 16 2017 sch_hfsc.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 sch_ingress.ko

-rw-r--r-- 1 root root 124.2K Dec 16 2017 scsi_mod.ko

-rw-r--r-- 1 root root 31.6K Dec 16 2017 sd_mod.ko

-rw-r--r-- 1 root root 6.1K Dec 16 2017 slhc.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 ts_bm.ko

-rw-r--r-- 1 root root 4.4K Dec 16 2017 ts_fsm.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 ts_kmp.ko

-rw-r--r-- 1 root root 22.5K Dec 16 2017 tun.ko

-rw-r--r-- 1 root root 10.7K Dec 16 2017 ums-alauda.ko

-rw-r--r-- 1 root root 4.8K Dec 16 2017 ums-cypress.ko

-rw-r--r-- 1 root root 7.2K Dec 16 2017 ums-datafab.ko

-rw-r--r-- 1 root root 4.4K Dec 16 2017 ums-freecom.ko

-rw-r--r-- 1 root root 7.4K Dec 16 2017 ums-isd200.ko

-rw-r--r-- 1 root root 6.1K Dec 16 2017 ums-jumpshot.ko

-rw-r--r-- 1 root root 4.1K Dec 16 2017 ums-karma.ko

-rw-r--r-- 1 root root 11.6K Dec 16 2017 ums-sddr09.ko

-rw-r--r-- 1 root root 7.8K Dec 16 2017 ums-sddr55.ko

-rw-r--r-- 1 root root 9.8K Dec 16 2017 ums-usbat.ko

-rw-r--r-- 1 root root 4.5K Dec 16 2017 usb-common.ko

-rw-r--r-- 1 root root 51.0K Dec 16 2017 usb-storage.ko

-rw-r--r-- 1 root root 8.0K Dec 16 2017 usb_wwan.ko

-rw-r--r-- 1 root root 149.8K Dec 16 2017 usbcore.ko

-rw-r--r-- 1 root root 28.7K Dec 16 2017 usbserial.ko

-rw-r--r-- 1 root root 11.9K Dec 16 2017 vfat.ko

-rw-r--r-- 1 root root 4.0M Dec 16 2017 wl.ko

-rw-r--r-- 1 root root 18.1K Dec 16 2017 x_tables.ko

-rw-r--r-- 1 root root 92.2K Dec 16 2017 xhci-hcd.ko

-rw-r--r-- 1 root root 5.2K Dec 16 2017 xhci-pci.ko

-rw-r--r-- 1 root root 7.1K Dec 16 2017 xhci-plat-hcd.ko

-rw-r--r-- 1 root root 2.3K Dec 16 2017 xt_CLASSIFY.ko

-rw-r--r-- 1 root root 5.8K Dec 16 2017 xt_CT.ko

-rw-r--r-- 1 root root 3.4K Dec 16 2017 xt_DSCP.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 xt_HL.ko

-rw-r--r-- 1 root root 2.8K Dec 16 2017 xt_LOG.ko

-rw-r--r-- 1 root root 2.8K Dec 16 2017 xt_REDIRECT.ko

-rw-r--r-- 1 root root 5.0K Dec 16 2017 xt_TCPMSS.ko

-rw-r--r-- 1 root root 2.2K Dec 16 2017 xt_comment.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 xt_connbytes.ko

-rw-r--r-- 1 root root 7.6K Dec 16 2017 xt_connlimit.ko

-rw-r--r-- 1 root root 3.5K Dec 16 2017 xt_connmark.ko

-rw-r--r-- 1 root root 4.4K Dec 16 2017 xt_conntrack.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 xt_dscp.ko

-rw-r--r-- 1 root root 3.2K Dec 16 2017 xt_ecn.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 xt_helper.ko

-rw-r--r-- 1 root root 2.7K Dec 16 2017 xt_hl.ko

-rw-r--r-- 1 root root 2.2K Dec 16 2017 xt_id.ko

-rw-r--r-- 1 root root 2.5K Dec 16 2017 xt_length.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 xt_limit.ko

-rw-r--r-- 1 root root 2.3K Dec 16 2017 xt_mac.ko

-rw-r--r-- 1 root root 2.6K Dec 16 2017 xt_mark.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 xt_multiport.ko

-rw-r--r-- 1 root root 3.5K Dec 16 2017 xt_nat.ko

-rw-r--r-- 1 root root 11.0K Dec 16 2017 xt_recent.ko

-rw-r--r-- 1 root root 2.7K Dec 16 2017 xt_state.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 xt_statistic.ko

-rw-r--r-- 1 root root 2.6K Dec 16 2017 xt_string.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 xt_tcpmss.ko

-rw-r--r-- 1 root root 3.7K Dec 16 2017 xt_tcpudp.ko

-rw-r--r-- 1 root root 3.9K Dec 16 2017 xt_time.ko

root@freebsd:/etc# mv opkg opkg-1

root@freebsd:/etc# mv opkg.conf opkg.conf-1

root@freebsd:/etc# mv opkg-old opkg

root@freebsd:/etc# mv opkg.conf-old opkg.conf

root@freebsd:/etc# nxt-opkg update

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/Packages.gz.

Updated list of available packages in /var/opkg-lists/beta_core.

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/Packages.sig.

Signature check passed.

root@freebsd:/etc# nxt-opkg install ipset iptables-mod-nat-extra

Installing ipset (6.29-1) to root...

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/ipset_6.29-1_arm_cortex-a9.ipk.

Installing kmod-ipt-ipset (4.4.25-1) to root...

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/kmod-ipt-ipset_4.4.25-1_arm_cortex-a9.ipk.

Installing kmod-nfnetlink (4.4.25-1) to root...

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/kmod-nfnetlink_4.4.25-1_arm_cortex-a9.ipk.

Installing libmnl (1.0.4-1) to root...

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/libmnl_1.0.4-1_arm_cortex-a9.ipk.

Installing iptables-mod-nat-extra (1.4.21-2) to root...

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/iptables-mod-nat-extra_1.4.21-2_arm_cortex-a9.ipk.

Installing kmod-ipt-nat-extra (4.4.25-1) to root...

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/kmod-ipt-nat-extra_4.4.25-1_arm_cortex-a9.ipk.

Configuring kmod-nfnetlink.

Configuring kmod-ipt-nat-extra.

Configuring libmnl.

Configuring iptables-mod-nat-extra.

Configuring kmod-ipt-ipset.

Configuring ipset.

root@freebsd:/etc# ll

root@freebsd:/etc# l /lib/modules/4.4.25/

drwxr-xr-x 1 root root 4.0K Aug 9 18:01 ./

drwxr-xr-x 1 root root 4.0K Dec 16 2017 ../

-rw-r--r-- 1 root root 4.3K Dec 16 2017 act_connmark.ko

-rw-r--r-- 1 root root 5.6K Dec 16 2017 act_mirred.ko

-rw-r--r-- 1 root root 4.1K Dec 16 2017 act_skbedit.ko

-rw-r--r-- 1 root root 7.2K Dec 16 2017 aead.ko

-rw-r--r-- 1 root root 29.9K Dec 16 2017 autofs4.ko

-rw-r--r-- 1 root root 4.3K Dec 16 2017 bcma-hcd.ko

-rw-r--r-- 1 root root 8.9K Dec 16 2017 cls_flow.ko

-rw-r--r-- 1 root root 6.6K Dec 16 2017 cls_fw.ko

-rw-r--r-- 1 root root 7.7K Dec 16 2017 cls_route.ko

-rw-r--r-- 1 root root 7.6K Dec 16 2017 cls_tcindex.ko

-rw-r--r-- 1 root root 10.1K Dec 16 2017 cls_u32.ko

-rw-r--r-- 1 root root 2.5K Dec 16 2017 crc-ccitt.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 crc32c_generic.ko

-rw-r--r-- 1 root root 5.4K Dec 16 2017 crypto_null.ko

-rw-r--r-- 1 root root 4.7K Dec 16 2017 cryptomgr.ko

-rw-r--r-- 1 root root 3.7K Dec 16 2017 ecb.ko

-rw-r--r-- 1 root root 38.1K Dec 16 2017 ehci-hcd.ko

-rw-r--r-- 1 root root 7.7K Dec 16 2017 ehci-platform.ko

-rw-r--r-- 1 root root 2.2K Dec 16 2017 em_u32.ko

-rw-r--r-- 1 root root 352.3K Dec 16 2017 ext4.ko

-rw-r--r-- 1 root root 57.6K Dec 16 2017 fat.ko

-rw-r--r-- 1 root root 9.6K Dec 16 2017 gpio-button-hotplug.ko

-rw-r--r-- 1 root root 3.6K Dec 16 2017 gre.ko

-rw-r--r-- 1 root root 50.9K Dec 16 2017 hfs.ko

-rw-r--r-- 1 root root 95.1K Dec 16 2017 hfsplus.ko

-rw-r--r-- 1 root root 6.5K Dec 16 2017 ifb.ko

-rw-r--r-- 1 root root 14.6K Dec 16 2017 ip6_tables.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 ip6t_REJECT.ko

-rw-r--r-- 1 root root 3.4K Dec 16 2017 ip6table_filter.ko

-rw-r--r-- 1 root root 3.6K Dec 16 2017 ip6table_mangle.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 ip6table_raw.ko

-rw-r--r-- 1 root root 14.7K Dec 16 2017 ip_gre.ko

-rw-r--r-- 1 root root 28.6K Dec 16 2017 ip_set.ko

-rw-r--r-- 1 root root 9.1K Dec 16 2017 ip_set_bitmap_ip.ko

-rw-r--r-- 1 root root 9.0K Dec 16 2017 ip_set_bitmap_ipmac.ko

-rw-r--r-- 1 root root 8.2K Dec 16 2017 ip_set_bitmap_port.ko

-rw-r--r-- 1 root root 20.6K Dec 16 2017 ip_set_hash_ip.ko

-rw-r--r-- 1 root root 20.8K Dec 16 2017 ip_set_hash_ipmark.ko

-rw-r--r-- 1 root root 21.5K Dec 16 2017 ip_set_hash_ipport.ko

-rw-r--r-- 1 root root 22.4K Dec 16 2017 ip_set_hash_ipportip.ko

-rw-r--r-- 1 root root 27.0K Dec 16 2017 ip_set_hash_ipportnet.ko

-rw-r--r-- 1 root root 12.4K Dec 16 2017 ip_set_hash_mac.ko

-rw-r--r-- 1 root root 24.5K Dec 16 2017 ip_set_hash_net.ko

-rw-r--r-- 1 root root 26.0K Dec 16 2017 ip_set_hash_netiface.ko

-rw-r--r-- 1 root root 27.1K Dec 16 2017 ip_set_hash_netnet.ko

-rw-r--r-- 1 root root 25.6K Dec 16 2017 ip_set_hash_netport.ko

-rw-r--r-- 1 root root 28.1K Dec 16 2017 ip_set_hash_netportnet.ko

-rw-r--r-- 1 root root 9.4K Dec 16 2017 ip_set_list_set.ko

-rw-r--r-- 1 root root 14.9K Dec 16 2017 ip_tables.ko

-rw-r--r-- 1 root root 15.9K Dec 16 2017 ip_tunnel.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 ipt_ECN.ko

-rw-r--r-- 1 root root 2.8K Dec 16 2017 ipt_MASQUERADE.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 ipt_REJECT.ko

-rw-r--r-- 1 root root 3.4K Dec 16 2017 iptable_filter.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 iptable_mangle.ko

-rw-r--r-- 1 root root 3.7K Dec 16 2017 iptable_nat.ko

-rw-r--r-- 1 root root 3.2K Dec 16 2017 iptable_raw.ko

-rw-r--r-- 1 root root 69.3K Dec 16 2017 jbd2.ko

-rw-r--r-- 1 root root 5.6K Dec 16 2017 leds-gpio.ko

-rw-r--r-- 1 root root 10.9K Dec 16 2017 mbcache.ko

-rw-r--r-- 1 root root 79.2K Dec 16 2017 nf_conntrack.ko

-rw-r--r-- 1 root root 5.0K Dec 16 2017 nf_conntrack_amanda.ko

-rw-r--r-- 1 root root 2.3K Dec 16 2017 nf_conntrack_broadcast.ko

-rw-r--r-- 1 root root 8.8K Dec 16 2017 nf_conntrack_ftp.ko

-rw-r--r-- 1 root root 36.5K Dec 16 2017 nf_conntrack_h323.ko

-rw-r--r-- 1 root root 11.4K Dec 16 2017 nf_conntrack_ipv4.ko

-rw-r--r-- 1 root root 11.7K Dec 16 2017 nf_conntrack_ipv6.ko

-rw-r--r-- 1 root root 6.2K Dec 16 2017 nf_conntrack_irc.ko

-rw-r--r-- 1 root root 7.1K Dec 16 2017 nf_conntrack_pptp.ko

-rw-r--r-- 1 root root 6.2K Dec 16 2017 nf_conntrack_proto_gre.ko

-rw-r--r-- 1 root root 5.7K Dec 16 2017 nf_conntrack_rtcache.ko

-rw-r--r-- 1 root root 22.5K Dec 16 2017 nf_conntrack_sip.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 nf_conntrack_snmp.ko

-rw-r--r-- 1 root root 5.8K Dec 16 2017 nf_conntrack_tftp.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 nf_defrag_ipv4.ko

-rw-r--r-- 1 root root 9.4K Dec 16 2017 nf_defrag_ipv6.ko

-rw-r--r-- 1 root root 4.9K Dec 16 2017 nf_log_common.ko

-rw-r--r-- 1 root root 6.3K Dec 16 2017 nf_log_ipv4.ko

-rw-r--r-- 1 root root 6.4K Dec 16 2017 nf_log_ipv6.ko

-rw-r--r-- 1 root root 16.4K Dec 16 2017 nf_nat.ko

-rw-r--r-- 1 root root 2.8K Dec 16 2017 nf_nat_amanda.ko

-rw-r--r-- 1 root root 3.6K Dec 16 2017 nf_nat_ftp.ko

-rw-r--r-- 1 root root 8.3K Dec 16 2017 nf_nat_h323.ko

-rw-r--r-- 1 root root 7.3K Dec 16 2017 nf_nat_ipv4.ko

-rw-r--r-- 1 root root 3.4K Dec 16 2017 nf_nat_irc.ko

-rw-r--r-- 1 root root 3.9K Dec 16 2017 nf_nat_masquerade_ipv4.ko

-rw-r--r-- 1 root root 4.0K Dec 16 2017 nf_nat_pptp.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 nf_nat_proto_gre.ko

-rw-r--r-- 1 root root 2.5K Dec 16 2017 nf_nat_redirect.ko

-rw-r--r-- 1 root root 9.9K Dec 16 2017 nf_nat_sip.ko

-rw-r--r-- 1 root root 10.0K Dec 16 2017 nf_nat_snmp_basic.ko

-rw-r--r-- 1 root root 2.4K Dec 16 2017 nf_nat_tftp.ko

-rw-r--r-- 1 root root 4.0K Dec 16 2017 nf_reject_ipv4.ko

-rw-r--r-- 1 root root 4.6K Dec 16 2017 nf_reject_ipv6.ko

-rw-r--r-- 1 root root 8.0K Dec 16 2017 nfnetlink.ko

-rw-r--r-- 1 root root 7.5K Dec 16 2017 nls_base.ko

-rw-r--r-- 1 root root 6.3K Dec 16 2017 nls_cp437.ko

-rw-r--r-- 1 root root 78.0K Dec 16 2017 nls_cp932.ko

-rw-r--r-- 1 root root 4.8K Dec 16 2017 nls_iso8859-1.ko

-rw-r--r-- 1 root root 5.3K Dec 16 2017 nls_iso8859-15.ko

-rw-r--r-- 1 root root 2.5K Dec 16 2017 nls_utf8.ko

-rw-r--r-- 1 root root 29.0K Dec 16 2017 ohci-hcd.ko

-rw-r--r-- 1 root root 7.0K Dec 16 2017 ohci-platform.ko

-rw-r--r-- 1 root root 33.3K Dec 16 2017 option.ko

-rw-r--r-- 1 root root 4.2K Dec 16 2017 phy-bcm-ns-usb2.ko

-rw-r--r-- 1 root root 5.2K Dec 16 2017 phy-bcm-ns-usb3.ko

-rw-r--r-- 1 root root 10.7K Dec 16 2017 ppp_async.ko

-rw-r--r-- 1 root root 28.7K Dec 16 2017 ppp_generic.ko

-rw-r--r-- 1 root root 7.8K Dec 16 2017 ppp_mppe.ko

-rw-r--r-- 1 root root 13.5K Dec 16 2017 pppoe.ko

-rw-r--r-- 1 root root 3.7K Dec 16 2017 pppox.ko

-rw-r--r-- 1 root root 10.1K Dec 16 2017 pptp.ko

-rw-r--r-- 1 root root 2.3K Dec 16 2017 region-check.ko

-rw-r--r-- 1 root root 16.1K Dec 16 2017 sch_hfsc.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 sch_ingress.ko

-rw-r--r-- 1 root root 124.2K Dec 16 2017 scsi_mod.ko

-rw-r--r-- 1 root root 31.6K Dec 16 2017 sd_mod.ko

-rw-r--r-- 1 root root 6.1K Dec 16 2017 slhc.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 ts_bm.ko

-rw-r--r-- 1 root root 4.4K Dec 16 2017 ts_fsm.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 ts_kmp.ko

-rw-r--r-- 1 root root 22.5K Dec 16 2017 tun.ko

-rw-r--r-- 1 root root 10.7K Dec 16 2017 ums-alauda.ko

-rw-r--r-- 1 root root 4.8K Dec 16 2017 ums-cypress.ko

-rw-r--r-- 1 root root 7.2K Dec 16 2017 ums-datafab.ko

-rw-r--r-- 1 root root 4.4K Dec 16 2017 ums-freecom.ko

-rw-r--r-- 1 root root 7.4K Dec 16 2017 ums-isd200.ko

-rw-r--r-- 1 root root 6.1K Dec 16 2017 ums-jumpshot.ko

-rw-r--r-- 1 root root 4.1K Dec 16 2017 ums-karma.ko

-rw-r--r-- 1 root root 11.6K Dec 16 2017 ums-sddr09.ko

-rw-r--r-- 1 root root 7.8K Dec 16 2017 ums-sddr55.ko

-rw-r--r-- 1 root root 9.8K Dec 16 2017 ums-usbat.ko

-rw-r--r-- 1 root root 4.5K Dec 16 2017 usb-common.ko

-rw-r--r-- 1 root root 51.0K Dec 16 2017 usb-storage.ko

-rw-r--r-- 1 root root 8.0K Dec 16 2017 usb_wwan.ko

-rw-r--r-- 1 root root 149.8K Dec 16 2017 usbcore.ko

-rw-r--r-- 1 root root 28.7K Dec 16 2017 usbserial.ko

-rw-r--r-- 1 root root 11.9K Dec 16 2017 vfat.ko

-rw-r--r-- 1 root root 4.0M Dec 16 2017 wl.ko

-rw-r--r-- 1 root root 18.1K Dec 16 2017 x_tables.ko

-rw-r--r-- 1 root root 92.2K Dec 16 2017 xhci-hcd.ko

-rw-r--r-- 1 root root 5.2K Dec 16 2017 xhci-pci.ko

-rw-r--r-- 1 root root 7.1K Dec 16 2017 xhci-plat-hcd.ko

-rw-r--r-- 1 root root 2.3K Dec 16 2017 xt_CLASSIFY.ko

-rw-r--r-- 1 root root 5.8K Dec 16 2017 xt_CT.ko

-rw-r--r-- 1 root root 3.4K Dec 16 2017 xt_DSCP.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 xt_HL.ko

-rw-r--r-- 1 root root 2.8K Dec 16 2017 xt_LOG.ko

-rw-r--r-- 1 root root 3.1K Dec 16 2017 xt_NETMAP.ko

-rw-r--r-- 1 root root 2.8K Dec 16 2017 xt_REDIRECT.ko

-rw-r--r-- 1 root root 5.0K Dec 16 2017 xt_TCPMSS.ko

-rw-r--r-- 1 root root 2.2K Dec 16 2017 xt_comment.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 xt_connbytes.ko

-rw-r--r-- 1 root root 7.6K Dec 16 2017 xt_connlimit.ko

-rw-r--r-- 1 root root 3.5K Dec 16 2017 xt_connmark.ko

-rw-r--r-- 1 root root 4.4K Dec 16 2017 xt_conntrack.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 xt_dscp.ko

-rw-r--r-- 1 root root 3.2K Dec 16 2017 xt_ecn.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 xt_helper.ko

-rw-r--r-- 1 root root 2.7K Dec 16 2017 xt_hl.ko

-rw-r--r-- 1 root root 2.2K Dec 16 2017 xt_id.ko

-rw-r--r-- 1 root root 2.5K Dec 16 2017 xt_length.ko

-rw-r--r-- 1 root root 3.3K Dec 16 2017 xt_limit.ko

-rw-r--r-- 1 root root 2.3K Dec 16 2017 xt_mac.ko

-rw-r--r-- 1 root root 2.6K Dec 16 2017 xt_mark.ko

-rw-r--r-- 1 root root 3.0K Dec 16 2017 xt_multiport.ko

-rw-r--r-- 1 root root 3.5K Dec 16 2017 xt_nat.ko

-rw-r--r-- 1 root root 11.0K Dec 16 2017 xt_recent.ko

-rw-r--r-- 1 root root 9.7K Dec 16 2017 xt_set.ko

-rw-r--r-- 1 root root 2.7K Dec 16 2017 xt_state.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 xt_statistic.ko

-rw-r--r-- 1 root root 2.6K Dec 16 2017 xt_string.ko

-rw-r--r-- 1 root root 2.9K Dec 16 2017 xt_tcpmss.ko

-rw-r--r-- 1 root root 3.7K Dec 16 2017 xt_tcpudp.ko

-rw-r--r-- 1 root root 3.9K Dec 16 2017 xt_time.ko

root@freebsd:/etc# nxt-opkg install curl

Installing curl (7.50.3-1) to root...

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/curl_7.50.3-1_arm_cortex-a9.ipk.

Installing libcurl (7.50.3-1) to root...

Downloading http://feeds.buffalo.dd-wrt.com/bcm53xx/r1.5.5.US/packages//targets/bcm53xx/generic/packages/libcurl_7.50.3-1_arm_cortex-a9.ipk.

Configuring libcurl.

Configuring curl.

root@freebsd:~# cat update_iptables.sh

#!/bin/sh

chnroute_url=http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest

curl $chnroute_url | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /tmp/chnroute.txt

iptables -t nat -N rtY

iptables -t nat -A rtY -d 108.61.200.92 -j RETURN

iptables -t nat -A rtY -d 0.0.0.0/8 -j RETURN

iptables -t nat -A rtY -d 10.0.0.0/8 -j RETURN

iptables -t nat -A rtY -d 127.0.0.0/8 -j RETURN

iptables -t nat -A rtY -d 169.254.0.0/16 -j RETURN

iptables -t nat -A rtY -d 172.16.0.0/12 -j RETURN

iptables -t nat -A rtY -d 192.168.0.0/16 -j RETURN

iptables -t nat -A rtY -d 224.0.0.0/4 -j RETURN

iptables -t nat -A rtY -d 240.0.0.0/4 -j RETURN

ipset create chnroute hash:net

for i in `cat /tmp/chnroute.txt`;

sudo ipset add chnroute $i

done

iptables -t nat -A ary -m set --match-set chnroute dst -j RETURN

iptables -t nat -A ary -p tcp -j REDIRECT --to-ports 1060

iptables -t nat -A PREROUTING -p tcp -j ary

exit 0

root@freebsd:~# cat /tmp/chnroute.txt

root@freebsd:~# wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest

Downloading 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest'

Connecting to 202.12.29.205:80

Writing to 'delegated-apnic-latest'

delegated-apnic-late 0% | | 12213 0:26:08 ETA^Croot@freebsd:~#

root@freebsd:~# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere anywhere ID:66773300

input_rule all -- anywhere anywhere ID:66773300 /* user chain for input */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate RELATED,ESTABLISHED

DROP all -- anywhere anywhere ID:66773300 ctstate INVALID

syn_flood tcp -- anywhere anywhere ID:66773300 tcp flags:FIN,SYN,RST,ACK/SYN

zone_lan_input all -- anywhere anywhere ID:66773300

zone_dmz_input all -- anywhere anywhere ID:66773300

zone_wan_input all -- anywhere anywhere ID:66773300

zone_guest_lan_input all -- anywhere anywhere ID:66773300

zone_ovpn_input all -- anywhere anywhere ID:66773300

Chain FORWARD (policy DROP)

target prot opt source destination

forwarding_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate RELATED,ESTABLISHED

DROP all -- anywhere anywhere ID:66773300 ctstate INVALID

zone_lan_forward all -- anywhere anywhere ID:66773300

zone_dmz_forward all -- anywhere anywhere ID:66773300

zone_wan_forward all -- anywhere anywhere ID:66773300

zone_guest_lan_forward all -- anywhere anywhere ID:66773300

zone_ovpn_forward all -- anywhere anywhere ID:66773300

reject all -- anywhere anywhere ID:66773300

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere anywhere ID:66773300

output_rule all -- anywhere anywhere ID:66773300 /* user chain for output */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate RELATED,ESTABLISHED

DROP all -- anywhere anywhere ID:66773300 ctstate INVALID

zone_lan_output all -- anywhere anywhere ID:66773300

zone_dmz_output all -- anywhere anywhere ID:66773300

zone_wan_output all -- anywhere anywhere ID:66773300

zone_guest_lan_output all -- anywhere anywhere ID:66773300

zone_ovpn_output all -- anywhere anywhere ID:66773300

Chain MINIUPNPD (1 references)

target prot opt source destination

Chain block_forwarding (1 references)

target prot opt source destination

Chain block_input (1 references)

target prot opt source destination

Chain forwarding_dmz_rule (1 references)

target prot opt source destination

Chain forwarding_guest_lan_rule (1 references)

target prot opt source destination

Chain forwarding_lan_rule (1 references)

target prot opt source destination

Chain forwarding_ovpn_rule (1 references)

target prot opt source destination

Chain forwarding_rule (1 references)

target prot opt source destination

block_forwarding all -- anywhere anywhere

Chain forwarding_wan_rule (1 references)

target prot opt source destination

Chain input_dmz_rule (1 references)

target prot opt source destination

Chain input_guest_lan_rule (1 references)

target prot opt source destination

Chain input_lan_rule (1 references)

target prot opt source destination

Chain input_ovpn_rule (1 references)

target prot opt source destination

Chain input_rule (1 references)

target prot opt source destination

block_input all -- anywhere anywhere

Chain input_wan_rule (1 references)

target prot opt source destination

Chain output_dmz_rule (1 references)

target prot opt source destination

Chain output_guest_lan_rule (1 references)

target prot opt source destination

Chain output_lan_rule (1 references)

target prot opt source destination

Chain output_ovpn_rule (1 references)

target prot opt source destination

Chain output_rule (1 references)

target prot opt source destination

Chain output_wan_rule (1 references)

target prot opt source destination

Chain reject (13 references)

target prot opt source destination

REJECT tcp -- anywhere anywhere ID:66773300 reject-with tcp-reset

REJECT all -- anywhere anywhere ID:66773300 reject-with icmp-port-unreachable

Chain syn_flood (1 references)

target prot opt source destination

RETURN tcp -- anywhere anywhere ID:66773300 tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50

DROP all -- anywhere anywhere ID:66773300

Chain zone_dmz_dest_ACCEPT (2 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_dmz_forward (1 references)

target prot opt source destination

forwarding_dmz_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port forwards */

zone_dmz_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_dmz_input (1 references)

target prot opt source destination

input_dmz_rule all -- anywhere anywhere ID:66773300 /* user chain for input */

ACCEPT icmp -- anywhere anywhere ID:66773300 icmp echo-request /* Allow-Ping */

ACCEPT udp -- anywhere anywhere ID:66773300 /* Allow-Dhcp */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port redirections */

zone_dmz_src_DROP all -- anywhere anywhere ID:66773300

Chain zone_dmz_output (1 references)

target prot opt source destination

output_dmz_rule all -- anywhere anywhere ID:66773300 /* user chain for output */

zone_dmz_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_dmz_src_DROP (1 references)

target prot opt source destination

DROP all -- anywhere anywhere ID:66773300

Chain zone_guest_lan_dest_ACCEPT (2 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_guest_lan_forward (1 references)

target prot opt source destination

forwarding_guest_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */

zone_wan_dest_ACCEPT all -- anywhere anywhere ID:66773300 /* forwarding guest_lan -> wan */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port forwards */

zone_guest_lan_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_guest_lan_input (1 references)

target prot opt source destination

input_guest_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for input */

ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:domain /* Allow DNS Queries */

ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:bootps /* Allow DHCP Queries */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port redirections */

zone_guest_lan_src_REJECT all -- anywhere anywhere ID:66773300

Chain zone_guest_lan_output (1 references)

target prot opt source destination

output_guest_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for output */

zone_guest_lan_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_guest_lan_src_REJECT (1 references)

target prot opt source destination

reject all -- anywhere anywhere ID:66773300

Chain zone_lan_dest_ACCEPT (5 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_lan_dest_DROP (1 references)

target prot opt source destination

DROP all -- anywhere anywhere ID:66773300

Chain zone_lan_forward (1 references)

target prot opt source destination

forwarding_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */

zone_wan_dest_ACCEPT ah -- anywhere anywhere ID:66773300 /* ubus:embeddd[instance1] rule 8 */

zone_wan_dest_ACCEPT esp -- anywhere anywhere ID:66773300 /* ubus:embeddd[instance1] rule 9 */

zone_wan_dest_ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:isakmp /* ubus:embeddd[instance1] rule 10 */

zone_wan_dest_ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:4500 /* ubus:embeddd[instance1] rule 11 */

zone_wan_dest_ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:l2f /* ubus:embeddd[instance1] rule 12 */

zone_wan_dest_ACCEPT tcp -- anywhere anywhere ID:66773300 tcp dpt:1723 /* ubus:embeddd[instance1] rule 13 */

zone_wan_dest_ACCEPT all -- anywhere anywhere ID:66773300 /* forwarding lan -> wan */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port forwards */

zone_lan_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_lan_input (1 references)

target prot opt source destination

input_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for input */

reject tcp -- anywhere anywhere ID:66773300 tcp dpt:snmp /* ubus:embeddd[instance1] rule 7 */

reject udp -- anywhere anywhere ID:66773300 udp dpt:snmp /* ubus:embeddd[instance1] rule 7 */

ACCEPT igmp -- anywhere anywhere ID:66773300 /* ubus:igmpproxy[instance1] rule 3 */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port redirections */

zone_lan_src_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_lan_output (1 references)

target prot opt source destination

output_lan_rule all -- anywhere anywhere ID:66773300 /* user chain for output */

zone_lan_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_lan_src_ACCEPT (1 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_ovpn_dest_ACCEPT (2 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_ovpn_forward (2 references)

target prot opt source destination

forwarding_ovpn_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port forwards */

zone_ovpn_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_ovpn_input (2 references)

target prot opt source destination

input_ovpn_rule all -- anywhere anywhere ID:66773300 /* user chain for input */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port redirections */

zone_ovpn_src_DROP all -- anywhere anywhere ID:66773300

Chain zone_ovpn_output (2 references)

target prot opt source destination

output_ovpn_rule all -- anywhere anywhere ID:66773300 /* user chain for output */

zone_ovpn_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_ovpn_src_DROP (1 references)

target prot opt source destination

DROP all -- anywhere anywhere ID:66773300

Chain zone_wan_dest_ACCEPT (9 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_wan_dest_REJECT (1 references)

target prot opt source destination

reject all -- anywhere anywhere ID:66773300

Chain zone_wan_forward (1 references)

target prot opt source destination

MINIUPNPD all -- anywhere anywhere

forwarding_wan_rule all -- anywhere anywhere ID:66773300 /* user chain for forwarding */

zone_lan_dest_DROP udp -- anywhere base-address.mcast.net/4 ID:66773300 udp dpt:1900 /* ubus:igmpproxy[instance1] rule 1 */

zone_lan_dest_ACCEPT udp -- anywhere base-address.mcast.net/4 ID:66773300 /* ubus:igmpproxy[instance1] rule 2 */

zone_lan_dest_ACCEPT esp -- anywhere anywhere ID:66773300 /* @rule[26] */

zone_lan_dest_ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:isakmp /* @rule[27] */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port forwards */

zone_wan_dest_REJECT all -- anywhere anywhere ID:66773300

Chain zone_wan_input (1 references)

target prot opt source destination

input_wan_rule all -- anywhere anywhere ID:66773300 /* user chain for input */

reject tcp -- anywhere anywhere ID:66773300 tcp dpt:ssh state NEW recent: UPDATE seconds: 60 reap hit_count: 5 name: DEFAULT side: source mask: 255.255.255.255 /* ubus:embeddd[instance1] rule 0 */

reject tcp -- anywhere anywhere ID:66773300 tcp dpt:ssh state NEW ! recent: SET name: DEFAULT side: source mask: 255.255.255.255 /* ubus:embeddd[instance1] rule 1 */

ACCEPT icmp -- anywhere anywhere ID:66773300 /* ubus:embeddd[instance1] rule 2 */

reject tcp -- anywhere anywhere ID:66773300 tcp dpt:ssh /* ubus:embeddd[instance1] rule 3 */

reject tcp -- anywhere anywhere ID:66773300 tcp dpt:auth /* ubus:embeddd[instance1] rule 4 */

reject tcp -- anywhere anywhere ID:66773300 tcp dpt:snmp /* ubus:embeddd[instance1] rule 5 */

reject udp -- anywhere anywhere ID:66773300 udp dpt:snmp /* ubus:embeddd[instance1] rule 5 */

reject tcp -- anywhere anywhere ID:66773300 tcp dpt:https /* ubus:embeddd[instance1] rule 6 */

ACCEPT igmp -- anywhere anywhere ID:66773300 /* ubus:igmpproxy[instance1] rule 0 */

ACCEPT udp -- anywhere anywhere ID:66773300 udp dpt:bootpc /* Allow-DHCP-Renew */

ACCEPT igmp -- anywhere anywhere ID:66773300 /* Allow-IGMP */

ACCEPT all -- anywhere anywhere ID:66773300 ctstate DNAT /* Accept port redirections */

zone_wan_src_REJECT all -- anywhere anywhere ID:66773300

Chain zone_wan_output (1 references)

target prot opt source destination

output_wan_rule all -- anywhere anywhere ID:66773300 /* user chain for output */

zone_wan_dest_ACCEPT all -- anywhere anywhere ID:66773300

Chain zone_wan_src_REJECT (1 references)

target prot opt source destination

reject all -- anywhere anywhere ID:66773300

root@freebsd:/etc/init.d# ./firewall

Syntax: ./firewall [command]

Available commands:

start Start the service

stop Stop the service

restart Restart the service

reload Reload configuration files (or restart if that fails)

enable Enable service autostart

disable Disable service autostart

root@freebsd:/etc/init.d# ./firewall stop

Warning: Section @zone[0] (lan) cannot resolve device of network 'lan_wifi'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan6'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan_pppoe'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan_pptp'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan_dsl'

Warning: Option 'dmz_dhcp'.port is unknown

refers to not existing zone 'wan_pptp'

refers to not existing zone 'wan_dsl'

refers to not existing zone 'wan_wifi'

Warning: Section @forwarding[1] refers to not existing zone 'lan_dmz'

refers to not existing zone 'wan_pptp'

refers to not existing zone 'wan_dsl'

refers to not existing zone 'wan_wifi'

* Flushing IPv4 filter table

* Flushing IPv4 nat table

* Flushing IPv4 mangle table

* Flushing IPv4 raw table

* Flushing IPv6 filter table

* Flushing IPv6 mangle table

* Flushing IPv6 raw table

* Flushing conntrack table ...

root@freebsd:/etc/init.d# ./firewall start

Warning: Section @zone[0] (lan) cannot resolve device of network 'lan_wifi'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan6'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan_pppoe'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan_pptp'

Warning: Section @zone[2] (wan) cannot resolve device of network 'wan_dsl'

Warning: Option 'dmz_dhcp'.port is unknown

refers to not existing zone 'wan_pptp'

refers to not existing zone 'wan_dsl'

refers to not existing zone 'wan_wifi'

Warning: Section @forwarding[1] refers to not existing zone 'lan_dmz'

* Populating IPv4 filter table

* Zone 'lan'

* Zone 'dmz'

* Zone 'wan'

* Zone 'guest_lan'

* Zone 'ovpn'

* Rule 'ubus:embeddd[instance1] rule 0'

* Rule 'ubus:embeddd[instance1] rule 1'

* Rule 'ubus:embeddd[instance1] rule 2'

* Rule 'ubus:embeddd[instance1] rule 3'

* Rule 'ubus:embeddd[instance1] rule 4'

* Rule 'ubus:embeddd[instance1] rule 5'

* Rule 'ubus:embeddd[instance1] rule 6'

* Rule 'ubus:embeddd[instance1] rule 7'

* Rule 'ubus:embeddd[instance1] rule 8'

* Rule 'ubus:embeddd[instance1] rule 9'

* Rule 'ubus:embeddd[instance1] rule 10'

* Rule 'ubus:embeddd[instance1] rule 11'

* Rule 'ubus:embeddd[instance1] rule 12'

* Rule 'ubus:embeddd[instance1] rule 13'

* Rule 'ubus:igmpproxy[instance1] rule 0'

* Rule 'ubus:igmpproxy[instance1] rule 1'

* Rule 'ubus:igmpproxy[instance1] rule 2'

* Rule 'ubus:igmpproxy[instance1] rule 3'

* Rule 'Allow-DHCP-Renew'

* Rule 'Allow-IGMP'

* Rule 'Allow-Ping'

* Rule 'Allow-Dhcp'

* Rule #26

* Rule #27

* Rule 'Allow DNS Queries'

* Rule 'Allow DHCP Queries'

* Forward 'lan' -> 'wan'

* Forward 'guest_lan' -> 'wan'

* Populating IPv4 nat table

* Zone 'lan'

* Zone 'dmz'

* Zone 'wan'

* Zone 'guest_lan'

* Zone 'ovpn'

* Populating IPv4 mangle table

* Zone 'lan'

* Zone 'dmz'

* Zone 'wan'

* Zone 'guest_lan'

* Zone 'ovpn'

* Populating IPv4 raw table

* Zone 'lan'

* Zone 'dmz'

* Zone 'wan'

* Zone 'guest_lan'

* Zone 'ovpn'

* Populating IPv6 filter table

* Zone 'lan'

* Zone 'dmz'

* Zone 'wan'

* Zone 'guest_lan'

* Zone 'ovpn'

* Rule 'ubus:embeddd[instance1] rule 0'

Warning: fw3_ipt_rule_append(): Can't find match 'recent'

* Rule 'ubus:embeddd[instance1] rule 1'

Warning: fw3_ipt_rule_append(): Can't find match 'recent'

* Rule 'ubus:embeddd[instance1] rule 2'

* Rule 'ubus:embeddd[instance1] rule 3'

* Rule 'ubus:embeddd[instance1] rule 4'

* Rule 'ubus:embeddd[instance1] rule 5'

* Rule 'ubus:embeddd[instance1] rule 6'

* Rule 'ubus:embeddd[instance1] rule 7'

* Rule 'ubus:embeddd[instance1] rule 8'

* Rule 'ubus:embeddd[instance1] rule 9'

* Rule 'ubus:embeddd[instance1] rule 10'

* Rule 'ubus:embeddd[instance1] rule 11'

* Rule 'ubus:embeddd[instance1] rule 12'

* Rule 'ubus:embeddd[instance1] rule 13'

* Rule 'ubus:igmpproxy[instance1] rule 0'

* Rule 'ubus:igmpproxy[instance1] rule 3'

* Rule 'Allow-DHCPv6'

* Rule 'Allow-MLD'

* Rule 'Allow-ICMPv6-Input'

* Rule 'Allow-ICMPv6-Forward'

* Rule #26

* Rule #27

* Rule 'Allow DNS Queries'

* Rule 'Allow DHCP Queries'

* Forward 'lan' -> 'wan'

* Forward 'guest_lan' -> 'wan'

* Populating IPv6 mangle table

* Zone 'lan'

* Zone 'dmz'

* Zone 'wan'

* Zone 'guest_lan'

* Zone 'ovpn'

* Populating IPv6 raw table

* Zone 'lan'

* Zone 'dmz'

* Zone 'wan'

* Zone 'guest_lan'

* Zone 'ovpn'

* Flushing conntrack table ...

* Set tcp_ecn to off

* Set tcp_syncookies to on

* Set tcp_window_scaling to on

* Running script '/etc/firewall.ddwrt'

* Running script '/usr/share/miniupnpd/firewall.include'

root@freebsd:/etc/init.d# vim /etc/firewall.ddwrt

root@freebsd:/etc/init.d# vim /usr/share/miniupnpd/firewall.include

root@freebsd:~# wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest

Downloading 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest'

Connecting to 202.12.29.205:80

Writing to 'delegated-apnic-latest'

Cannot open output file: File exists

root@freebsd:~# rm -rf delegated-apnic-latest

root@freebsd:~# wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest

Downloading 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest'

Connecting to 202.12.29.205:80

Writing to 'delegated-apnic-latest'

delegated-apnic-late 100% |*******************************| 2685k 0:00:00 ETA

Download completed (2749611 bytes)

root@freebsd:~#

root@freebsd:~# cat /home/delegated-apnic-latesta | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /tmp/chnroute.txt

cat: can't open '/home/delegated-apnic-latesta': No such file or directory

root@freebsd:~# cat /home/delegated-apnic-latesta | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /tmp/chnroute.txt

cat: can't open '/home/delegated-apnic-latesta': No such file or directory

root@freebsd:~# cat /home/delegated-apnic-latest | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /tmp/chnroute.txt

root@freebsd:~# vim update_iptables.sh

root@freebsd:~# rm -rf /tmp/chnroute.txt