root@ap6-0-bernd:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination delegate_input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere delegate_forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination delegate_output all -- anywhere anywhere Chain delegate_forward (1 references) target prot opt source destination forwarding_rule all -- anywhere anywhere /* user chain for forwarding */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_wan_forward all -- anywhere anywhere zone_freifunk_forward all -- anywhere anywhere zone_freifunk_forward all -- anywhere anywhere zone_freifunk_forward all -- anywhere anywhere zone_freifunk_forward all -- anywhere anywhere zone_freifunk_forward all -- anywhere anywhere reject all -- anywhere anywhere Chain delegate_input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere input_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN zone_wan_input all -- anywhere anywhere zone_freifunk_input all -- anywhere anywhere zone_freifunk_input all -- anywhere anywhere zone_freifunk_input all -- anywhere anywhere zone_freifunk_input all -- anywhere anywhere zone_freifunk_input all -- anywhere anywhere Chain delegate_output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere /* user chain for output */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_wan_output all -- anywhere anywhere zone_freifunk_output all -- anywhere anywhere zone_freifunk_output all -- anywhere anywhere zone_freifunk_output all -- anywhere anywhere zone_freifunk_output all -- anywhere anywhere zone_freifunk_output all -- anywhere anywhere Chain forwarding_freifunk_rule (1 references) target prot opt source destination REJECT all -- anywhere 192.168.1.0/24 reject-with icmp-host-prohibited Chain forwarding_rule (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain forwarding_wan_rule (1 references) target prot opt source destination Chain input_freifunk_rule (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination ACCEPT ipencap-- anywhere anywhere ACCEPT ipencap-- anywhere anywhere Chain input_wan_rule (1 references) target prot opt source destination Chain output_freifunk_rule (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination Chain output_wan_rule (1 references) target prot opt source destination Chain reject (7 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all -- anywhere anywhere Chain zone_freifunk_dest_ACCEPT (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_freifunk_dest_REJECT (5 references) target prot opt source destination reject all -- anywhere anywhere reject all -- anywhere anywhere reject all -- anywhere anywhere reject all -- anywhere anywhere reject all -- anywhere anywhere Chain zone_freifunk_forward (5 references) target prot opt source destination forwarding_freifunk_rule all -- anywhere anywhere /* user chain for forwarding */ zone_freifunk_dest_ACCEPT all -- anywhere anywhere /* forwarding freifunk -> freifunk */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ zone_freifunk_dest_REJECT all -- anywhere anywhere Chain zone_freifunk_input (5 references) target prot opt source destination input_freifunk_rule all -- anywhere anywhere /* user chain for input */ ACCEPT icmp -- anywhere anywhere /* @rule[5] */ ACCEPT tcp -- anywhere anywhere tcp dpt:www /* @rule[6] */ ACCEPT tcp -- anywhere anywhere tcp dpt:https /* @rule[7] */ ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* @rule[8] */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ zone_freifunk_src_ACCEPT all -- anywhere anywhere Chain zone_freifunk_output (5 references) target prot opt source destination output_freifunk_rule all -- anywhere anywhere /* user chain for output */ zone_freifunk_dest_REJECT udp -- anywhere vpn03.berlin.freifunk.net /* Reject-VPN-over-ff-1 */ zone_freifunk_dest_REJECT udp -- anywhere freifunk-vpn.freifunk.net /* Reject-VPN-over-ff-2 */ zone_freifunk_dest_REJECT udp -- anywhere vpn03.berlin.freifunk.net /* Reject-VPN-over-ff-1 */ zone_freifunk_dest_REJECT udp -- anywhere freifunk-vpn.freifunk.net /* Reject-VPN-over-ff-2 */ zone_freifunk_dest_ACCEPT all -- anywhere anywhere Chain zone_freifunk_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_wan_dest_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_wan_dest_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere Chain zone_wan_forward (1 references) target prot opt source destination forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_freifunk_dest_ACCEPT all -- anywhere anywhere /* forwarding wan -> freifunk */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port forwards */ zone_wan_dest_REJECT all -- anywhere anywhere Chain zone_wan_input (1 references) target prot opt source destination input_wan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */ ACCEPT all -- anywhere anywhere ctstate DNAT /* Accept port redirections */ zone_wan_src_ACCEPT all -- anywhere anywhere Chain zone_wan_output (1 references) target prot opt source destination output_wan_rule all -- anywhere anywhere /* user chain for output */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere root@ap6-0-bernd:~#