ip firewall filter print detail
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 chain=input action=accept protocol=tcp src-address-list=WanAccept
in-interface-list=WAN dst-port=8291 log=no log-prefix=""
3 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
4 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
5 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
6 ;;; dns
chain=input action=accept protocol=udp in-interface-list=LAN dst-port=53
log=no log-prefix=""
7 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
8 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
9 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
10 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection
connection-state=established,related log=no log-prefix=""
11 ;;; defconf: accept established,related, untracked
chain=forward action=accept
connection-state=established,related,untracked
12 ;;; Openvpn Pfsense
chain=forward action=accept protocol=udp dst-address=192.168.*.242
in-interface-list=WAN dst-port=1194 log=no log-prefix=""
13 ;;; Web interfaces modoboa mail server
chain=forward action=accept protocol=tcp dst-address=192.168.*.230
in-interface-list=WAN dst-port=80,443 log=no log-prefix=""
14 ;;; ssh to modoboa mail server
chain=forward action=accept protocol=tcp dst-address=192.168.*.230
in-interface-list=WAN dst-port=22 log=no log-prefix=""
15 ;;; modoboa mail server port for works
chain=forward action=accept protocol=tcp dst-address=192.168.*.230
in-interface-list=WAN dst-port=25,110,143,587,465 log=no log-prefix=""
16 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
17 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface-list=WAN
ip firewall nat print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN
ipsec-policy=out,none
1 ;;; Pfsense Openvpv
chain=dstnat action=dst-nat to-addresses=192.168.*.242 to-ports=1194
protocol=udp in-interface-list=WAN dst-port=1194 log=no log-prefix=""
2 ;;; Modoboa mailserver web interfaces
chain=dstnat action=dst-nat to-addresses=192.168.*.230 protocol=tcp
src-address-list=WanAccept in-interface-list=WAN dst-port=80,443 log=no
log-prefix=""
3 ;;; mail
chain=dstnat action=dst-nat to-addresses=192.168.*.230 protocol=tcp
dst-port=110,25,465,587 log=no log-prefix=""
4 X ;;; Off
chain=dstnat action=dst-nat to-addresses=192.168.*.230 protocol=tcp
dst-port=110,25 log=no log-prefix=""
5 ;;; ssh modoboa
chain=dstnat action=dst-nat to-addresses=192.168.*.230 to-ports=22
protocol=tcp src-address-list=WanAccept in-interface-list=WAN
dst-port=5***00 log=no log-prefix=""
/system telnet 193.105.37.198 25
Connecting to 193.105.37.198
Connected to 193.105.37.198
220 mail.rowen.ru ESMTP
|
Простой
Простой
Простой
