Ysurac
commented
1 month ago I would need, via SSH on the router, the result of uci show dscp, uci show dhcp, uci show firewall and nft list ruleset
Open YB1200 opened 1 month ago
Ysurac
commented
1 month ago I would need, via SSH on the router, the result of uci show dscp, uci show dhcp, uci show firewall and nft list ruleset
YB1200
commented
1 month ago uci show dscp
dscp.@classify[0]=classify
dscp.@classify[0].direction='both'
dscp.@classify[0].proto='icmp'
dscp.@classify[0].class='cs7'
dscp.@classify[0].comment='ICMP'
dscp.@classify[1]=classify
dscp.@classify[1].direction='both'
dscp.@classify[1].proto='udp'
dscp.@classify[1].class='cs4'
dscp.@classify[1].src_port='53,123,5353'
dscp.@classify[1].comment='DNS udp and NTP'
dscp.@classify[2]=classify
dscp.@classify[2].direction='both'
dscp.@classify[2].proto='tcp'
dscp.@classify[2].class='cs4'
dscp.@classify[2].src_port='53,5353'
dscp.@classify[2].comment='DNS tcp'
dscp.@classify[3]=classify
dscp.@classify[3].direction='both'
dscp.@classify[3].proto='tcp'
dscp.@classify[3].class='cs4'
dscp.@classify[3].dest_port='65500'
dscp.@classify[3].comment='OMR API'
dscp.@classify[4]=classify
dscp.@classify[4].direction='both'
dscp.@classify[4].proto='tcp'
dscp.@classify[4].class='cs7'
dscp.@classify[4].dest_port='65001,65301,65401,65011'
dscp.@classify[4].comment='OMR vpn'
dscp.@classify[5]=classify
dscp.@classify[5].direction='both'
dscp.@classify[5].proto='udp'
dscp.@classify[5].class='cs7'
dscp.@classify[5].dest_port='65001,65301'
dscp.@classify[5].comment='OMR vpn'
dscp.@classify[6]=classify
dscp.@classify[6].direction='both'
dscp.@classify[6].proto='tcp'
dscp.@classify[6].class='cs6'
dscp.@classify[6].dest_port='65101,65228'
dscp.@classify[6].comment='OMR proxy'
dscp.@domains[0]=domains
dscp.@domains[0].name='googlevideo.com'
dscp.@domains[0].class='cs4'
dscp.@domains[1]=domains
dscp.@domains[1].name='nflxvideo.net'
dscp.@domains[1].class='cs4'
dscp.@domains[2]=domains
dscp.@domains[2].name='s3.ll.dash.row.aiv-cdn.net'
dscp.@domains[2].class='cs4'
dscp.@domains[3]=domains
dscp.@domains[3].name='d25xi40x97liuc.cloudfront.net'
dscp.@domains[3].class='cs4'
dscp.@domains[4]=domains
dscp.@domains[4].name='aiv-delivery.net'
dscp.@domains[4].class='cs4'
dscp.@domains[5]=domains
dscp.@domains[5].name='fbcdn.net'
dscp.@domains[5].class='cs4'
dscp.@domains[6]=domains
dscp.@domains[6].name='ttvnw.net'
dscp.@domains[6].class='cs4'
dscp.@domains[7]=domains
dscp.@domains[7].name='vevo.com'
dscp.@domains[7].class='cs4'
dscp.@domains[8]=domains
dscp.@domains[8].name='audio-fa.scdn.com'
dscp.@domains[8].class='cs4'
dscp.@domains[9]=domains
dscp.@domains[9].name='deezer.com'
dscp.@domains[9].class='cs4'
dscp.@domains[10]=domains
dscp.@domains[10].name='sndcdn.com'
dscp.@domains[10].class='cs4'
dscp.@domains[11]=domains
dscp.@domains[11].name='last.fm'
dscp.@domains[11].class='cs4'
dscp.@domains[12]=domains
dscp.@domains[12].name='v.redd.it'
dscp.@domains[12].class='cs4'
dscp.@domains[13]=domains
dscp.@domains[13].name='ttvnw.net'
dscp.@domains[13].class='cs4'
dscp.@domains[14]=domains
dscp.@domains[14].name='googletagmanager.com'
dscp.@domains[14].class='cs2'
dscp.@domains[15]=domains
dscp.@domains[15].name='googleusercontent.com'
dscp.@domains[15].class='cs2'
dscp.@domains[16]=domains
dscp.@domains[16].name='google.com'
dscp.@domains[16].class='cs2'
dscp.@domains[17]=domains
dscp.@domains[17].name='fbcdn.net'
dscp.@domains[17].class='cs2'
dscp.@domains[18]=domains
dscp.@domains[18].name='akamaihd.net'
dscp.@domains[18].class='cs2'
dscp.@domains[19]=domains
dscp.@domains[19].name='whatsapp.net'
dscp.@domains[19].class='cs2'
dscp.@domains[20]=domains
dscp.@domains[20].name='whatsapp.com'
dscp.@domains[20].class='cs2'
dscp.@domains[21]=domains
dscp.@domains[21].name='zoom.us'
dscp.@domains[21].class='cs2'
dscp.@domains[22]=domains
dscp.@domains[22].name='googleapis.com'
dscp.@domains[22].class='cs2'
dscp.@domains[23]=domains
dscp.@domains[23].name='1e100.net'
dscp.@domains[23].class='cs2'
dscp.@domains[24]=domains
dscp.@domains[24].name='hwcdn.net'
dscp.@domains[24].class='cs2'
dscp.@domains[25]=domains
dscp.@domains[25].name='download.qq.com'
dscp.@domains[25].class='cs1'
dscp.@domains[26]=domains
dscp.@domains[26].name='steamcontent.com'
dscp.@domains[26].class='cs1'
dscp.@domains[27]=domains
dscp.@domains[27].name='gs2.ww.prod.dl.playstation.net'
dscp.@domains[27].class='cs1'
dscp.@domains[28]=domains
dscp.@domains[28].name='dropbox.com'
dscp.@domains[28].class='cs1'
dscp.@domains[29]=domains
dscp.@domains[29].name='dropboxstatic.com'
dscp.@domains[29].class='cs1'
dscp.@domains[30]=domains
dscp.@domains[30].name='dropbox-dns.com'
dscp.@domains[30].class='cs1'
dscp.@domains[31]=domains
dscp.@domains[31].name='log.getdropbox.com'
dscp.@domains[31].class='cs1'
dscp.@domains[32]=domains
dscp.@domains[32].name='drive.google.com'
dscp.@domains[32].class='cs1'
dscp.@domains[33]=domains
dscp.@domains[33].name='drive-thirdparty.googleusercontent.com'
dscp.@domains[33].class='cs1'
dscp.@domains[34]=domains
dscp.@domains[34].name='docs.google.com'
dscp.@domains[34].class='cs1'
dscp.@domains[35]=domains
dscp.@domains[35].name='docs.googleusercontent.com'
dscp.@domains[35].class='cs1'
dscp.@domains[36]=domains
dscp.@domains[36].name='gvt1.com'
dscp.@domains[36].class='cs1'
dscp.@domains[37]=domains
dscp.@domains[37].name='mmg-fna.whatsapp.net'
dscp.@domains[37].class='cs1'
dscp.@domains[38]=domains
dscp.@domains[38].name='upload.youtube.com'
dscp.@domains[38].class='cs1'
dscp.@domains[39]=domains
dscp.@domains[39].name='upload.video.google.com'
dscp.@domains[39].class='cs1'
dscp.@domains[40]=domains
dscp.@domains[40].name='windowsupdate.com'
dscp.@domains[40].class='cs1'
dscp.@domains[41]=domains
dscp.@domains[41].name='update.microsoft.com'
dscp.@domains[41].class='cs1'
dscp.@domains[42]=domains
dscp.@domains[42].name='tv.milkywan.fr'
dscp.@domains[42].class='cs5'
dscp.@domains[43]=domains
dscp.@domains[43].name='linkedin.com'
dscp.@domains[43].class='cs2'
uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='1'
dhcp.@dnsmasq[0].cachesize='1000'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.@dnsmasq[0].filter_aaaa='0'
dhcp.@dnsmasq[0].filter_a='0'
dhcp.@dnsmasq[0].server='127.0.0.1#5353' '/lan/' '/use-application-dns.net/'
dhcp.@dnsmasq[0].noresolv='1'
dhcp.@dnsmasq[0].rebind_domain='plex.direct'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv4='server'
dhcp.lan.force='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.Wifi=dhcp
dhcp.Wifi.interface='Wifi'
dhcp.Wifi.ignore='1'
dhcp.Wifi.start='100'
dhcp.Wifi.limit='150'
dhcp.Wifi.leasetime='12h'
dhcp.Wifi.dynamicdhcp='0'
dhcp.omr_dscp_cs0=ipset
dhcp.omr_dscp_cs0.name='omr_dscp_cs0_4'
dhcp.omr_dscp_cs1=ipset
dhcp.omr_dscp_cs1.name='omr_dscp_cs1_4'
dhcp.omr_dscp_cs1.domain='download.qq.com' 'steamcontent.com' 'gs2.ww.prod.dl.playstation.net' 'dropbox.com' 'dropboxstatic.com' 'dropbox-dns.com' 'log.getdropbox.com' 'drive.google.com' 'drive-thirdparty.googleusercontent.com' 'docs.google.com' 'docs.googleusercontent.com' 'gvt1.com' 'mmg-fna.whatsapp.net' 'upload.youtube.com' 'upload.video.google.com' 'windowsupdate.com' 'update.microsoft.com'
dhcp.omr_dscp_cs2=ipset
dhcp.omr_dscp_cs2.name='omr_dscp_cs2_4'
dhcp.omr_dscp_cs2.domain='googletagmanager.com' 'googleusercontent.com' 'google.com' 'fbcdn.net' 'akamaihd.net' 'whatsapp.net' 'whatsapp.com' 'zoom.us' 'googleapis.com' '1e100.net' 'hwcdn.net' 'linkedin.com'
dhcp.omr_dscp_cs3=ipset
dhcp.omr_dscp_cs3.name='omr_dscp_cs3_4'
dhcp.omr_dscp_cs4=ipset
dhcp.omr_dscp_cs4.name='omr_dscp_cs4_4'
dhcp.omr_dscp_cs4.domain='googlevideo.com' 'nflxvideo.net' 's3.ll.dash.row.aiv-cdn.net' 'd25xi40x97liuc.cloudfront.net' 'aiv-delivery.net' 'fbcdn.net' 'ttvnw.net' 'vevo.com' 'audio-fa.scdn.com' 'deezer.com' 'sndcdn.com' 'last.fm' 'v.redd.it'
dhcp.omr_dscp_cs5=ipset
dhcp.omr_dscp_cs5.name='omr_dscp_cs5_4'
dhcp.omr_dscp_cs5.domain='tv.milkywan.fr'
dhcp.omr_dscp_cs6=ipset
dhcp.omr_dscp_cs6.name='omr_dscp_cs6_4'
dhcp.omr_dscp_cs7=ipset
dhcp.omr_dscp_cs7.name='omr_dscp_cs7_4'
dhcp.omr_dscp_ef=ipset
dhcp.omr_dscp_ef.name='omr_dscp_ef_4'
uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='REJECT'
firewall.@defaults[0].output='REJECT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].fullcone='0'
firewall.@defaults[0].flow_offloading='0'
firewall.@defaults[0].flow_offloading_hw='0'
firewall.zone_lan=zone
firewall.zone_lan.name='lan'
firewall.zone_lan.input='ACCEPT'
firewall.zone_lan.output='ACCEPT'
firewall.zone_lan.forward='ACCEPT'
firewall.zone_lan.mtu_fix='1'
firewall.zone_lan.auto_helper='1'
firewall.zone_lan.network='lan' 'Wifi'
firewall.zone_wan=zone
firewall.zone_wan.name='wan'
firewall.zone_wan.input='REJECT'
firewall.zone_wan.output='ACCEPT'
firewall.zone_wan.forward='REJECT'
firewall.zone_wan.fullcone4='0'
firewall.zone_wan.masq='1'
firewall.zone_wan.mtu_fix='1'
firewall.zone_wan.auto_helper='1'
firewall.zone_wan.network='wan1' 'wan3' 'wan4' 'wan5'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Forward'
firewall.@rule[5].src='wan'
firewall.@rule[5].dest=''
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-IPSec-ESP'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='lan'
firewall.@rule[6].proto='esp'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-ISAKMP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].dest_port='500'
firewall.@rule[7].proto='udp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].target='ACCEPT'
firewall.@rule[8].name='Allow-All-LAN-to-VPN'
firewall.@rule[8].dest='vpn'
firewall.@rule[8].src='lan'
firewall.@rule[8].proto='all'
firewall.zone_vpn=zone
firewall.zone_vpn.name='vpn'
firewall.zone_vpn.masq='1'
firewall.zone_vpn.input='REJECT'
firewall.zone_vpn.forward='ACCEPT'
firewall.zone_vpn.output='ACCEPT'
firewall.zone_vpn.mtu_fix='1'
firewall.zone_vpn.auto_helper='1'
firewall.zone_vpn.network='omrvpn' 'omr6in4'
firewall.@rule[9]=rule
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].name='Allow-All-Ping'
firewall.@rule[9].proto='icmp'
firewall.@rule[9].dest=''
firewall.@rule[9].src=''
firewall.@rule[9].icmp_type='echo-request'
firewall.@rule[9].limit='1000/sec'
firewall.@rule[10]=rule
firewall.@rule[10].target='ACCEPT'
firewall.@rule[10].name='Allow-VPN-ICMP'
firewall.@rule[10].proto='icmp'
firewall.@rule[10].src='vpn'
firewall.@rule[11]=rule
firewall.@rule[11].target='ACCEPT'
firewall.@rule[11].name='Allow-Lan-to-Wan'
firewall.@rule[11].dest='wan'
firewall.@rule[11].src='lan'
firewall.@rule[11].proto='all'
firewall.@rule[12]=rule
firewall.@rule[12].target='ACCEPT'
firewall.@rule[12].name='ICMPv6-Lan-to-OMR'
firewall.@rule[12].src='lan'
firewall.@rule[12].family='ipv6'
firewall.@rule[12].proto='icmp'
firewall.@rule[12].limit='1000/sec'
firewall.@rule[12].icmp_type='echo-reply destination-unreachable echo-request router-advertisement router-solicitation time-exceeded'
firewall.omr_server=include
firewall.omr_server.path='/etc/firewall.omr-server'
firewall.omr_server.reload='1'
firewall.gre_tunnel=include
firewall.gre_tunnel.path='/etc/firewall.gre-tunnel'
firewall.gre_tunnel.reload='0'
firewall.ttl=include
firewall.ttl.path='/etc/firewall.ttl'
firewall.ttl.reload='1'
firewall.fwlantovpn=forwarding
firewall.fwlantovpn.src='lan'
firewall.fwlantovpn.dest='vpn'
firewall.blockquicproxy=rule
firewall.blockquicproxy.name='Block QUIC Proxy'
firewall.blockquicproxy.proto='udp'
firewall.blockquicproxy.dest_port='443'
firewall.blockquicproxy.target='DROP'
firewall.blockquicproxy.src='lan'
firewall.blockquicall=rule
firewall.blockquicall.name='Block QUIC All'
firewall.blockquicall.proto='udp'
firewall.blockquicall.src=''
firewall.blockquicall.dest=''
firewall.blockquicall.dest_port='443'
firewall.blockquicall.target='DROP'
firewall.allowicmpipv6=rule
firewall.allowicmpipv6.proto='icmp'
firewall.allowicmpipv6.target='ACCEPT'
firewall.allowicmpipv6.src='wan'
firewall.allowicmpipv6.name='Allow IPv6 ICMP'
firewall.allowicmpipv6.family='ipv6'
firewall.allowicmpipv6.limit='1000/sec'
firewall.allowicmpipv6.icmp_type='neighbour-advertisement neighbour-solicitation router-advertisement router-solicitation'
firewall.allowdhcpv6546=rule
firewall.allowdhcpv6546.target='ACCEPT'
firewall.allowdhcpv6546.src='wan'
firewall.allowdhcpv6546.proto='udp'
firewall.allowdhcpv6546.dest_port='547'
firewall.allowdhcpv6546.name='Allow DHCPv6 (546-to-547)'
firewall.allowdhcpv6546.family='ipv6'
firewall.allowdhcpv6546.src_port='546'
firewall.allowdhcpv6547=rule
firewall.allowdhcpv6547.target='ACCEPT'
firewall.allowdhcpv6547.src='wan'
firewall.allowdhcpv6547.proto='udp'
firewall.allowdhcpv6547.dest_port='546'
firewall.allowdhcpv6547.name='Allow DHCPv6 (547-to-546)'
firewall.allowdhcpv6547.family='ipv6'
firewall.allowdhcpv6547.src_port='547'
firewall.omr_bypass=include
firewall.omr_bypass.path='/etc/firewall.omr-bypass'
firewall.omr_bypass.reload='0'
firewall.omr_bypass.enabled='1'
firewall.omr_bypass.type='script'
firewall.omr_bypass.fw4_compatible='1'
firewall.omr_dst_bypass_br_lan_4=ipset
firewall.omr_dst_bypass_br_lan_4.name='omr_dst_bypass_br_lan_4'
firewall.omr_dst_bypass_br_lan_4.match='dest_ip'
firewall.omr_dst_bypass_br_lan_4.family='ipv4'
firewall.omr_dst_bypass_br_lan_4.enabled='1'
firewall.omr_dst_bypass_br_lan_6=ipset
firewall.omr_dst_bypass_br_lan_6.name='omr_dst_bypass_br_lan_6'
firewall.omr_dst_bypass_br_lan_6.match='dest_ip'
firewall.omr_dst_bypass_br_lan_6.family='ipv6'
firewall.omr_dst_bypass_br_lan_6.enabled='1'
firewall.omr_dst_bypass_br_lan_dstip_4=rule
firewall.omr_dst_bypass_br_lan_dstip_4.name='omr_dst_bypass_br_lan_rule'
firewall.omr_dst_bypass_br_lan_dstip_4.ipset='omr_dst_bypass_br_lan_4'
firewall.omr_dst_bypass_br_lan_dstip_4.target='MARK'
firewall.omr_dst_bypass_br_lan_dstip_4.src='lan'
firewall.omr_dst_bypass_br_lan_dstip_4.dest=''
firewall.omr_dst_bypass_br_lan_dstip_4.family='ipv4'
firewall.omr_dst_bypass_br_lan_dstip_4.enabled='0'
firewall.omr_dst_bypass_br_lan_dstip_4.set_mark='0x45399999'
firewall.omr_dst_bypass_br_lan_dstip_4_accept=rule
firewall.omr_dst_bypass_br_lan_dstip_4_accept.name='omr_dst_bypass_br_lan_rule_accept'
firewall.omr_dst_bypass_br_lan_dstip_4_accept.target='ACCEPT'
firewall.omr_dst_bypass_br_lan_dstip_4_accept.dest=''
firewall.omr_dst_bypass_br_lan_dstip_4_accept.family='ipv4'
firewall.omr_dst_bypass_br_lan_dstip_4_accept.enabled='0'
firewall.omr_dst_bypass_br_lan_dstip_4_accept.mark='0x45399999'
firewall.omr_dst_bypass_br_lan_srcip_4=rule
firewall.omr_dst_bypass_br_lan_srcip_4.name='omr_dst_bypass_br_lan_srcip'
firewall.omr_dst_bypass_br_lan_srcip_4.ipset='omr_dst_bypass_br_lan_4'
firewall.omr_dst_bypass_br_lan_srcip_4.src='lan'
firewall.omr_dst_bypass_br_lan_srcip_4.dest=''
firewall.omr_dst_bypass_br_lan_srcip_4.family='ipv4'
firewall.omr_dst_bypass_br_lan_srcip_4.target='MARK'
firewall.omr_dst_bypass_br_lan_srcip_4.enabled='0'
firewall.omr_dst_bypass_br_lan_srcip_4.set_xmark='0x45399999'
firewall.omr_dst_bypass_br_lan_mac_4=rule
firewall.omr_dst_bypass_br_lan_mac_4.name='omr_dst_bypass_br_lan_mac'
firewall.omr_dst_bypass_br_lan_mac_4.src='lan'
firewall.omr_dst_bypass_br_lan_mac_4.dest=''
firewall.omr_dst_bypass_br_lan_mac_4.target='MARK'
firewall.omr_dst_bypass_br_lan_mac_4.enabled='0'
firewall.omr_dst_bypass_br_lan_mac_4.set_xmark='0x45399999'
firewall.omr_dst_bypass_br_lan_srcport_tcp_4=rule
firewall.omr_dst_bypass_br_lan_srcport_tcp_4.name='omr_dst_bypass_br_lan_srcport'
firewall.omr_dst_bypass_br_lan_srcport_tcp_4.proto='tcp'
firewall.omr_dst_bypass_br_lan_srcport_tcp_4.src='lan'
firewall.omr_dst_bypass_br_lan_srcport_tcp_4.dest=''
firewall.omr_dst_bypass_br_lan_srcport_tcp_4.target='MARK'
firewall.omr_dst_bypass_br_lan_srcport_tcp_4.enabled='0'
firewall.omr_dst_bypass_br_lan_srcport_tcp_4.set_xmark='0x45399999'
firewall.omr_dst_bypass_br_lan_srcport_udp_4=rule
firewall.omr_dst_bypass_br_lan_srcport_udp_4.name='omr_dst_bypass_br_lan_srcport'
firewall.omr_dst_bypass_br_lan_srcport_udp_4.proto='udp'
firewall.omr_dst_bypass_br_lan_srcport_udp_4.src='lan'
firewall.omr_dst_bypass_br_lan_srcport_udp_4.dest=''
firewall.omr_dst_bypass_br_lan_srcport_udp_4.target='MARK'
firewall.omr_dst_bypass_br_lan_srcport_udp_4.enabled='0'
firewall.omr_dst_bypass_br_lan_srcport_udp_4.set_xmark='0x45399999'
firewall.omr_dst_bypass_br_lan_dstport_tcp_4=rule
firewall.omr_dst_bypass_br_lan_dstport_tcp_4.name='omr_dst_bypass_br_lan_dstport'
firewall.omr_dst_bypass_br_lan_dstport_tcp_4.src='lan'
firewall.omr_dst_bypass_br_lan_dstport_tcp_4.dest=''
firewall.omr_dst_bypass_br_lan_dstport_tcp_4.target='MARK'
firewall.omr_dst_bypass_br_lan_dstport_tcp_4.enabled='0'
firewall.omr_dst_bypass_br_lan_dstport_tcp_4.set_xmark='0x45399999'
firewall.omr_dst_bypass_br_lan_dstport_udp_4=rule
firewall.omr_dst_bypass_br_lan_dstport_udp_4.name='omr_dst_bypass_br_lan_dstport'
firewall.omr_dst_bypass_br_lan_dstport_udp_4.src='lan'
firewall.omr_dst_bypass_br_lan_dstport_udp_4.dest=''
firewall.omr_dst_bypass_br_lan_dstport_udp_4.target='MARK'
firewall.omr_dst_bypass_br_lan_dstport_udp_4.enabled='0'
firewall.omr_dst_bypass_br_lan_dstport_udp_4.set_xmark='0x45399999'
firewall.omr_dst_bypass_lan1_4=ipset
firewall.omr_dst_bypass_lan1_4.name='omr_dst_bypass_lan1_4'
firewall.omr_dst_bypass_lan1_4.match='dest_ip'
firewall.omr_dst_bypass_lan1_4.family='ipv4'
firewall.omr_dst_bypass_lan1_4.enabled='1'
firewall.omr_dst_bypass_lan1_6=ipset
firewall.omr_dst_bypass_lan1_6.name='omr_dst_bypass_lan1_6'
firewall.omr_dst_bypass_lan1_6.match='dest_ip'
firewall.omr_dst_bypass_lan1_6.family='ipv6'
firewall.omr_dst_bypass_lan1_6.enabled='1'
firewall.omr_dst_bypass_lan1_dstip_4=rule
firewall.omr_dst_bypass_lan1_dstip_4.name='omr_dst_bypass_lan1_rule'
firewall.omr_dst_bypass_lan1_dstip_4.ipset='omr_dst_bypass_lan1_4'
firewall.omr_dst_bypass_lan1_dstip_4.target='MARK'
firewall.omr_dst_bypass_lan1_dstip_4.src='lan'
firewall.omr_dst_bypass_lan1_dstip_4.dest=''
firewall.omr_dst_bypass_lan1_dstip_4.family='ipv4'
firewall.omr_dst_bypass_lan1_dstip_4.enabled='0'
firewall.omr_dst_bypass_lan1_dstip_4.set_mark='0x45399'
firewall.omr_dst_bypass_lan1_dstip_4_accept=rule
firewall.omr_dst_bypass_lan1_dstip_4_accept.name='omr_dst_bypass_lan1_rule_accept'
firewall.omr_dst_bypass_lan1_dstip_4_accept.target='ACCEPT'
firewall.omr_dst_bypass_lan1_dstip_4_accept.dest=''
firewall.omr_dst_bypass_lan1_dstip_4_accept.family='ipv4'
firewall.omr_dst_bypass_lan1_dstip_4_accept.enabled='0'
firewall.omr_dst_bypass_lan1_dstip_4_accept.mark='0x45399'
firewall.omr_dst_bypass_lan1_srcip_4=rule
firewall.omr_dst_bypass_lan1_srcip_4.name='omr_dst_bypass_lan1_srcip'
firewall.omr_dst_bypass_lan1_srcip_4.ipset='omr_dst_bypass_lan1_4'
firewall.omr_dst_bypass_lan1_srcip_4.src='lan'
firewall.omr_dst_bypass_lan1_srcip_4.dest=''
firewall.omr_dst_bypass_lan1_srcip_4.family='ipv4'
firewall.omr_dst_bypass_lan1_srcip_4.target='MARK'
firewall.omr_dst_bypass_lan1_srcip_4.enabled='0'
firewall.omr_dst_bypass_lan1_srcip_4.set_xmark='0x45399'
firewall.omr_dst_bypass_lan1_mac_4=rule
firewall.omr_dst_bypass_lan1_mac_4.name='omr_dst_bypass_lan1_mac'
firewall.omr_dst_bypass_lan1_mac_4.src='lan'
firewall.omr_dst_bypass_lan1_mac_4.dest=''
firewall.omr_dst_bypass_lan1_mac_4.target='MARK'
firewall.omr_dst_bypass_lan1_mac_4.enabled='0'
firewall.omr_dst_bypass_lan1_mac_4.set_xmark='0x45399'
firewall.omr_dst_bypass_lan1_srcport_tcp_4=rule
firewall.omr_dst_bypass_lan1_srcport_tcp_4.name='omr_dst_bypass_lan1_srcport'
firewall.omr_dst_bypass_lan1_srcport_tcp_4.proto='tcp'
firewall.omr_dst_bypass_lan1_srcport_tcp_4.src='lan'
firewall.omr_dst_bypass_lan1_srcport_tcp_4.dest=''
firewall.omr_dst_bypass_lan1_srcport_tcp_4.target='MARK'
firewall.omr_dst_bypass_lan1_srcport_tcp_4.enabled='0'
firewall.omr_dst_bypass_lan1_srcport_tcp_4.set_xmark='0x45399'
firewall.omr_dst_bypass_lan1_srcport_udp_4=rule
firewall.omr_dst_bypass_lan1_srcport_udp_4.name='omr_dst_bypass_lan1_srcport'
firewall.omr_dst_bypass_lan1_srcport_udp_4.proto='udp'
firewall.omr_dst_bypass_lan1_srcport_udp_4.src='lan'
firewall.omr_dst_bypass_lan1_srcport_udp_4.dest=''
firewall.omr_dst_bypass_lan1_srcport_udp_4.target='MARK'
firewall.omr_dst_bypass_lan1_srcport_udp_4.enabled='0'
firewall.omr_dst_bypass_lan1_srcport_udp_4.set_xmark='0x45399'
firewall.omr_dst_bypass_lan1_dstport_tcp_4=rule
firewall.omr_dst_bypass_lan1_dstport_tcp_4.name='omr_dst_bypass_lan1_dstport'
firewall.omr_dst_bypass_lan1_dstport_tcp_4.src='lan'
firewall.omr_dst_bypass_lan1_dstport_tcp_4.dest=''
firewall.omr_dst_bypass_lan1_dstport_tcp_4.target='MARK'
firewall.omr_dst_bypass_lan1_dstport_tcp_4.enabled='0'
firewall.omr_dst_bypass_lan1_dstport_tcp_4.set_xmark='0x45399'
firewall.omr_dst_bypass_lan1_dstport_udp_4=rule
firewall.omr_dst_bypass_lan1_dstport_udp_4.name='omr_dst_bypass_lan1_dstport'
firewall.omr_dst_bypass_lan1_dstport_udp_4.src='lan'
firewall.omr_dst_bypass_lan1_dstport_udp_4.dest=''
firewall.omr_dst_bypass_lan1_dstport_udp_4.target='MARK'
firewall.omr_dst_bypass_lan1_dstport_udp_4.enabled='0'
firewall.omr_dst_bypass_lan1_dstport_udp_4.set_xmark='0x45399'
firewall.omr_dst_bypass_lan3_4=ipset
firewall.omr_dst_bypass_lan3_4.name='omr_dst_bypass_lan3_4'
firewall.omr_dst_bypass_lan3_4.match='dest_ip'
firewall.omr_dst_bypass_lan3_4.family='ipv4'
firewall.omr_dst_bypass_lan3_4.enabled='1'
firewall.omr_dst_bypass_lan3_6=ipset
firewall.omr_dst_bypass_lan3_6.name='omr_dst_bypass_lan3_6'
firewall.omr_dst_bypass_lan3_6.match='dest_ip'
firewall.omr_dst_bypass_lan3_6.family='ipv6'
firewall.omr_dst_bypass_lan3_6.enabled='1'
firewall.omr_dst_bypass_lan3_dstip_4=rule
firewall.omr_dst_bypass_lan3_dstip_4.name='omr_dst_bypass_lan3_rule'
firewall.omr_dst_bypass_lan3_dstip_4.ipset='omr_dst_bypass_lan3_4'
firewall.omr_dst_bypass_lan3_dstip_4.target='MARK'
firewall.omr_dst_bypass_lan3_dstip_4.src='lan'
firewall.omr_dst_bypass_lan3_dstip_4.dest=''
firewall.omr_dst_bypass_lan3_dstip_4.family='ipv4'
firewall.omr_dst_bypass_lan3_dstip_4.enabled='0'
firewall.omr_dst_bypass_lan3_dstip_4.set_mark='0x453911'
firewall.omr_dst_bypass_lan3_dstip_4_accept=rule
firewall.omr_dst_bypass_lan3_dstip_4_accept.name='omr_dst_bypass_lan3_rule_accept'
firewall.omr_dst_bypass_lan3_dstip_4_accept.target='ACCEPT'
firewall.omr_dst_bypass_lan3_dstip_4_accept.dest=''
firewall.omr_dst_bypass_lan3_dstip_4_accept.family='ipv4'
firewall.omr_dst_bypass_lan3_dstip_4_accept.enabled='0'
firewall.omr_dst_bypass_lan3_dstip_4_accept.mark='0x453911'
firewall.omr_dst_bypass_lan3_srcip_4=rule
firewall.omr_dst_bypass_lan3_srcip_4.name='omr_dst_bypass_lan3_srcip'
firewall.omr_dst_bypass_lan3_srcip_4.ipset='omr_dst_bypass_lan3_4'
firewall.omr_dst_bypass_lan3_srcip_4.src='lan'
firewall.omr_dst_bypass_lan3_srcip_4.dest=''
firewall.omr_dst_bypass_lan3_srcip_4.family='ipv4'
firewall.omr_dst_bypass_lan3_srcip_4.target='MARK'
firewall.omr_dst_bypass_lan3_srcip_4.enabled='0'
firewall.omr_dst_bypass_lan3_srcip_4.set_xmark='0x453911'
firewall.omr_dst_bypass_lan3_mac_4=rule
firewall.omr_dst_bypass_lan3_mac_4.name='omr_dst_bypass_lan3_mac'
firewall.omr_dst_bypass_lan3_mac_4.src='lan'
firewall.omr_dst_bypass_lan3_mac_4.dest=''
firewall.omr_dst_bypass_lan3_mac_4.target='MARK'
firewall.omr_dst_bypass_lan3_mac_4.enabled='0'
firewall.omr_dst_bypass_lan3_mac_4.set_xmark='0x453911'
firewall.omr_dst_bypass_lan3_srcport_tcp_4=rule
firewall.omr_dst_bypass_lan3_srcport_tcp_4.name='omr_dst_bypass_lan3_srcport'
firewall.omr_dst_bypass_lan3_srcport_tcp_4.proto='tcp'
firewall.omr_dst_bypass_lan3_srcport_tcp_4.src='lan'
firewall.omr_dst_bypass_lan3_srcport_tcp_4.dest=''
firewall.omr_dst_bypass_lan3_srcport_tcp_4.target='MARK'
firewall.omr_dst_bypass_lan3_srcport_tcp_4.enabled='0'
firewall.omr_dst_bypass_lan3_srcport_tcp_4.set_xmark='0x453911'
firewall.omr_dst_bypass_lan3_srcport_udp_4=rule
firewall.omr_dst_bypass_lan3_srcport_udp_4.name='omr_dst_bypass_lan3_srcport'
firewall.omr_dst_bypass_lan3_srcport_udp_4.proto='udp'
firewall.omr_dst_bypass_lan3_srcport_udp_4.src='lan'
firewall.omr_dst_bypass_lan3_srcport_udp_4.dest=''
firewall.omr_dst_bypass_lan3_srcport_udp_4.target='MARK'
firewall.omr_dst_bypass_lan3_srcport_udp_4.enabled='0'
firewall.omr_dst_bypass_lan3_srcport_udp_4.set_xmark='0x453911'
firewall.omr_dst_bypass_lan3_dstport_tcp_4=rule
firewall.omr_dst_bypass_lan3_dstport_tcp_4.name='omr_dst_bypass_lan3_dstport'
firewall.omr_dst_bypass_lan3_dstport_tcp_4.src='lan'
firewall.omr_dst_bypass_lan3_dstport_tcp_4.dest=''
firewall.omr_dst_bypass_lan3_dstport_tcp_4.target='MARK'
firewall.omr_dst_bypass_lan3_dstport_tcp_4.enabled='0'
firewall.omr_dst_bypass_lan3_dstport_tcp_4.set_xmark='0x453911'
firewall.omr_dst_bypass_lan3_dstport_udp_4=rule
firewall.omr_dst_bypass_lan3_dstport_udp_4.name='omr_dst_bypass_lan3_dstport'
firewall.omr_dst_bypass_lan3_dstport_udp_4.src='lan'
firewall.omr_dst_bypass_lan3_dstport_udp_4.dest=''
firewall.omr_dst_bypass_lan3_dstport_udp_4.target='MARK'
firewall.omr_dst_bypass_lan3_dstport_udp_4.enabled='0'
firewall.omr_dst_bypass_lan3_dstport_udp_4.set_xmark='0x453911'
firewall.omr_dst_bypass_lan4_4=ipset
firewall.omr_dst_bypass_lan4_4.name='omr_dst_bypass_lan4_4'
firewall.omr_dst_bypass_lan4_4.match='dest_ip'
firewall.omr_dst_bypass_lan4_4.family='ipv4'
firewall.omr_dst_bypass_lan4_4.enabled='1'
firewall.omr_dst_bypass_lan4_6=ipset
firewall.omr_dst_bypass_lan4_6.name='omr_dst_bypass_lan4_6'
firewall.omr_dst_bypass_lan4_6.match='dest_ip'
firewall.omr_dst_bypass_lan4_6.family='ipv6'
firewall.omr_dst_bypass_lan4_6.enabled='1'
firewall.omr_dst_bypass_lan4_dstip_4=rule
firewall.omr_dst_bypass_lan4_dstip_4.name='omr_dst_bypass_lan4_rule'
firewall.omr_dst_bypass_lan4_dstip_4.ipset='omr_dst_bypass_lan4_4'
firewall.omr_dst_bypass_lan4_dstip_4.target='MARK'
firewall.omr_dst_bypass_lan4_dstip_4.src='lan'
firewall.omr_dst_bypass_lan4_dstip_4.dest=''
firewall.omr_dst_bypass_lan4_dstip_4.family='ipv4'
firewall.omr_dst_bypass_lan4_dstip_4.enabled='0'
firewall.omr_dst_bypass_lan4_dstip_4.set_mark='0x453916'
firewall.omr_dst_bypass_lan4_dstip_4_accept=rule
firewall.omr_dst_bypass_lan4_dstip_4_accept.name='omr_dst_bypass_lan4_rule_accept'
firewall.omr_dst_bypass_lan4_dstip_4_accept.target='ACCEPT'
firewall.omr_dst_bypass_lan4_dstip_4_accept.dest=''
firewall.omr_dst_bypass_lan4_dstip_4_accept.family='ipv4'
firewall.omr_dst_bypass_lan4_dstip_4_accept.enabled='0'
firewall.omr_dst_bypass_lan4_dstip_4_accept.mark='0x453916'
firewall.omr_dst_bypass_lan4_srcip_4=rule
firewall.omr_dst_bypass_lan4_srcip_4.name='omr_dst_bypass_lan4_srcip'
firewall.omr_dst_bypass_lan4_srcip_4.ipset='omr_dst_bypass_lan4_4'
firewall.omr_dst_bypass_lan4_srcip_4.src='lan'
firewall.omr_dst_bypass_lan4_srcip_4.dest=''
firewall.omr_dst_bypass_lan4_srcip_4.family='ipv4'
firewall.omr_dst_bypass_lan4_srcip_4.target='MARK'
firewall.omr_dst_bypass_lan4_srcip_4.enabled='0'
firewall.omr_dst_bypass_lan4_srcip_4.set_xmark='0x453916'
firewall.omr_dst_bypass_lan4_mac_4=rule
firewall.omr_dst_bypass_lan4_mac_4.name='omr_dst_bypass_lan4_mac'
firewall.omr_dst_bypass_lan4_mac_4.src='lan'
firewall.omr_dst_bypass_lan4_mac_4.dest=''
firewall.omr_dst_bypass_lan4_mac_4.target='MARK'
firewall.omr_dst_bypass_lan4_mac_4.enabled='0'
firewall.omr_dst_bypass_lan4_mac_4.set_xmark='0x453916'
firewall.omr_dst_bypass_lan4_srcport_tcp_4=rule
firewall.omr_dst_bypass_lan4_srcport_tcp_4.name='omr_dst_bypass_lan4_srcport'
firewall.omr_dst_bypass_lan4_srcport_tcp_4.proto='tcp'
firewall.omr_dst_bypass_lan4_srcport_tcp_4.src='lan'
firewall.omr_dst_bypass_lan4_srcport_tcp_4.dest=''
firewall.omr_dst_bypass_lan4_srcport_tcp_4.target='MARK'
firewall.omr_dst_bypass_lan4_srcport_tcp_4.enabled='0'
firewall.omr_dst_bypass_lan4_srcport_tcp_4.set_xmark='0x453916'
firewall.omr_dst_bypass_lan4_srcport_udp_4=rule
firewall.omr_dst_bypass_lan4_srcport_udp_4.name='omr_dst_bypass_lan4_srcport'
firewall.omr_dst_bypass_lan4_srcport_udp_4.proto='udp'
firewall.omr_dst_bypass_lan4_srcport_udp_4.src='lan'
firewall.omr_dst_bypass_lan4_srcport_udp_4.dest=''
firewall.omr_dst_bypass_lan4_srcport_udp_4.target='MARK'
firewall.omr_dst_bypass_lan4_srcport_udp_4.enabled='0'
firewall.omr_dst_bypass_lan4_srcport_udp_4.set_xmark='0x453916'
firewall.omr_dst_bypass_lan4_dstport_tcp_4=rule
firewall.omr_dst_bypass_lan4_dstport_tcp_4.name='omr_dst_bypass_lan4_dstport'
firewall.omr_dst_bypass_lan4_dstport_tcp_4.src='lan'
firewall.omr_dst_bypass_lan4_dstport_tcp_4.dest=''
firewall.omr_dst_bypass_lan4_dstport_tcp_4.target='MARK'
firewall.omr_dst_bypass_lan4_dstport_tcp_4.enabled='0'
firewall.omr_dst_bypass_lan4_dstport_tcp_4.set_xmark='0x453916'
firewall.omr_dst_bypass_lan4_dstport_udp_4=rule
firewall.omr_dst_bypass_lan4_dstport_udp_4.name='omr_dst_bypass_lan4_dstport'
firewall.omr_dst_bypass_lan4_dstport_udp_4.src='lan'
firewall.omr_dst_bypass_lan4_dstport_udp_4.dest=''
firewall.omr_dst_bypass_lan4_dstport_udp_4.target='MARK'
firewall.omr_dst_bypass_lan4_dstport_udp_4.enabled='0'
firewall.omr_dst_bypass_lan4_dstport_udp_4.set_xmark='0x453916'
firewall.omr_dst_bypass_eth0_4=ipset
firewall.omr_dst_bypass_eth0_4.name='omr_dst_bypass_eth0_4'
firewall.omr_dst_bypass_eth0_4.match='dest_ip'
firewall.omr_dst_bypass_eth0_4.family='ipv4'
firewall.omr_dst_bypass_eth0_4.enabled='1'
firewall.omr_dst_bypass_eth0_6=ipset
firewall.omr_dst_bypass_eth0_6.name='omr_dst_bypass_eth0_6'
firewall.omr_dst_bypass_eth0_6.match='dest_ip'
firewall.omr_dst_bypass_eth0_6.family='ipv6'
firewall.omr_dst_bypass_eth0_6.enabled='1'
firewall.omr_dst_bypass_eth0_dstip_4=rule
firewall.omr_dst_bypass_eth0_dstip_4.name='omr_dst_bypass_eth0_rule'
firewall.omr_dst_bypass_eth0_dstip_4.ipset='omr_dst_bypass_eth0_4'
firewall.omr_dst_bypass_eth0_dstip_4.target='MARK'
firewall.omr_dst_bypass_eth0_dstip_4.src='lan'
firewall.omr_dst_bypass_eth0_dstip_4.dest=''
firewall.omr_dst_bypass_eth0_dstip_4.family='ipv4'
firewall.omr_dst_bypass_eth0_dstip_4.enabled='0'
firewall.omr_dst_bypass_eth0_dstip_4.set_mark='0x453917'
firewall.omr_dst_bypass_eth0_dstip_4_accept=rule
firewall.omr_dst_bypass_eth0_dstip_4_accept.name='omr_dst_bypass_eth0_rule_accept'
firewall.omr_dst_bypass_eth0_dstip_4_accept.target='ACCEPT'
firewall.omr_dst_bypass_eth0_dstip_4_accept.dest=''
firewall.omr_dst_bypass_eth0_dstip_4_accept.family='ipv4'
firewall.omr_dst_bypass_eth0_dstip_4_accept.enabled='0'
firewall.omr_dst_bypass_eth0_dstip_4_accept.mark='0x453917'
firewall.omr_dst_bypass_eth0_srcip_4=rule
firewall.omr_dst_bypass_eth0_srcip_4.name='omr_dst_bypass_eth0_srcip'
firewall.omr_dst_bypass_eth0_srcip_4.ipset='omr_dst_bypass_eth0_4'
firewall.omr_dst_bypass_eth0_srcip_4.src='lan'
firewall.omr_dst_bypass_eth0_srcip_4.dest=''
firewall.omr_dst_bypass_eth0_srcip_4.family='ipv4'
firewall.omr_dst_bypass_eth0_srcip_4.target='MARK'
firewall.omr_dst_bypass_eth0_srcip_4.enabled='0'
firewall.omr_dst_bypass_eth0_srcip_4.set_xmark='0x453917'
firewall.omr_dst_bypass_eth0_mac_4=rule
firewall.omr_dst_bypass_eth0_mac_4.name='omr_dst_bypass_eth0_mac'
firewall.omr_dst_bypass_eth0_mac_4.src='lan'
firewall.omr_dst_bypass_eth0_mac_4.dest=''
firewall.omr_dst_bypass_eth0_mac_4.target='MARK'
firewall.omr_dst_bypass_eth0_mac_4.enabled='0'
firewall.omr_dst_bypass_eth0_mac_4.set_xmark='0x453917'
firewall.omr_dst_bypass_eth0_srcport_tcp_4=rule
firewall.omr_dst_bypass_eth0_srcport_tcp_4.name='omr_dst_bypass_eth0_srcport'
firewall.omr_dst_bypass_eth0_srcport_tcp_4.proto='tcp'
firewall.omr_dst_bypass_eth0_srcport_tcp_4.src='lan'
firewall.omr_dst_bypass_eth0_srcport_tcp_4.dest=''
firewall.omr_dst_bypass_eth0_srcport_tcp_4.target='MARK'
firewall.omr_dst_bypass_eth0_srcport_tcp_4.enabled='0'
firewall.omr_dst_bypass_eth0_srcport_tcp_4.set_xmark='0x453917'
firewall.omr_dst_bypass_eth0_srcport_udp_4=rule
firewall.omr_dst_bypass_eth0_srcport_udp_4.name='omr_dst_bypass_eth0_srcport'
firewall.omr_dst_bypass_eth0_srcport_udp_4.proto='udp'
firewall.omr_dst_bypass_eth0_srcport_udp_4.src='lan'
firewall.omr_dst_bypass_eth0_srcport_udp_4.dest=''
firewall.omr_dst_bypass_eth0_srcport_udp_4.target='MARK'
firewall.omr_dst_bypass_eth0_srcport_udp_4.enabled='0'
firewall.omr_dst_bypass_eth0_srcport_udp_4.set_xmark='0x453917'
firewall.omr_dst_bypass_eth0_dstport_tcp_4=rule
firewall.omr_dst_bypass_eth0_dstport_tcp_4.name='omr_dst_bypass_eth0_dstport'
firewall.omr_dst_bypass_eth0_dstport_tcp_4.src='lan'
firewall.omr_dst_bypass_eth0_dstport_tcp_4.dest=''
firewall.omr_dst_bypass_eth0_dstport_tcp_4.target='MARK'
firewall.omr_dst_bypass_eth0_dstport_tcp_4.enabled='0'
firewall.omr_dst_bypass_eth0_dstport_tcp_4.set_xmark='0x453917'
firewall.omr_dst_bypass_eth0_dstport_udp_4=rule
firewall.omr_dst_bypass_eth0_dstport_udp_4.name='omr_dst_bypass_eth0_dstport'
firewall.omr_dst_bypass_eth0_dstport_udp_4.src='lan'
firewall.omr_dst_bypass_eth0_dstport_udp_4.dest=''
firewall.omr_dst_bypass_eth0_dstport_udp_4.target='MARK'
firewall.omr_dst_bypass_eth0_dstport_udp_4.enabled='0'
firewall.omr_dst_bypass_eth0_dstport_udp_4.set_xmark='0x453917'
firewall.omr_dst_bypass_tun0_4=ipset
firewall.omr_dst_bypass_tun0_4.name='omr_dst_bypass_tun0_4'
firewall.omr_dst_bypass_tun0_4.match='dest_ip'
firewall.omr_dst_bypass_tun0_4.family='ipv4'
firewall.omr_dst_bypass_tun0_4.enabled='1'
firewall.omr_dst_bypass_tun0_6=ipset
firewall.omr_dst_bypass_tun0_6.name='omr_dst_bypass_tun0_6'
firewall.omr_dst_bypass_tun0_6.match='dest_ip'
firewall.omr_dst_bypass_tun0_6.family='ipv6'
firewall.omr_dst_bypass_tun0_6.enabled='1'
firewall.omr_dst_bypass_tun0_dstip_4=rule
firewall.omr_dst_bypass_tun0_dstip_4.name='omr_dst_bypass_tun0_rule'
firewall.omr_dst_bypass_tun0_dstip_4.ipset='omr_dst_bypass_tun0_4'
firewall.omr_dst_bypass_tun0_dstip_4.target='MARK'
firewall.omr_dst_bypass_tun0_dstip_4.src='lan'
firewall.omr_dst_bypass_tun0_dstip_4.dest=''
firewall.omr_dst_bypass_tun0_dstip_4.family='ipv4'
firewall.omr_dst_bypass_tun0_dstip_4.enabled='0'
firewall.omr_dst_bypass_tun0_dstip_4.set_mark='0x45391500'
firewall.omr_dst_bypass_tun0_dstip_4_accept=rule
firewall.omr_dst_bypass_tun0_dstip_4_accept.name='omr_dst_bypass_tun0_rule_accept'
firewall.omr_dst_bypass_tun0_dstip_4_accept.target='ACCEPT'
firewall.omr_dst_bypass_tun0_dstip_4_accept.dest=''
firewall.omr_dst_bypass_tun0_dstip_4_accept.family='ipv4'
firewall.omr_dst_bypass_tun0_dstip_4_accept.enabled='0'
firewall.omr_dst_bypass_tun0_dstip_4_accept.mark='0x45391500'
firewall.omr_dst_bypass_tun0_srcip_4=rule
firewall.omr_dst_bypass_tun0_srcip_4.name='omr_dst_bypass_tun0_srcip'
firewall.omr_dst_bypass_tun0_srcip_4.ipset='omr_dst_bypass_tun0_4'
firewall.omr_dst_bypass_tun0_srcip_4.src='lan'
firewall.omr_dst_bypass_tun0_srcip_4.dest=''
firewall.omr_dst_bypass_tun0_srcip_4.family='ipv4'
firewall.omr_dst_bypass_tun0_srcip_4.target='MARK'
firewall.omr_dst_bypass_tun0_srcip_4.enabled='0'
firewall.omr_dst_bypass_tun0_srcip_4.set_xmark='0x45391500'
firewall.omr_dst_bypass_tun0_mac_4=rule
firewall.omr_dst_bypass_tun0_mac_4.name='omr_dst_bypass_tun0_mac'
firewall.omr_dst_bypass_tun0_mac_4.src='lan'
firewall.omr_dst_bypass_tun0_mac_4.dest=''
firewall.omr_dst_bypass_tun0_mac_4.target='MARK'
firewall.omr_dst_bypass_tun0_mac_4.enabled='0'
firewall.omr_dst_bypass_tun0_mac_4.set_xmark='0x45391500'
firewall.omr_dst_bypass_tun0_srcport_tcp_4=rule
firewall.omr_dst_bypass_tun0_srcport_tcp_4.name='omr_dst_bypass_tun0_srcport'
firewall.omr_dst_bypass_tun0_srcport_tcp_4.src='lan'
firewall.omr_dst_bypass_tun0_srcport_tcp_4.dest=''
firewall.omr_dst_bypass_tun0_srcport_tcp_4.target='MARK'
firewall.omr_dst_bypass_tun0_srcport_tcp_4.enabled='0'
firewall.omr_dst_bypass_tun0_srcport_tcp_4.set_xmark='0x45391500'
firewall.omr_dst_bypass_tun0_srcport_udp_4=rule
firewall.omr_dst_bypass_tun0_srcport_udp_4.name='omr_dst_bypass_tun0_srcport'
firewall.omr_dst_bypass_tun0_srcport_udp_4.proto='udp'
firewall.omr_dst_bypass_tun0_srcport_udp_4.src='lan'
firewall.omr_dst_bypass_tun0_srcport_udp_4.dest=''
firewall.omr_dst_bypass_tun0_srcport_udp_4.target='MARK'
firewall.omr_dst_bypass_tun0_srcport_udp_4.enabled='0'
firewall.omr_dst_bypass_tun0_srcport_udp_4.set_xmark='0x45391500'
firewall.omr_dst_bypass_tun0_dstport_tcp_4=rule
firewall.omr_dst_bypass_tun0_dstport_tcp_4.name='omr_dst_bypass_tun0_dstport'
firewall.omr_dst_bypass_tun0_dstport_tcp_4.src='lan'
firewall.omr_dst_bypass_tun0_dstport_tcp_4.dest=''
firewall.omr_dst_bypass_tun0_dstport_tcp_4.target='MARK'
firewall.omr_dst_bypass_tun0_dstport_tcp_4.enabled='0'
firewall.omr_dst_bypass_tun0_dstport_tcp_4.set_xmark='0x45391500'
firewall.omr_dst_bypass_tun0_dstport_udp_4=rule
firewall.omr_dst_bypass_tun0_dstport_udp_4.name='omr_dst_bypass_tun0_dstport'
firewall.omr_dst_bypass_tun0_dstport_udp_4.src='lan'
firewall.omr_dst_bypass_tun0_dstport_udp_4.dest=''
firewall.omr_dst_bypass_tun0_dstport_udp_4.target='MARK'
firewall.omr_dst_bypass_tun0_dstport_udp_4.enabled='0'
firewall.omr_dst_bypass_tun0_dstport_udp_4.set_xmark='0x45391500'
firewall.omr_dst_bypass_wl0_ap0_4=ipset
firewall.omr_dst_bypass_wl0_ap0_4.name='omr_dst_bypass_wl0_ap0_4'
firewall.omr_dst_bypass_wl0_ap0_4.match='dest_ip'
firewall.omr_dst_bypass_wl0_ap0_4.family='ipv4'
firewall.omr_dst_bypass_wl0_ap0_4.enabled='1'
firewall.omr_dst_bypass_wl0_ap0_6=ipset
firewall.omr_dst_bypass_wl0_ap0_6.name='omr_dst_bypass_wl0_ap0_6'
firewall.omr_dst_bypass_wl0_ap0_6.match='dest_ip'
firewall.omr_dst_bypass_wl0_ap0_6.family='ipv6'
firewall.omr_dst_bypass_wl0_ap0_6.enabled='1'
firewall.omr_dst_bypass_wl0_ap0_dstip_4=rule
firewall.omr_dst_bypass_wl0_ap0_dstip_4.name='omr_dst_bypass_wl0_ap0_rule'
firewall.omr_dst_bypass_wl0_ap0_dstip_4.ipset='omr_dst_bypass_wl0_ap0_4'
firewall.omr_dst_bypass_wl0_ap0_dstip_4.target='MARK'
firewall.omr_dst_bypass_wl0_ap0_dstip_4.src='lan'
firewall.omr_dst_bypass_wl0_ap0_dstip_4.dest=''
firewall.omr_dst_bypass_wl0_ap0_dstip_4.family='ipv4'
firewall.omr_dst_bypass_wl0_ap0_dstip_4.enabled='0'
firewall.omr_dst_bypass_wl0_ap0_dstip_4.set_mark='0x453915'
firewall.omr_dst_bypass_wl0_ap0_dstip_4_accept=rule
firewall.omr_dst_bypass_wl0_ap0_dstip_4_accept.name='omr_dst_bypass_wl0_ap0_rule_accept'
firewall.omr_dst_bypass_wl0_ap0_dstip_4_accept.target='ACCEPT'
firewall.omr_dst_bypass_wl0_ap0_dstip_4_accept.dest=''
firewall.omr_dst_bypass_wl0_ap0_dstip_4_accept.family='ipv4'
firewall.omr_dst_bypass_wl0_ap0_dstip_4_accept.enabled='0'
firewall.omr_dst_bypass_wl0_ap0_dstip_4_accept.mark='0x453915'
firewall.omr_dst_bypass_wl0_ap0_srcip_4=rule
firewall.omr_dst_bypass_wl0_ap0_srcip_4.name='omr_dst_bypass_wl0_ap0_srcip'
firewall.omr_dst_bypass_wl0_ap0_srcip_4.ipset='omr_dst_bypass_wl0_ap0_4'
firewall.omr_dst_bypass_wl0_ap0_srcip_4.src='lan'
firewall.omr_dst_bypass_wl0_ap0_srcip_4.dest=''
firewall.omr_dst_bypass_wl0_ap0_srcip_4.family='ipv4'
firewall.omr_dst_bypass_wl0_ap0_srcip_4.target='MARK'
firewall.omr_dst_bypass_wl0_ap0_srcip_4.enabled='0'
firewall.omr_dst_bypass_wl0_ap0_srcip_4.set_xmark='0x453915'
firewall.omr_dst_bypass_wl0_ap0_mac_4=rule
firewall.omr_dst_bypass_wl0_ap0_mac_4.name='omr_dst_bypass_wl0_ap0_mac'
firewall.omr_dst_bypass_wl0_ap0_mac_4.src='lan'
firewall.omr_dst_bypass_wl0_ap0_mac_4.dest=''
firewall.omr_dst_bypass_wl0_ap0_mac_4.target='MARK'
firewall.omr_dst_bypass_wl0_ap0_mac_4.enabled='0'
firewall.omr_dst_bypass_wl0_ap0_mac_4.set_xmark='0x453915'
firewall.omr_dst_bypass_wl0_ap0_srcport_tcp_4=rule
firewall.omr_dst_bypass_wl0_ap0_srcport_tcp_4.name='omr_dst_bypass_wl0_ap0_srcport'
firewall.omr_dst_bypass_wl0_ap0_srcport_tcp_4.proto='tcp'
firewall.omr_dst_bypass_wl0_ap0_srcport_tcp_4.src='lan'
firewall.omr_dst_bypass_wl0_ap0_srcport_tcp_4.dest=''
firewall.omr_dst_bypass_wl0_ap0_srcport_tcp_4.target='MARK'
firewall.omr_dst_bypass_wl0_ap0_srcport_tcp_4.enabled='0'
firewall.omr_dst_bypass_wl0_ap0_srcport_tcp_4.set_xmark='0x453915'
firewall.omr_dst_bypass_wl0_ap0_srcport_udp_4=rule
firewall.omr_dst_bypass_wl0_ap0_srcport_udp_4.name='omr_dst_bypass_wl0_ap0_srcport'
firewall.omr_dst_bypass_wl0_ap0_srcport_udp_4.proto='udp'
firewall.omr_dst_bypass_wl0_ap0_srcport_udp_4.src='lan'
firewall.omr_dst_bypass_wl0_ap0_srcport_udp_4.dest=''
firewall.omr_dst_bypass_wl0_ap0_srcport_udp_4.target='MARK'
firewall.omr_dst_bypass_wl0_ap0_srcport_udp_4.enabled='0'
firewall.omr_dst_bypass_wl0_ap0_srcport_udp_4.set_xmark='0x453915'
firewall.omr_dst_bypass_wl0_ap0_dstport_tcp_4=rule
firewall.omr_dst_bypass_wl0_ap0_dstport_tcp_4.name='omr_dst_bypass_wl0_ap0_dstport'
firewall.omr_dst_bypass_wl0_ap0_dstport_tcp_4.src='lan'
firewall.omr_dst_bypass_wl0_ap0_dstport_tcp_4.dest=''
firewall.omr_dst_bypass_wl0_ap0_dstport_tcp_4.target='MARK'
firewall.omr_dst_bypass_wl0_ap0_dstport_tcp_4.enabled='0'
firewall.omr_dst_bypass_wl0_ap0_dstport_tcp_4.set_xmark='0x453915'
firewall.omr_dst_bypass_wl0_ap0_dstport_udp_4=rule
firewall.omr_dst_bypass_wl0_ap0_dstport_udp_4.name='omr_dst_bypass_wl0_ap0_dstport'
firewall.omr_dst_bypass_wl0_ap0_dstport_udp_4.src='lan'
firewall.omr_dst_bypass_wl0_ap0_dstport_udp_4.dest=''
firewall.omr_dst_bypass_wl0_ap0_dstport_udp_4.target='MARK'
firewall.omr_dst_bypass_wl0_ap0_dstport_udp_4.enabled='0'
firewall.omr_dst_bypass_wl0_ap0_dstport_udp_4.set_xmark='0x453915'
firewall.omr_dst_bypass_all_4=ipset
firewall.omr_dst_bypass_all_4.name='omr_dst_bypass_all_4'
firewall.omr_dst_bypass_all_4.match='dest_ip'
firewall.omr_dst_bypass_all_4.family='ipv4'
firewall.omr_dst_bypass_all_4.enabled='1'
firewall.omr_dst_bypass_all_6=ipset
firewall.omr_dst_bypass_all_6.name='omr_dst_bypass_all_6'
firewall.omr_dst_bypass_all_6.match='dest_ip'
firewall.omr_dst_bypass_all_6.family='ipv6'
firewall.omr_dst_bypass_all_6.enabled='1'
firewall.omr_dst_bypass_all_dstip_4=rule
firewall.omr_dst_bypass_all_dstip_4.name='omr_dst_bypass_all_rule'
firewall.omr_dst_bypass_all_dstip_4.ipset='omr_dst_bypass_all_4'
firewall.omr_dst_bypass_all_dstip_4.target='MARK'
firewall.omr_dst_bypass_all_dstip_4.src='lan'
firewall.omr_dst_bypass_all_dstip_4.dest=''
firewall.omr_dst_bypass_all_dstip_4.family='ipv4'
firewall.omr_dst_bypass_all_dstip_4.enabled='0'
firewall.omr_dst_bypass_all_dstip_4.set_mark='0x4539'
firewall.omr_dst_bypass_all_dstip_4_accept=rule
firewall.omr_dst_bypass_all_dstip_4_accept.name='omr_dst_bypass_all_rule_accept'
firewall.omr_dst_bypass_all_dstip_4_accept.target='ACCEPT'
firewall.omr_dst_bypass_all_dstip_4_accept.dest=''
firewall.omr_dst_bypass_all_dstip_4_accept.family='ipv4'
firewall.omr_dst_bypass_all_dstip_4_accept.enabled='0'
firewall.omr_dst_bypass_all_dstip_4_accept.mark='0x4539'
firewall.omr_dst_bypass_all_srcip_4=rule
firewall.omr_dst_bypass_all_srcip_4.name='omr_dst_bypass_all_srcip'
firewall.omr_dst_bypass_all_srcip_4.ipset='omr_dst_bypass_all_4'
firewall.omr_dst_bypass_all_srcip_4.src='lan'
firewall.omr_dst_bypass_all_srcip_4.dest=''
firewall.omr_dst_bypass_all_srcip_4.family='ipv4'
firewall.omr_dst_bypass_all_srcip_4.target='MARK'
firewall.omr_dst_bypass_all_srcip_4.enabled='0'
firewall.omr_dst_bypass_all_srcip_4.set_xmark='0x4539'
firewall.omr_dst_bypass_all_mac_4=rule
firewall.omr_dst_bypass_all_mac_4.name='omr_dst_bypass_all_mac'
firewall.omr_dst_bypass_all_mac_4.src='lan'
firewall.omr_dst_bypass_all_mac_4.dest=''
firewall.omr_dst_bypass_all_mac_4.target='MARK'
firewall.omr_dst_bypass_all_mac_4.enabled='0'
firewall.omr_dst_bypass_all_mac_4.set_xmark='0x4539'
firewall.omr_dst_bypass_all_srcport_tcp_4=rule
firewall.omr_dst_bypass_all_srcport_tcp_4.name='omr_dst_bypass_all_srcport'
firewall.omr_dst_bypass_all_srcport_tcp_4.proto='tcp'
firewall.omr_dst_bypass_all_srcport_tcp_4.src='lan'
firewall.omr_dst_bypass_all_srcport_tcp_4.dest=''
firewall.omr_dst_bypass_all_srcport_tcp_4.target='MARK'
firewall.omr_dst_bypass_all_srcport_tcp_4.enabled='0'
firewall.omr_dst_bypass_all_srcport_tcp_4.set_xmark='0x4539'
firewall.omr_dst_bypass_all_srcport_udp_4=rule
firewall.omr_dst_bypass_all_srcport_udp_4.name='omr_dst_bypass_all_srcport'
firewall.omr_dst_bypass_all_srcport_udp_4.proto='udp'
firewall.omr_dst_bypass_all_srcport_udp_4.src='lan'
firewall.omr_dst_bypass_all_srcport_udp_4.dest=''
firewall.omr_dst_bypass_all_srcport_udp_4.target='MARK'
firewall.omr_dst_bypass_all_srcport_udp_4.enabled='0'
firewall.omr_dst_bypass_all_srcport_udp_4.set_xmark='0x4539'
firewall.omr_dst_bypass_all_dstport_tcp_4=rule
firewall.omr_dst_bypass_all_dstport_tcp_4.name='omr_dst_bypass_all_dstport'
firewall.omr_dst_bypass_all_dstport_tcp_4.src='lan'
firewall.omr_dst_bypass_all_dstport_tcp_4.dest=''
firewall.omr_dst_bypass_all_dstport_tcp_4.target='MARK'
firewall.omr_dst_bypass_all_dstport_tcp_4.enabled='0'
firewall.omr_dst_bypass_all_dstport_tcp_4.set_xmark='0x4539'
firewall.omr_dst_bypass_all_dstport_udp_4=rule
firewall.omr_dst_bypass_all_dstport_udp_4.name='omr_dst_bypass_all_dstport'
firewall.omr_dst_bypass_all_dstport_udp_4.src='lan'
firewall.omr_dst_bypass_all_dstport_udp_4.dest=''
firewall.omr_dst_bypass_all_dstport_udp_4.target='MARK'
firewall.omr_dst_bypass_all_dstport_udp_4.enabled='0'
firewall.omr_dst_bypass_all_dstport_udp_4.set_xmark='0x4539'
firewall.omr_dscp_cs0_4=ipset
firewall.omr_dscp_cs0_4.name='omr_dscp_cs0_4'
firewall.omr_dscp_cs0_4.match='dest_ip'
firewall.omr_dscp_rule_cs0_4=rule
firewall.omr_dscp_rule_cs0_4.name='omr_dscp_cs0_4'
firewall.omr_dscp_rule_cs0_4.ipset='omr_dscp_cs0_4'
firewall.omr_dscp_rule_cs0_4.set_dscp='CS0'
firewall.omr_dscp_rule_cs0_4.target='DSCP'
firewall.omr_dscp_rule_cs0_4.src='lan'
firewall.omr_dscp_rule_cs0_4.dest=''
firewall.omr_dscp_cs1_4=ipset
firewall.omr_dscp_cs1_4.name='omr_dscp_cs1_4'
firewall.omr_dscp_cs1_4.match='dest_ip'
firewall.omr_dscp_rule_cs1_4=rule
firewall.omr_dscp_rule_cs1_4.name='omr_dscp_cs1_4'
firewall.omr_dscp_rule_cs1_4.ipset='omr_dscp_cs1_4'
firewall.omr_dscp_rule_cs1_4.set_dscp='CS1'
firewall.omr_dscp_rule_cs1_4.target='DSCP'
firewall.omr_dscp_rule_cs1_4.src='lan'
firewall.omr_dscp_rule_cs1_4.dest=''
firewall.omr_dscp_cs2_4=ipset
firewall.omr_dscp_cs2_4.name='omr_dscp_cs2_4'
firewall.omr_dscp_cs2_4.match='dest_ip'
firewall.omr_dscp_rule_cs2_4=rule
firewall.omr_dscp_rule_cs2_4.name='omr_dscp_cs2_4'
firewall.omr_dscp_rule_cs2_4.ipset='omr_dscp_cs2_4'
firewall.omr_dscp_rule_cs2_4.set_dscp='CS2'
firewall.omr_dscp_rule_cs2_4.target='DSCP'
firewall.omr_dscp_rule_cs2_4.src='lan'
firewall.omr_dscp_rule_cs2_4.dest=''
firewall.omr_dscp_cs3_4=ipset
firewall.omr_dscp_cs3_4.name='omr_dscp_cs3_4'
firewall.omr_dscp_cs3_4.match='dest_ip'
firewall.omr_dscp_rule_cs3_4=rule
firewall.omr_dscp_rule_cs3_4.name='omr_dscp_cs3_4'
firewall.omr_dscp_rule_cs3_4.ipset='omr_dscp_cs3_4'
firewall.omr_dscp_rule_cs3_4.set_dscp='CS3'
firewall.omr_dscp_rule_cs3_4.target='DSCP'
firewall.omr_dscp_rule_cs3_4.src='lan'
firewall.omr_dscp_rule_cs3_4.dest=''
firewall.omr_dscp_cs4_4=ipset
firewall.omr_dscp_cs4_4.name='omr_dscp_cs4_4'
firewall.omr_dscp_cs4_4.match='dest_ip'
firewall.omr_dscp_rule_cs4_4=rule
firewall.omr_dscp_rule_cs4_4.name='omr_dscp_cs4_4'
firewall.omr_dscp_rule_cs4_4.ipset='omr_dscp_cs4_4'
firewall.omr_dscp_rule_cs4_4.set_dscp='CS4'
firewall.omr_dscp_rule_cs4_4.target='DSCP'
firewall.omr_dscp_rule_cs4_4.src='lan'
firewall.omr_dscp_rule_cs4_4.dest=''
firewall.omr_dscp_cs5_4=ipset
firewall.omr_dscp_cs5_4.name='omr_dscp_cs5_4'
firewall.omr_dscp_cs5_4.match='dest_ip'
firewall.omr_dscp_rule_cs5_4=rule
firewall.omr_dscp_rule_cs5_4.name='omr_dscp_cs5_4'
firewall.omr_dscp_rule_cs5_4.ipset='omr_dscp_cs5_4'
firewall.omr_dscp_rule_cs5_4.set_dscp='CS5'
firewall.omr_dscp_rule_cs5_4.target='DSCP'
firewall.omr_dscp_rule_cs5_4.src='lan'
firewall.omr_dscp_rule_cs5_4.dest=''
firewall.omr_dscp_cs6_4=ipset
firewall.omr_dscp_cs6_4.name='omr_dscp_cs6_4'
firewall.omr_dscp_cs6_4.match='dest_ip'
firewall.omr_dscp_rule_cs6_4=rule
firewall.omr_dscp_rule_cs6_4.name='omr_dscp_cs6_4'
firewall.omr_dscp_rule_cs6_4.ipset='omr_dscp_cs6_4'
firewall.omr_dscp_rule_cs6_4.set_dscp='CS6'
firewall.omr_dscp_rule_cs6_4.target='DSCP'
firewall.omr_dscp_rule_cs6_4.src='lan'
firewall.omr_dscp_rule_cs6_4.dest=''
firewall.omr_dscp_cs7_4=ipset
firewall.omr_dscp_cs7_4.name='omr_dscp_cs7_4'
firewall.omr_dscp_cs7_4.match='dest_ip'
firewall.omr_dscp_rule_cs7_4=rule
firewall.omr_dscp_rule_cs7_4.name='omr_dscp_cs7_4'
firewall.omr_dscp_rule_cs7_4.ipset='omr_dscp_cs7_4'
firewall.omr_dscp_rule_cs7_4.set_dscp='CS7'
firewall.omr_dscp_rule_cs7_4.target='DSCP'
firewall.omr_dscp_rule_cs7_4.src='lan'
firewall.omr_dscp_rule_cs7_4.dest=''
firewall.omr_dscp_ef_4=ipset
firewall.omr_dscp_ef_4.name='omr_dscp_ef_4'
firewall.omr_dscp_ef_4.match='dest_ip'
firewall.omr_dscp_rule_ef_4=rule
firewall.omr_dscp_rule_ef_4.name='omr_dscp_ef_4'
firewall.omr_dscp_rule_ef_4.ipset='omr_dscp_ef_4'
firewall.omr_dscp_rule_ef_4.set_dscp='EF'
firewall.omr_dscp_rule_ef_4.target='DSCP'
firewall.omr_dscp_rule_ef_4.src='lan'
firewall.omr_dscp_rule_ef_4.dest=''
firewall.omr_dscp_rule1=rule
firewall.omr_dscp_rule1.name='omr_dscp_rule1'
firewall.omr_dscp_rule1.target='DSCP'
firewall.omr_dscp_rule1.set_dscp='CS7'
firewall.omr_dscp_rule1.src='lan'
firewall.omr_dscp_rule1.src_ip='0.0.0.0/0'
firewall.omr_dscp_rule1.dest_ip='0.0.0.0/0'
firewall.omr_dscp_rule1.proto='icmp'
firewall.omr_dscp_rule1.src_port='0-65535'
firewall.omr_dscp_rule1.dest_port='0-65535'
firewall.omr_dscp_rule2=rule
firewall.omr_dscp_rule2.name='omr_dscp_rule2'
firewall.omr_dscp_rule2.target='DSCP'
firewall.omr_dscp_rule2.set_dscp='CS4'
firewall.omr_dscp_rule2.src='lan'
firewall.omr_dscp_rule2.src_ip='0.0.0.0/0'
firewall.omr_dscp_rule2.dest_ip='0.0.0.0/0'
firewall.omr_dscp_rule2.proto='udp'
firewall.omr_dscp_rule2.src_port='53 123 5353'
firewall.omr_dscp_rule2.dest_port='0-65535'
firewall.omr_dscp_rule3=rule
firewall.omr_dscp_rule3.name='omr_dscp_rule3'
firewall.omr_dscp_rule3.target='DSCP'
firewall.omr_dscp_rule3.set_dscp='CS4'
firewall.omr_dscp_rule3.src='lan'
firewall.omr_dscp_rule3.src_ip='0.0.0.0/0'
firewall.omr_dscp_rule3.dest_ip='0.0.0.0/0'
firewall.omr_dscp_rule3.proto='tcp'
firewall.omr_dscp_rule3.src_port='53 5353'
firewall.omr_dscp_rule3.dest_port='0-65535'
firewall.omr_dscp_rule4=rule
firewall.omr_dscp_rule4.name='omr_dscp_rule4'
firewall.omr_dscp_rule4.target='DSCP'
firewall.omr_dscp_rule4.set_dscp='CS4'
firewall.omr_dscp_rule4.src='lan'
firewall.omr_dscp_rule4.src_ip='0.0.0.0/0'
firewall.omr_dscp_rule4.dest_ip='0.0.0.0/0'
firewall.omr_dscp_rule4.proto='tcp'
firewall.omr_dscp_rule4.src_port='0-65535'
firewall.omr_dscp_rule4.dest_port='65500'
firewall.omr_dscp_rule5=rule
firewall.omr_dscp_rule5.name='omr_dscp_rule5'
firewall.omr_dscp_rule5.target='DSCP'
firewall.omr_dscp_rule5.set_dscp='CS7'
firewall.omr_dscp_rule5.src='lan'
firewall.omr_dscp_rule5.src_ip='0.0.0.0/0'
firewall.omr_dscp_rule5.dest_ip='0.0.0.0/0'
firewall.omr_dscp_rule5.proto='tcp'
firewall.omr_dscp_rule5.src_port='0-65535'
firewall.omr_dscp_rule5.dest_port='65001 65301 65401 65011'
firewall.omr_dscp_rule6=rule
firewall.omr_dscp_rule6.name='omr_dscp_rule6'
firewall.omr_dscp_rule6.target='DSCP'
firewall.omr_dscp_rule6.set_dscp='CS7'
firewall.omr_dscp_rule6.src='lan'
firewall.omr_dscp_rule6.src_ip='0.0.0.0/0'
firewall.omr_dscp_rule6.dest_ip='0.0.0.0/0'
firewall.omr_dscp_rule6.proto='udp'
firewall.omr_dscp_rule6.src_port='0-65535'
firewall.omr_dscp_rule6.dest_port='65001 65301'
firewall.omr_dscp_rule7=rule
firewall.omr_dscp_rule7.name='omr_dscp_rule7'
firewall.omr_dscp_rule7.target='DSCP'
firewall.omr_dscp_rule7.set_dscp='CS6'
firewall.omr_dscp_rule7.src='lan'
firewall.omr_dscp_rule7.src_ip='0.0.0.0/0'
firewall.omr_dscp_rule7.dest_ip='0.0.0.0/0'
firewall.omr_dscp_rule7.proto='tcp'
firewall.omr_dscp_rule7.src_port='0-65535'
firewall.omr_dscp_rule7.dest_port='65101 65228'
nft list ruleset
table ip mangle {
chain PREROUTING {
type filter hook prerouting priority mangle; policy accept;
}
chain INPUT {
type filter hook input priority mangle; policy accept;
counter packets 3407732 bytes 6037847857 jump omr-bypass-dpi
}
chain FORWARD {
type filter hook forward priority mangle; policy accept;
counter packets 76363 bytes 98931394 jump omr-bypass-dpi
}
chain OUTPUT {
type route hook output priority mangle; policy accept;
}
chain POSTROUTING {
type filter hook postrouting priority mangle; policy accept;
}
chain omr-bypass-dpi {
}} table inet fw4 { ct helper amanda { type "amanda" protocol udp l3proto inet }
ct helper ftp {
type "ftp" protocol tcp
l3proto inet
}
ct helper RAS {
type "RAS" protocol udp
l3proto inet
}
ct helper Q.931 {
type "Q.931" protocol tcp
l3proto inet
}
ct helper irc {
type "irc" protocol tcp
l3proto ip
}
ct helper pptp {
type "pptp" protocol tcp
l3proto ip
}
ct helper sip {
type "sip" protocol udp
l3proto inet
}
ct helper snmp {
type "snmp" protocol udp
l3proto ip
}
ct helper tftp {
type "tftp" protocol udp
l3proto inet
}
set omr_dst_bypass_br_lan_4 {
type ipv4_addr
}
set omr_dst_bypass_br_lan_6 {
type ipv6_addr
}
set omr_dst_bypass_lan1_4 {
type ipv4_addr
}
set omr_dst_bypass_lan1_6 {
type ipv6_addr
}
set omr_dst_bypass_lan3_4 {
type ipv4_addr
}
set omr_dst_bypass_lan3_6 {
type ipv6_addr
}
set omr_dst_bypass_lan4_4 {
type ipv4_addr
}
set omr_dst_bypass_lan4_6 {
type ipv6_addr
}
set omr_dst_bypass_eth0_4 {
type ipv4_addr
}
set omr_dst_bypass_eth0_6 {
type ipv6_addr
}
set omr_dst_bypass_tun0_4 {
type ipv4_addr
}
set omr_dst_bypass_tun0_6 {
type ipv6_addr
}
set omr_dst_bypass_wl0_ap0_4 {
type ipv4_addr
}
set omr_dst_bypass_wl0_ap0_6 {
type ipv6_addr
}
set omr_dst_bypass_all_4 {
type ipv4_addr
}
set omr_dst_bypass_all_6 {
type ipv6_addr
}
set omr_dscp_cs0_4 {
type ipv4_addr
}
set omr_dscp_cs1_4 {
type ipv4_addr
elements = { 142.250.179.78 }
}
set omr_dscp_cs2_4 {
type ipv4_addr
elements = { 64.233.184.188, 66.102.1.188,
74.125.71.188, 142.250.74.234,
142.250.75.234, 142.250.75.238,
142.250.110.188, 142.250.178.138,
142.250.179.74, 142.250.179.78,
142.250.179.106, 142.250.179.110,
142.250.201.170, 142.251.168.188,
142.251.173.188, 157.240.202.1,
163.70.128.23, 172.217.18.202,
172.217.20.170, 172.217.20.202,
173.194.76.84, 173.194.76.188,
185.60.219.2, 185.60.219.4,
185.60.219.35, 185.60.219.60,
185.60.219.61, 216.58.213.67,
216.58.213.74, 216.58.214.65,
216.58.214.74, 216.58.214.78,
216.58.214.164, 216.58.214.170,
216.58.214.174, 216.58.215.42 }
}
set omr_dscp_cs3_4 {
type ipv4_addr
}
set omr_dscp_cs4_4 {
type ipv4_addr
}
set omr_dscp_cs5_4 {
type ipv4_addr
}
set omr_dscp_cs6_4 {
type ipv4_addr
}
set omr_dscp_cs7_4 {
type ipv4_addr
}
set omr_dscp_ef_4 {
type ipv4_addr
}
set ss_rules_src_bypass {
type ipv4_addr
flags interval
auto-merge
}
set ss_rules6_src_bypass {
type ipv6_addr
flags interval
auto-merge
}
set ss_rules_src_forward {
type ipv4_addr
flags interval
auto-merge
}
set ss_rules6_src_forward {
type ipv6_addr
flags interval
auto-merge
}
set ss_rules_src_checkdst {
type ipv4_addr
flags interval
auto-merge
}
set ss_rules6_src_checkdst {
type ipv6_addr
flags interval
auto-merge
}
set ss_rules_remote_servers {
type ipv4_addr
flags interval
auto-merge
elements = { 193.169.104.0 }
}
set ss_rules6_remote_servers {
type ipv6_addr
flags interval
auto-merge
}
set ss_rules_dst_bypass {
type ipv4_addr
flags interval
auto-merge
}
set ss_rules6_dst_bypass {
type ipv6_addr
flags interval
auto-merge
}
set ss_rules_dst_bypass_ {
type ipv4_addr
flags interval
auto-merge
elements = { 0.0.0.0/8, 10.0.0.0/8,
100.64.0.0/10, 127.0.0.0/8,
169.254.0.0/16, 172.16.0.0/12,
192.0.0.0/24, 192.0.2.0/24,
192.31.196.0/24, 192.52.193.0/24,
192.88.99.0/24, 192.168.0.0/16,
192.175.48.0/24, 198.18.0.0/15,
198.51.100.0/24, 203.0.113.0/24,
224.0.0.0/3 }
}
set ss_rules6_dst_bypass_ {
type ipv6_addr
flags interval
auto-merge
elements = { ::/127,
::ffff:0.0.0.0/96,
64:ff9b:1::/48,
100::/64,
2001::/23,
fc00::/7,
fe80::/10 }
}
set ss_rules_dst_forward {
type ipv4_addr
flags interval
auto-merge
}
set ss_rules6_dst_forward {
type ipv6_addr
flags interval
auto-merge
}
set ss_rules_dst_forward_rrst_ {
type ipv4_addr
flags interval
auto-merge
}
set ss_rules6_dst_forward_rrst_ {
type ipv6_addr
flags interval
auto-merge
}
chain ss_rules_pre_tcp {
type nat hook prerouting priority filter + 1; policy accept;
meta mark 0x00004539 accept
ip daddr @omr_dst_bypass_all_4 accept
meta mark 0x00453915 accept
ip daddr @omr_dst_bypass_wl0_ap0_4 accept
meta mark 0x45391500 accept
ip daddr @omr_dst_bypass_tun0_4 accept
meta mark 0x00453917 accept
ip daddr @omr_dst_bypass_eth0_4 accept
meta mark 0x00453916 accept
ip daddr @omr_dst_bypass_lan4_4 accept
meta mark 0x00453911 accept
ip daddr @omr_dst_bypass_lan3_4 accept
meta mark 0x00045399 accept
ip daddr @omr_dst_bypass_lan1_4 accept
meta mark 0x45399999 accept
ip daddr @omr_dst_bypass_br_lan_4 accept
meta mark 0x00004539 accept
ip daddr @omr_dst_bypass_all_4 accept
meta mark 0x00453915 accept
ip daddr @omr_dst_bypass_wl0_ap0_4 accept
meta mark 0x45391500 accept
ip daddr @omr_dst_bypass_tun0_4 accept
meta mark 0x00453917 accept
ip daddr @omr_dst_bypass_eth0_4 accept
meta mark 0x00453916 accept
ip daddr @omr_dst_bypass_lan4_4 accept
meta mark 0x00453911 accept
ip daddr @omr_dst_bypass_lan3_4 accept
meta mark 0x00045399 accept
ip daddr @omr_dst_bypass_lan1_4 accept
meta mark 0x45399999 accept
ip daddr @omr_dst_bypass_br_lan_4 accept
meta l4proto tcp goto ss_rules_pre_src_tcp
}
chain ss_rules_pre_src_tcp {
ip daddr @ss_rules_dst_bypass_ accept
ip6 daddr @ss_rules6_dst_bypass_ accept
goto ss_rules_src_tcp
}
chain ss_rules_src_tcp {
ip saddr @ss_rules_src_bypass accept
ip saddr @ss_rules_src_forward goto ss_rules_forward_tcp
ip saddr @ss_rules_src_checkdst goto ss_rules_dst_tcp
ip6 saddr @ss_rules6_src_bypass accept
ip6 saddr @ss_rules6_src_forward goto ss_rules_forward_tcp
ip6 saddr @ss_rules6_src_checkdst goto ss_rules_dst_tcp
goto ss_rules_forward_tcp
}
chain ss_rules_dst_tcp {
ip daddr @ss_rules_dst_bypass accept
ip daddr @ss_rules_remote_servers accept
ip daddr @ss_rules_dst_forward goto ss_rules_forward_tcp
ip6 daddr @ss_rules6_dst_bypass accept
ip6 daddr @ss_rules6_remote_servers accept
ip6 daddr @ss_rules6_dst_forward goto ss_rules_forward_tcp
goto ss_rules_forward_tcp
}
chain ss_rules_forward_tcp {
meta l4proto tcp redirect to :1100
}
chain ss_rules_local_out {
type nat hook output priority filter - 1; policy accept;
meta mark 0x00004539 accept
ip daddr @omr_dst_bypass_all_4 accept
meta mark 0x00453915 accept
ip daddr @omr_dst_bypass_wl0_ap0_4 accept
meta mark 0x45391500 accept
ip daddr @omr_dst_bypass_tun0_4 accept
meta mark 0x00453917 accept
ip daddr @omr_dst_bypass_eth0_4 accept
meta mark 0x00453916 accept
ip daddr @omr_dst_bypass_lan4_4 accept
meta mark 0x00453911 accept
ip daddr @omr_dst_bypass_lan3_4 accept
meta mark 0x00045399 accept
ip daddr @omr_dst_bypass_lan1_4 accept
meta mark 0x45399999 accept
ip daddr @omr_dst_bypass_br_lan_4 accept
meta mark 0x00004539 accept
ip daddr @omr_dst_bypass_all_4 accept
meta mark 0x00453915 accept
ip daddr @omr_dst_bypass_wl0_ap0_4 accept
meta mark 0x45391500 accept
ip daddr @omr_dst_bypass_tun0_4 accept
meta mark 0x00453917 accept
ip daddr @omr_dst_bypass_eth0_4 accept
meta mark 0x00453916 accept
ip daddr @omr_dst_bypass_lan4_4 accept
meta mark 0x00453911 accept
ip daddr @omr_dst_bypass_lan3_4 accept
meta mark 0x00045399 accept
ip daddr @omr_dst_bypass_lan1_4 accept
meta mark 0x45399999 accept
ip daddr @omr_dst_bypass_br_lan_4 accept
meta l4proto != tcp accept
ip daddr @ss_rules_remote_servers accept
ip daddr @ss_rules_dst_bypass_ accept
ip daddr @ss_rules_dst_bypass accept
ip6 daddr @ss_rules6_remote_servers accept
ip6 daddr @ss_rules6_dst_bypass_ accept
ip6 daddr @ss_rules6_dst_bypass accept
goto ss_rules_forward_tcp
}
chain input {
type filter hook input priority filter; policy drop;
iif "lo" accept comment "!fw4: Accept traffic from loopback"
ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
iifname { "br-lan", "wl0-ap0" } jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
iifname { "eth0", "lan1", "lan3", "lan4" } jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
iifname "tun0" jump input_vpn comment "!fw4: Handle vpn IPv4/IPv6 input traffic"
jump handle_reject
}
chain forward {
type filter hook forward priority filter; policy drop;
ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
icmp type echo-request limit rate 1000/second burst 5 packets counter packets 5 bytes 420 accept comment "!fw4: Allow-All-Ping"
icmpv6 type echo-request limit rate 1000/second burst 5 packets counter packets 0 bytes 0 accept comment "!fw4: Allow-All-Ping"
udp dport 443 counter packets 0 bytes 0 drop comment "!fw4: Block QUIC All"
iifname { "br-lan", "wl0-ap0" } jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
iifname { "eth0", "lan1", "lan3", "lan4" } jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
iifname "tun0" jump forward_vpn comment "!fw4: Handle vpn IPv4/IPv6 forward traffic"
jump upnp_forward comment "Hook into miniupnpd forwarding chain"
jump handle_reject
}
chain output {
type filter hook output priority filter; policy drop;
oif "lo" accept comment "!fw4: Accept traffic towards loopback"
ct state vmap { established : accept, related : accept } comment "!fw4: Handle outbound flows"
oifname { "br-lan", "wl0-ap0" } jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic"
oifname { "eth0", "lan1", "lan3", "lan4" } jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic"
oifname "tun0" jump output_vpn comment "!fw4: Handle vpn IPv4/IPv6 output traffic"
jump handle_reject
}
chain prerouting {
type filter hook prerouting priority filter; policy accept;
icmp type echo-request limit rate 1000/second burst 5 packets counter packets 35 bytes 2940 accept comment "!fw4: Allow-All-Ping"
icmpv6 type echo-request limit rate 1000/second burst 5 packets counter packets 0 bytes 0 accept comment "!fw4: Allow-All-Ping"
udp dport 443 counter packets 224 bytes 292916 drop comment "!fw4: Block QUIC All"
counter packets 347759 bytes 201209319 jump accept_to_vpn comment "!fw4: Allow-All-LAN-to-VPN"
counter packets 347759 bytes 201209319 jump accept_to_wan comment "!fw4: Allow-Lan-to-Wan"
jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
jump accept_to_vpn comment "!fw4: Accept lan to vpn forwarding"
iifname { "br-lan", "wl0-ap0" } jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment"
icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second burst 5 packets counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second burst 5 packets counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
}
chain handle_reject {
meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
reject comment "!fw4: Reject any other traffic"
}
chain syn_flood {
limit rate 25/second burst 50 packets return comment "!fw4: Accept SYN packets below rate-limit"
drop comment "!fw4: Drop excess packets"
}
chain input_lan {
icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply, nd-router-solicit, nd-router-advert } limit rate 1000/second burst 5 packets counter packets 18 bytes 960 accept comment "!fw4: ICMPv6-Lan-to-OMR"
udp dport 443 counter packets 0 bytes 0 drop comment "!fw4: Block QUIC Proxy"
ct status dnat accept comment "!fw4: Accept port redirections"
jump accept_from_lan
}
chain output_lan {
jump accept_to_lan
}
chain forward_lan {
counter packets 59702 bytes 89268302 jump accept_to_vpn comment "!fw4: Allow-All-LAN-to-VPN"
counter packets 0 bytes 0 jump accept_to_wan comment "!fw4: Allow-Lan-to-Wan"
jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
jump accept_to_vpn comment "!fw4: Accept lan to vpn forwarding"
ct status dnat accept comment "!fw4: Accept port forwards"
jump accept_to_lan
}
chain helper_lan {
udp dport 10080 ct helper set "amanda" comment "!fw4: Amanda backup and archiving proto"
tcp dport 21 ct helper set "ftp" comment "!fw4: FTP passive connection tracking"
udp dport 1719 ct helper set "RAS" comment "!fw4: RAS proto tracking"
tcp dport 1720 ct helper set "Q.931" comment "!fw4: Q.931 proto tracking"
meta nfproto ipv4 tcp dport 6667 ct helper set "irc" comment "!fw4: IRC DCC connection tracking"
meta nfproto ipv4 tcp dport 1723 ct helper set "pptp" comment "!fw4: PPTP VPN connection tracking"
udp dport 5060 ct helper set "sip" comment "!fw4: SIP VoIP connection tracking"
meta nfproto ipv4 udp dport 161 ct helper set "snmp" comment "!fw4: SNMP monitoring connection tracking"
udp dport 69 ct helper set "tftp" comment "!fw4: TFTP connection tracking"
}
chain accept_from_lan {
iifname { "br-lan", "wl0-ap0" } counter packets 2410 bytes 170225 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
}
chain accept_to_lan {
oifname { "br-lan", "wl0-ap0" } counter packets 23 bytes 3782 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
}
chain input_wan {
meta nfproto ipv4 udp dport 68 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCP-Renew"
icmp type echo-request counter packets 0 bytes 0 accept comment "!fw4: Allow-Ping"
meta nfproto ipv4 meta l4proto igmp counter packets 0 bytes 0 accept comment "!fw4: Allow-IGMP"
meta nfproto ipv6 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCPv6"
ip6 saddr fe80::/10 icmpv6 type . icmpv6 code { mld-listener-query . no-route, mld-listener-report . no-route, mld-listener-done . no-route, mld2-listener-report . no-route } counter packets 0 bytes 0 accept comment "!fw4: Allow-MLD"
icmpv6 type { nd-router-solicit, nd-router-advert } limit rate 1000/second burst 5 packets counter packets 0 bytes 0 accept comment "!fw4: Allow IPv6 ICMP"
icmpv6 type . icmpv6 code { nd-neighbor-solicit . no-route, nd-neighbor-advert . no-route } limit rate 1000/second burst 5 packets counter packets 0 bytes 0 accept comment "!fw4: Allow IPv6 ICMP"
meta nfproto ipv6 udp sport 546 udp dport 547 counter packets 0 bytes 0 accept comment "!fw4: Allow DHCPv6 (546-to-547)"
meta nfproto ipv6 udp sport 547 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow DHCPv6 (547-to-546)"
ct status dnat accept comment "!fw4: Accept port redirections"
jump reject_from_wan
}
chain output_wan {
jump accept_to_wan
}
chain forward_wan {
icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second burst 5 packets counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second burst 5 packets counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
ct status dnat accept comment "!fw4: Accept port forwards"
jump reject_to_wan
}
chain accept_to_wan {
meta nfproto ipv4 oifname { "eth0", "lan1", "lan3", "lan4" } ct state invalid counter packets 7 bytes 448 drop comment "!fw4: Prevent NAT leakage"
oifname { "eth0", "lan1", "lan3", "lan4" } counter packets 21787 bytes 1657508 accept comment "!fw4: accept wan IPv4/IPv6 traffic"
}
chain reject_from_wan {
iifname { "eth0", "lan1", "lan3", "lan4" } counter packets 2 bytes 144 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
}
chain reject_to_wan {
oifname { "eth0", "lan1", "lan3", "lan4" } counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
}
chain input_vpn {
meta l4proto { icmp, ipv6-icmp } counter packets 0 bytes 0 accept comment "!fw4: Allow-VPN-ICMP"
ct status dnat accept comment "!fw4: Accept port redirections"
jump reject_from_vpn
}
chain output_vpn {
jump accept_to_vpn
}
chain forward_vpn {
ct status dnat accept comment "!fw4: Accept port forwards"
jump accept_to_vpn
}
chain accept_to_vpn {
meta nfproto ipv4 oifname "tun0" ct state invalid counter packets 447 bytes 39804 drop comment "!fw4: Prevent NAT leakage"
oifname "tun0" counter packets 66408 bytes 89816939 accept comment "!fw4: accept vpn IPv4/IPv6 traffic"
}
chain reject_from_vpn {
iifname "tun0" counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject vpn IPv4/IPv6 traffic"
}
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"
}
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
oifname { "eth0", "lan1", "lan3", "lan4" } jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
oifname "tun0" jump srcnat_vpn comment "!fw4: Handle vpn IPv4/IPv6 srcnat traffic"
jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"
}
chain srcnat_wan {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
}
chain srcnat_vpn {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 vpn traffic"
}
chain raw_prerouting {
type filter hook prerouting priority raw; policy accept;
}
chain raw_output {
type filter hook output priority raw; policy accept;
}
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs0_4 counter packets 0 bytes 0 ip dscp set cs0 comment "!fw4: omr_dscp_cs0_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs0_4 counter packets 0 bytes 0 ip dscp set cs0 comment "!fw4: omr_dscp_cs0_4"
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs1_4 counter packets 672 bytes 332413 ip dscp set cs1 comment "!fw4: omr_dscp_cs1_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs1_4 counter packets 0 bytes 0 ip dscp set cs1 comment "!fw4: omr_dscp_cs1_4"
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs2_4 counter packets 21757 bytes 4553715 ip dscp set cs2 comment "!fw4: omr_dscp_cs2_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs2_4 counter packets 0 bytes 0 ip dscp set cs2 comment "!fw4: omr_dscp_cs2_4"
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs3_4 counter packets 0 bytes 0 ip dscp set cs3 comment "!fw4: omr_dscp_cs3_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs3_4 counter packets 0 bytes 0 ip dscp set cs3 comment "!fw4: omr_dscp_cs3_4"
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs4_4 counter packets 0 bytes 0 ip dscp set cs4 comment "!fw4: omr_dscp_cs4_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs4_4 counter packets 0 bytes 0 ip dscp set cs4 comment "!fw4: omr_dscp_cs4_4"
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs5_4 counter packets 0 bytes 0 ip dscp set cs5 comment "!fw4: omr_dscp_cs5_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs5_4 counter packets 0 bytes 0 ip dscp set cs5 comment "!fw4: omr_dscp_cs5_4"
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs6_4 counter packets 0 bytes 0 ip dscp set cs6 comment "!fw4: omr_dscp_cs6_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs6_4 counter packets 0 bytes 0 ip dscp set cs6 comment "!fw4: omr_dscp_cs6_4"
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs7_4 counter packets 0 bytes 0 ip dscp set cs7 comment "!fw4: omr_dscp_cs7_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_cs7_4 counter packets 0 bytes 0 ip dscp set cs7 comment "!fw4: omr_dscp_cs7_4"
meta l4proto tcp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_ef_4 counter packets 0 bytes 0 ip dscp set ef comment "!fw4: omr_dscp_ef_4"
meta l4proto udp iifname { "br-lan", "wl0-ap0" } ip daddr @omr_dscp_ef_4 counter packets 0 bytes 0 ip dscp set ef comment "!fw4: omr_dscp_ef_4"
}
chain mangle_postrouting {
type filter hook postrouting priority mangle; policy accept;
oifname { "br-lan", "wl0-ap0" } tcp flags syn / fin,syn,rst tcp option maxseg size set rt mtu comment "!fw4: Zone lan IPv4/IPv6 egress MTU fixing"
oifname { "eth0", "lan1", "lan3", "lan4" } tcp flags syn / fin,syn,rst tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
oifname "tun0" tcp flags syn / fin,syn,rst tcp option maxseg size set rt mtu comment "!fw4: Zone vpn IPv4/IPv6 egress MTU fixing"
}
chain mangle_input {
type filter hook input priority mangle; policy accept;
meta l4proto icmp iifname { "br-lan", "wl0-ap0" } ip saddr 0.0.0.0/0 ip daddr 0.0.0.0/0 counter packets 278 bytes 15568 ip dscp set cs7 comment "!fw4: omr_dscp_rule1"
iifname { "br-lan", "wl0-ap0" } ip saddr 0.0.0.0/0 ip daddr 0.0.0.0/0 udp sport { 53, 123, 5353 } udp dport 0-65535 counter packets 0 bytes 0 ip dscp set cs4 comment "!fw4: omr_dscp_rule2"
iifname { "br-lan", "wl0-ap0" } ip saddr 0.0.0.0/0 ip daddr 0.0.0.0/0 tcp sport { 53, 5353 } tcp dport 0-65535 counter packets 0 bytes 0 ip dscp set cs4 comment "!fw4: omr_dscp_rule3"
iifname { "br-lan", "wl0-ap0" } ip saddr 0.0.0.0/0 ip daddr 0.0.0.0/0 tcp sport 0-65535 tcp dport 65500 counter packets 0 bytes 0 ip dscp set cs4 comment "!fw4: omr_dscp_rule4"
iifname { "br-lan", "wl0-ap0" } ip saddr 0.0.0.0/0 ip daddr 0.0.0.0/0 tcp sport 0-65535 tcp dport { 65001, 65011, 65301, 65401 } counter packets 0 bytes 0 ip dscp set cs7 comment "!fw4: omr_dscp_rule5"
iifname { "br-lan", "wl0-ap0" } ip saddr 0.0.0.0/0 ip daddr 0.0.0.0/0 udp sport 0-65535 udp dport { 65001, 65301 } counter packets 0 bytes 0 ip dscp set cs7 comment "!fw4: omr_dscp_rule6"
iifname { "br-lan", "wl0-ap0" } ip saddr 0.0.0.0/0 ip daddr 0.0.0.0/0 tcp sport 0-65535 tcp dport { 65101, 65228 } counter packets 0 bytes 0 ip dscp set cs6 comment "!fw4: omr_dscp_rule7"
}
chain mangle_output {
type route hook output priority mangle; policy accept;
}
chain mangle_forward {
type filter hook forward priority mangle; policy accept;
iifname { "br-lan", "wl0-ap0" } tcp flags syn / fin,syn,rst tcp option maxseg size set rt mtu comment "!fw4: Zone lan IPv4/IPv6 ingress MTU fixing"
iifname { "eth0", "lan1", "lan3", "lan4" } tcp flags syn / fin,syn,rst tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
iifname "tun0" tcp flags syn / fin,syn,rst tcp option maxseg size set rt mtu comment "!fw4: Zone vpn IPv4/IPv6 ingress MTU fixing"
}
chain upnp_forward {
}
chain upnp_prerouting {
}
chain upnp_postrouting {
}}
YB1200
commented
1 month ago Even when I tried to ping any IP address, it was supposed to have the class CS7 with the default configuration of OMR-DSCP, but I see the class as CS0. It's really weird.
Ysurac
commented
1 month ago You are checking DSCP between which points ?
YB1200
commented
1 month ago From OMR to the application. For example, I want to prioritize google meet traffic : it uses WebRTC based on UDP. How can do that with DSCP ?
Ysurac
commented
1 month ago You can try latest snapshot this may be better. I've made some changes in DSCP, a side was missing since conversion to nftables.
YB1200
commented
1 month ago I have just updated to the latest snapshot and also upgraded the server to the most recent version, but I encountered the following error:
I obtained information by running curl -k https://vps-ip:65500/ from both the router and the VPS.
It worked fine when I was using the stable release. I have now switched to the latest snapshot to test DSCP again.
Ysurac
commented
1 month ago Even with the "Can't get public IP..." message, it's working correctly or not ? It seems that it correctly output from the server.
For both, I would need the result of logread command via SSH or Status->System Log (it's same info).
Ysurac
commented
1 month ago For the "no server API answer", I would need, from the VPS, the result of journalctl -u omr-admin.
If it can't contact the API, it may remove the IP as server, so the proxy, here Shadowsocks-Rust, never start.
YB1200
commented
1 month ago Here are the logs:
-- Boot 413a4db027e54897aa09291495e528ed --
Jul 23 12:53:07 Main-Server systemd[1]: Started omr-admin.service - OMR-Admin.
Jul 23 14:11:50 Main-Server systemd[1]: Stopping omr-admin.service - OMR-Admin...
Jul 23 14:11:50 Main-Server systemd[1]: omr-admin.service: Deactivated successfully.
Jul 23 14:11:50 Main-Server systemd[1]: Stopped omr-admin.service - OMR-Admin.
Jul 23 14:11:50 Main-Server systemd[1]: omr-admin.service: Consumed 14.132s CPU time.
Jul 23 14:11:54 Main-Server systemd[1]: Started omr-admin.service - OMR-Admin.
Jul 23 14:11:54 Main-Server omr-admin.py[288767]: Traceback (most recent call last):
Jul 23 14:11:54 Main-Server omr-admin.py[288767]: File "/usr/local/bin/omr-admin.py", line 42, in
Ysurac
commented
1 month ago Seems that there is an issue in a dependency. I remove the use and this one and will update VPS script ASAP.
Ysurac
commented
1 month ago You can try new VPS script, it should solve previous omr-admin crash.
YB1200
commented
1 month ago Still the same problem: can't get vps token. From the vps side, yes the issue is corrected.
Ysurac
commented
1 month ago You still have "no server API answer on" in router log ? The curl -k https://vps-ip:65500/ still work from router ?
Can you check if you have same key in System->OpenMPTCProuter, Wizard tab and in /etc/openmptcprouter-vps-admin/omr-admin-config.json on VPS ?
YB1200
commented
1 month ago I got error from curl -k https://vps-ip:65500/:
curl: (7) Failed to connect to X.X.X.X port 65500 after 53 ms: Error
Yes, same on router and VPS.
Ysurac
commented
1 month ago Can you do the curl command from VPS and from another connection ?
ip r and ip a from the router. And curl -k --interface lan1 https://vps-ip:65500/ (same for lan2 and lan3).systemctl restart omr-admin on the VPS and try again. journalctl -u omr-admin to check if no errors in logs.YB1200
commented
1 month ago result of ip r :
default via 10.255.255.1 dev tun0
default metric 1
nexthop via 192.168.1.1 dev lan1 weight 100
nexthop via 192.168.3.1 dev lan2 weight 1
nexthop via 192.168.2.1 dev lan3 weight 1
default via 192.168.1.1 dev lan1 metric 9
default via 192.168.3.1 dev lan2 metric 10
default via 192.168.2.1 dev lan3 metric 11
default via 10.255.255.1 dev tun0 metric 1500
10.255.255.1 dev tun0 proto kernel scope link src 10.255.255.2
10.255.255.2 dev tun0 scope link metric 1500
127.0.0.0/8 dev lo proto static scope link metric 7
192.168.1.0/24 dev lan1 scope link metric 9
192.168.2.0/24 dev lan3 scope link metric 11
192.168.3.0/24 dev lan2 scope link metric 10
Result of ip a:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc mq state UP group default qlen 1000
link/ether 46:07:a4:20:c5:8e brd ff:ff:ff:ff:ff:ff
inet6 fe80::4407:a4ff:fe20:c58e/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 2e:54:0e:fb:78:61 brd ff:ff:ff:ff:ff:ff
4: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 46:07:a4:20:c5:8e brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global wan
valid_lft forever preferred_lft forever
inet6 fe80::4407:a4ff:fe20:c58e/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
5: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 46:07:a4:20:c5:8e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.42/24 brd 192.168.1.255 scope global lan1
valid_lft forever preferred_lft forever
6: lan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 46:07:a4:20:c5:8e brd ff:ff:ff:ff:ff:ff
inet 192.168.3.42/24 brd 192.168.3.255 scope global lan2
valid_lft forever preferred_lft forever
7: lan3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 46:07:a4:20:c5:8e brd ff:ff:ff:ff:ff:ff
inet 192.168.2.42/24 brd 192.168.2.255 scope global lan3
valid_lft forever preferred_lft forever
8: lan4@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 46:07:a4:20:c5:8e brd ff:ff:ff:ff:ff:ff
9: ip6tnl0@NONE:
And curl -k --interface lan1 https://vps-ip:65500/ works for all interfaces.
Ysurac
commented
1 month ago It's missing direct server ip route in routing table.
Can you send me the result of uci show openmptcprouter ?
Also, you can, via SSH on the router, do uci set openmptcprouter.settings.debug='true' && uci commit openmptcprouter, reboot, wait 2 minutes and send me again the result of Status->System log ?
Thank you for you cooperation and sorry for these problems.
Ysurac
commented
1 month ago Thanks, a new image is compiling and should fix VPS server routes issue.
YB1200
commented
1 month ago Thanks, it works now. I will test DSCP and get back to you if there is a problem.
In the meantime, I have a question: When we have this configuration, does it mean that OMR will send most of the data on lan1 and the rest will be sent on lan2 and lan3 because lan1 has the highest weight? From my understanding, OMR sends traffic on the link with the minimum latency until it becomes saturated.
default metric 1
nexthop via 192.168.1.1 dev lan1 weight 100
nexthop via 192.168.3.1 dev lan2 weight 1
nexthop via 192.168.2.1 dev lan3 weight 1Only when VPN is down or on initial connection, to do some load balancing. Else the weight doesn't have any importance for aggregation and only latency is used in default Multipath scheduler.
YB1200
commented
1 month ago Understood, thanks. I tested DSCP, and it doesn't seem to be working. I generated an iperf test using the UDP protocol from a laptop connected to OMR to my server. I classified this traffic with EF-Voice and launched a packet capture with tcpdump. However, I observed that all the traffic was classified with CS0 instead of EF.
Expected Behavior
OMR-DSCP works correctly.
Current Behavior
I am trying to test OMR-DSCP, but when I generate UDP traffic, it is supposed to be treated as high priority. However, when I check in Wireshark, I see that the class is CS0 instead of CS7. I also tried to test DSCP with domains, but the same problem persists. All the traffic is set to CS0.
Specifications