jjm2473
commented
6 months ago 出问题的时候,把防火墙规则导出来看看。执行iptables-save > /tmp/iptables.rules,然后把/tmp/iptables.rules发出来看看。以及把你的timecontrol的配置发出来看看
Open abullstar opened 7 months ago
jjm2473
commented
6 months ago 出问题的时候,把防火墙规则导出来看看。执行iptables-save > /tmp/iptables.rules,然后把/tmp/iptables.rules发出来看看。以及把你的timecontrol的配置发出来看看
abullstar
commented
5 months ago # Generated by iptables-save v1.8.7 on Thu May 16 10:07:32 2024
*raw
:PREROUTING ACCEPT [11013269:8271601246]
:OUTPUT ACCEPT [143411:14380983]
:zone_lan_helper - [0:0]
-A PREROUTING -i br-LAN -m comment --comment "!fw3: lan CT helper assignment" -j zone_lan_helper
-A zone_lan_helper -p udp -m comment --comment "!fw3: Amanda backup and archiving proto" -m udp --dport 10080 -j CT --helper amanda
-A zone_lan_helper -p tcp -m comment --comment "!fw3: FTP passive connection tracking" -m tcp --dport 21 -j CT --helper ftp
-A zone_lan_helper -p udp -m comment --comment "!fw3: RAS proto tracking" -m udp --dport 1719 -j CT --helper RAS
-A zone_lan_helper -p tcp -m comment --comment "!fw3: Q.931 proto tracking" -m tcp --dport 1720 -j CT --helper Q.931
-A zone_lan_helper -p tcp -m comment --comment "!fw3: IRC DCC connection tracking" -m tcp --dport 6667 -j CT --helper irc
-A zone_lan_helper -p tcp -m comment --comment "!fw3: PPTP VPN connection tracking" -m tcp --dport 1723 -j CT --helper pptp
-A zone_lan_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
-A zone_lan_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip
-A zone_lan_helper -p udp -m comment --comment "!fw3: SNMP monitoring connection tracking" -m udp --dport 161 -j CT --helper snmp
-A zone_lan_helper -p udp -m comment --comment "!fw3: TFTP connection tracking" -m udp --dport 69 -j CT --helper tftp
COMMIT
# Completed on Thu May 16 10:07:32 2024
# Generated by iptables-save v1.8.7 on Thu May 16 10:07:32 2024
*nat
:PREROUTING ACCEPT [5488:535332]
:INPUT ACCEPT [2085:150623]
:OUTPUT ACCEPT [3977:284853]
:POSTROUTING ACCEPT [289:21051]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:TIMECONTROL - [0:0]
:TIMECONTROL_REJECT - [0:0]
:TIMECONTROL_RULES - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_itv_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_ont_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_itv_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_ont_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_itv_postrouting - [0:0]
:zone_itv_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_ont_postrouting - [0:0]
:zone_ont_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -j TIMECONTROL
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-LAN -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-WAN -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_itv_prerouting
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_ont_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-LAN -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-WAN -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_itv_postrouting
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_ont_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A TIMECONTROL -i br-lan -j TIMECONTROL_RULES
-A TIMECONTROL_REJECT -j ACCEPT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 09:40:00 --timestop 10:45:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 11:50:00 --timestop 15:15:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 17:40:00 --timestop 18:00:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 18:00:00 --timestop 20:20:00 --weekdays Mon,Tue,Wed,Thu,Sun --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 22:10:00 --timestop 23:45:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 0c:8f:ff:d2:ef:0d -m time --timestart 11:35:00 --timestop 14:25:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 0c:8f:ff:d2:ef:0d -m time --timestart 17:35:00 --timestop 19:25:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 0c:8f:ff:d2:ef:0d -m time --timestart 22:30:00 --timestop 23:59:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_itv_postrouting -m comment --comment "!fw3: Custom itv postrouting rule chain" -j postrouting_itv_rule
-A zone_itv_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_itv_prerouting -m comment --comment "!fw3: Custom itv prerouting rule chain" -j prerouting_itv_rule
-A zone_itv_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -i docker0 -m comment --comment "!fw3: DockerNAT" -j MASQUERADE
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_ont_postrouting -m comment --comment "!fw3: Custom ont postrouting rule chain" -j postrouting_ont_rule
-A zone_ont_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_ont_prerouting -m comment --comment "!fw3: Custom ont prerouting rule chain" -j prerouting_ont_rule
-A zone_ont_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Thu May 16 10:07:32 2024
# Generated by iptables-save v1.8.7 on Thu May 16 10:07:32 2024
*mangle
:PREROUTING ACCEPT [11013271:8271601335]
:INPUT ACCEPT [154950:48405457]
:FORWARD ACCEPT [10858254:8223193590]
:OUTPUT ACCEPT [143411:14380983]
:POSTROUTING ACCEPT [11000809:8237528801]
-A FORWARD -o pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone itv MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone itv MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone ont MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone ont MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Thu May 16 10:07:32 2024
# Generated by iptables-save v1.8.7 on Thu May 16 10:07:32 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:LUCKY - [0:0]
:MINIUPNPD - [0:0]
:TIMECONTROL - [0:0]
:TIMECONTROL_REJECT - [0:0]
:TIMECONTROL_RULES - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_itv_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_ont_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_itv_rule - [0:0]
:input_lan_rule - [0:0]
:input_ont_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_itv_rule - [0:0]
:output_lan_rule - [0:0]
:output_ont_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_itv_dest_ACCEPT - [0:0]
:zone_itv_forward - [0:0]
:zone_itv_input - [0:0]
:zone_itv_output - [0:0]
:zone_itv_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_ont_dest_ACCEPT - [0:0]
:zone_ont_dest_REJECT - [0:0]
:zone_ont_forward - [0:0]
:zone_ont_input - [0:0]
:zone_ont_output - [0:0]
:zone_ont_src_REJECT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_DROP - [0:0]
-A INPUT -j LUCKY
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-LAN -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-WAN -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_itv_input
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_ont_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -j TIMECONTROL
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-LAN -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-WAN -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_itv_forward
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_ont_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-LAN -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-WAN -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_itv_output
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_ont_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A LUCKY -p tcp -m tcp --dport 42419 -j ACCEPT
-A LUCKY -p tcp -m tcp --dport 35761 -j ACCEPT
-A TIMECONTROL -i br-lan -j TIMECONTROL_RULES
-A TIMECONTROL_REJECT -p tcp -j REJECT --reject-with tcp-reset
-A TIMECONTROL_REJECT -j DROP
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 09:40:00 --timestop 10:45:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 11:50:00 --timestop 15:15:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 17:40:00 --timestop 18:00:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 18:00:00 --timestop 20:20:00 --weekdays Mon,Tue,Wed,Thu,Sun --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 4c:91:7a:39:4f:e2 -m time --timestart 22:10:00 --timestop 23:45:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 0c:8f:ff:d2:ef:0d -m time --timestart 11:35:00 --timestop 14:25:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 0c:8f:ff:d2:ef:0d -m time --timestart 17:35:00 --timestop 19:25:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A TIMECONTROL_RULES -m mac --mac-source 0c:8f:ff:d2:ef:0d -m time --timestart 22:30:00 --timestop 23:59:00 --datestop 2038-01-19T03:14:07 --kerneltz -j TIMECONTROL_REJECT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_itv_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_itv_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_itv_forward -m comment --comment "!fw3: Custom itv forwarding rule chain" -j forwarding_itv_rule
-A zone_itv_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_itv_forward -m comment --comment "!fw3" -j zone_itv_dest_ACCEPT
-A zone_itv_input -m comment --comment "!fw3: Custom itv input rule chain" -j input_itv_rule
-A zone_itv_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_itv_input -m comment --comment "!fw3" -j zone_itv_src_ACCEPT
-A zone_itv_output -m comment --comment "!fw3: Custom itv output rule chain" -j output_itv_rule
-A zone_itv_output -m comment --comment "!fw3" -j zone_itv_dest_ACCEPT
-A zone_itv_src_ACCEPT -i eth1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-LAN -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to docker forwarding policy" -j zone_docker_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to ont forwarding policy" -j zone_ont_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-LAN -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_ont_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_ont_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ont_dest_REJECT -o eth0 -m comment --comment "!fw3" -j reject
-A zone_ont_forward -m comment --comment "!fw3: Custom ont forwarding rule chain" -j forwarding_ont_rule
-A zone_ont_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_ont_forward -m comment --comment "!fw3" -j zone_ont_dest_REJECT
-A zone_ont_input -m comment --comment "!fw3: Custom ont input rule chain" -j input_ont_rule
-A zone_ont_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_ont_input -m comment --comment "!fw3" -j zone_ont_src_REJECT
-A zone_ont_output -m comment --comment "!fw3: Custom ont output rule chain" -j output_ont_rule
-A zone_ont_output -m comment --comment "!fw3" -j zone_ont_dest_ACCEPT
-A zone_ont_src_REJECT -i eth0 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_ACCEPT -o pppoe-WAN -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-WAN -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-WAN -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 33434:33689 -m comment --comment "!fw3: Support-UDP-Traceroute" -j reject
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 5244 -m comment --comment "!fw3: alist" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_DROP
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_DROP -i pppoe-WAN -m comment --comment "!fw3" -j DROP
COMMIT
# Completed on Thu May 16 10:07:32 2024![Uploading 未标题-2.png…]()
jjm2473
commented
5 months ago 可能内核的时区有问题,不过好像也没什么方式能检查内核的时区。你试试把时间都减8小时看看
jjm2473
commented
5 months ago 还有个方式,就是执行下hwclock --systz,然后再重新应用下规则。
jjm2473
commented
5 months ago 执行下date命令看看时间和时区对不对
abullstar
commented
5 months ago root@N100:~# hwclock --systz root@N100:~# date Thu May 16 12:28:02 CST 2024
abullstar
commented
4 months ago 大佬,这个上网时间控制,能否修正一下。
2. 详细叙述
(1) 具体问题
A:上网时间控制功能,比如设定对电视设定,插件功能不规律的紊乱,也不是完全失效,有的时候有效,有的时候无效,即使关闭运行,再次启用,在设定的时间段依旧无效。另:同插件访问限制,黑名单,即开就有效。
(2) 路由器型号和固件版本
A:x86软路由年后更新固件后如此,前两天更新了固件,问题还是没有解决。