Sorry, I don't use pastebin.com, but here are the diagnostics
uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdb9:eeec:6487::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0'
network.lan.proto='static'
network.lan.ipaddr='192.168.3.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.ifname='eth1'
network.wan.proto='pppoe'
network.wan.password='xxxxxx'
network.wan.ipv6='auto'
network.wan.username='xxxxxx@SKYNET'
network.wan.peerdns='0'
network.wan.dns='8.8.8.8' '8.8.4.4'
network.wan6=interface
network.wan6.ifname='eth1'
network.wan6.proto='dhcpv6'
network.wan6.peerdns='0'
network.wan6.dns='2001:4860:4860::8888' '2001:4860:4860::8844'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 0'
##################################
uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.@domain[0]=domain
dhcp.@domain[0].name='asus'
dhcp.@domain[0].ip='192.168.2.15'
dhcp.@domain[1]=domain
dhcp.@domain[1].name='esprimo'
dhcp.@domain[1].ip='192.168.3.10'
dhcp.@host[0]=host
dhcp.@host[0].mac='b8:ac:6f:22:19:36'
dhcp.@host[0].name='esprimo'
dhcp.@host[0].dns='1'
dhcp.@host[0].ip='192.168.3.10'
dhcp.@domain[2]=domain
dhcp.@domain[2].name='hp_wifi'
dhcp.@domain[2].ip='192.168.3.31'
dhcp.@domain[3]=domain
dhcp.@domain[3].ip='192.168.3.51'
dhcp.@domain[3].name='OnePlus8'
dhcp.@host[1]=host
dhcp.@host[1].mac='36:2D:36:08:C0:8F'
dhcp.@host[1].dns='1'
dhcp.@host[1].name='OnePlus8Pro'
dhcp.@host[1].ip='196.168.3.52'
dhcp.@host[2]=host
dhcp.@host[2].mac='4C:4F:EE:47:0A:80'
dhcp.@host[2].name='OnePlus8'
dhcp.@host[2].dns='1'
dhcp.@host[2].ip='192.168.3.51'
dhcp.@host[3]=host
dhcp.@host[3].mac='00:BE:3B:B7:3A:BF'
dhcp.@host[3].name='HUAWEI-MediaPad-M5'
dhcp.@host[3].dns='1'
dhcp.@host[3].ip='192.168.3.53'
############################################
uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[9]=rule
firewall.@rule[9].dest_port='443'
firewall.@rule[9].src='wan'
firewall.@rule[9].name='openvpn'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].proto='tcp'
firewall.@rule[9].family='ipv4'
firewall.@rule[9].extra='-m geoip --source-country BE,FR'
##########################################
ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
link/ether c4:41:1e:ad:2a:1a brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether c4:41:1e:ad:2a:1b brd ff:ff:ff:ff:ff:ff
inet6 fdb1:86a1:9220:0:c641:1eff:fead:2a1b/64 scope global
valid_lft forever preferred_lft forever
inet6 fdb1:86a1:9220::694/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c641:1eff:fead:2a1b/64 scope link
valid_lft forever preferred_lft forever
12: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qdisc fq_codel master br-lan state UP qlen 100
link/ether f6:3e:e8:eb:f2:16 brd ff:ff:ff:ff:ff:ff
inet6 fe80::f43e:e8ff:feeb:f216/64 scope link
valid_lft forever preferred_lft forever
25: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether c4:41:1e:ad:2a:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 2a02:a03f:c066:ff00::1/60 scope global dynamic
valid_lft 68195sec preferred_lft 53795sec
inet6 fdb9:eeec:6487::1/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c641:1eff:fead:2a1a/64 scope link
valid_lft forever preferred_lft forever
26: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
link/ppp
inet 81.240.139.191 peer 10.24.145.6/32 scope global pppoe-wan
valid_lft forever preferred_lft forever
inet6 2a02:a03f:cfe1:6632:b0b7:5465:481a:9e74/64 scope global dynamic
valid_lft 85870sec preferred_lft 3070sec
inet6 fe80::b0b7:5465:481a:9e74/10 scope link
valid_lft forever preferred_lft forever
27: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether c6:41:1e:ad:2a:1e brd ff:ff:ff:ff:ff:ff
inet6 fe80::c441:1eff:fead:2a1e/64 scope link
valid_lft forever preferred_lft forever
28: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether c4:41:1e:ad:2a:1c brd ff:ff:ff:ff:ff:ff
inet6 fe80::c641:1eff:fead:2a1c/64 scope link
valid_lft forever preferred_lft forever
29: wlan2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether c4:41:1e:ad:2a:1d brd ff:ff:ff:ff:ff:ff
inet6 fe80::c641:1eff:fead:2a1d/64 scope link
valid_lft forever preferred_lft forever
############################################
ip route show table all
default via 10.24.145.6 dev pppoe-wan
10.24.145.6 dev pppoe-wan scope link src 81.240.139.191
192.168.3.0/24 dev br-lan scope link src 192.168.3.1
local 81.240.139.191 dev pppoe-wan table local scope host src 81.240.139.191
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.3.0 dev br-lan table local scope link src 192.168.3.1
local 192.168.3.1 dev br-lan table local scope host src 192.168.3.1
broadcast 192.168.3.255 dev br-lan table local scope link src 192.168.3.1
default from 2a02:a03f:c066:ff00::/56 via fe80::22e0:9cff:fe39:a401 dev pppoe-wan metric 512
default from 2a02:a03f:cfe1:6632::/64 via fe80::22e0:9cff:fe39:a401 dev pppoe-wan metric 512
2a02:a03f:c066:ff00::/64 dev br-lan metric 1024
unreachable 2a02:a03f:c066:ff00::/56 dev lo metric 2147483647 error -113
unreachable 2a02:a03f:cfe1:6632::/64 dev lo metric 2147483647 error -113
fdb1:86a1:9220::/48 from fdb1:86a1:9220::694 via fe80::e2b9:e5ff:feef:b838 dev eth1 metric 512
fdb1:86a1:9220::/48 from fdb1:86a1:9220::/64 via fe80::e2b9:e5ff:feef:b838 dev eth1 metric 512
fdb1:86a1:9220::/64 dev eth1 metric 256
unreachable fdb1:86a1:9220::/64 dev lo metric 2147483647 error -113
fdb9:eeec:6487::/64 dev br-lan metric 1024
unreachable fdb9:eeec:6487::/48 dev lo metric 2147483647 error -113
fe80::/64 dev tap0 metric 256
fe80::/64 dev eth1 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wlan2 metric 256
fe80::/10 dev pppoe-wan metric 1
fe80::/10 dev pppoe-wan metric 256
local ::1 dev lo table local metric 0
############################################
ip rule show
anycast 2a02:a03f:c066:ff00:: dev br-lan table local metric 0
local 2a02:a03f:c066:ff00::1 dev br-lan table local metric 0
anycast 2a02:a03f:cfe1:6632:: dev pppoe-wan table local metric 0
local 2a02:a03f:cfe1:6632:b0b7:5465:481a:9e74 dev pppoe-wan table local metric 0
anycast fdb1:86a1:9220:: dev eth1 table local metric 0
local fdb1:86a1:9220::694 dev eth1 table local metric 0
local fdb1:86a1:9220:0:c641:1eff:fead:2a1b dev eth1 table local metric 0
anycast fdb9:eeec:6487:: dev br-lan table local metric 0
local fdb9:eeec:6487::1 dev br-lan table local metric 0
anycast fe80:: dev tap0 table local metric 0
anycast fe80:: dev eth1 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev pppoe-wan table local metric 0
anycast fe80:: dev wlan1 table local metric 0
anycast fe80:: dev wlan0 table local metric 0
anycast fe80:: dev wlan2 table local metric 0
local fe80::b0b7:5465:481a:9e74 dev pppoe-wan table local metric 0
local fe80::c441:1eff:fead:2a1e dev wlan0 table local metric 0
local fe80::c641:1eff:fead:2a1a dev br-lan table local metric 0
local fe80::c641:1eff:fead:2a1b dev eth1 table local metric 0
local fe80::c641:1eff:fead:2a1c dev wlan1 table local metric 0
local fe80::c641:1eff:fead:2a1d dev wlan2 table local metric 0
local fe80::f43e:e8ff:feeb:f216 dev tap0 table local metric 0
ff00::/8 dev tap0 table local metric 256
ff00::/8 dev br-lan table local metric 256
ff00::/8 dev eth1 table local metric 256
ff00::/8 dev pppoe-wan table local metric 256
ff00::/8 dev wlan1 table local metric 256
ff00::/8 dev wlan0 table local metric 256
ff00::/8 dev wlan2 table local metric 256
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
############################################# »
iptables-save -c
# Generated by iptables-save v1.8.3 on Sun May 23 09:46:27 2021
*nat
:PREROUTING ACCEPT [52648:8269576]
:INPUT ACCEPT [5503:453964]
:OUTPUT ACCEPT [8664:637526]
:POSTROUTING ACCEPT [563:72374]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[52648:8269576] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[41151:6853287] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[2700:529336] -A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
[8797:886953] -A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
[31240:2549694] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[563:72374] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[0:0] -A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
[30677:2477320] -A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
[563:72374] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[41151:6853287] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[30677:2477320] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[30677:2477320] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[11497:1416289] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sun May 23 09:46:27 2021
# Generated by iptables-save v1.8.3 on Sun May 23 09:46:27 2021
*mangle
:PREROUTING ACCEPT [3525835:3241690077]
:INPUT ACCEPT [80182:10421980]
:FORWARD ACCEPT [3426933:3226133176]
:OUTPUT ACCEPT [89575:39228046]
:POSTROUTING ACCEPT [3516051:3265340890]
[0:0] -A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[5925:323544] -A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[5907:320508] -A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun May 23 09:46:27 2021
# Generated by iptables-save v1.8.3 on Sun May 23 09:46:27 2021
*filter
:INPUT ACCEPT [1:675]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[3:228] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[80179:10421752] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[61942:8817938] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[3117:134108] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[7565:638702] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[435:13920] -A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
[10140:946924] -A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
[3426933:3226133176] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[3406618:3224280251] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[20315:1852925] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[3:228] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[89572:39227818] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[67848:37501705] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[1985:268400] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[0:0] -A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
[19739:1457713] -A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
[4315:185383] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[5760:758401] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[3020:129840] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[97:4268] -A syn_flood -m comment --comment "!fw3" -j DROP
[1985:268400] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[20315:1852925] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[20315:1852925] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[7565:638702] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[7565:638702] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[1985:268400] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[1985:268400] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[7564:638027] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
[460:21316] -A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[39594:3289322] -A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[10575:960844] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[62:2960] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[435:13920] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[3:180] -A zone_wan_input -p tcp -m tcp --dport 443 -m geoip --source-country BE,FR -m comment --comment "!fw3: openvpn" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[10075:943784] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[19739:1457713] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[19739:1457713] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
[10075:943784] -A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun May 23 09:46:27 2021
##############################################
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
==> /etc/resolv.conf <==
# Interface wan
nameserver 195.238.2.22
nameserver 195.238.2.21
# Interface wan6
nameserver fdb1:86a1:9220::1
search lan
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 8.8.8.8
nameserver 8.8.4.4
# Interface wan6
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
==> /tmp/resolv.conf.ppp <==
nameserver 195.238.2.22
nameserver 195.238.2.21
head: /tmp/resolv.*/*: No such file or directory