Firewall problems?

Is this a normal firewall setup or something else?

Table: Filter

Chain INPUT (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 329953 119.33 MB GL_SPEC_OPENING all -- * * 0.0.0.0/0 0.0.0.0/0 -
2 299705 115.19 MB delegate_input all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain FORWARD (Policy: DROP, Packets: 0, Traffic: 0.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set GL_MAC_BLOCK src
2 287409 52.30 MB ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged
3 383778 60.49 MB delegate_forward all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain OUTPUT (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 253003 52.18 MB delegate_output all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain GL_SPEC_OPENING (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 7293 890.55 KB ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 3 144.00 B ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
3 22949 3.27 MB ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 3 128.00 B ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22
Chain adb-fwd (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* adb-fwd / reject-with tcp-reset
2 0 0.00 B REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-fwd / reject-with icmp-host-unreachable
3 0 0.00 B RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-fwd /
Chain adb-out (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-out / reject-with tcp-reset
2 0 0.00 B REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-out / reject-with icmp-host-unreachable
3 0 0.00 B RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-out /
Chain delegate_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 383778 60.49 MB forwarding_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for forwarding /
2 315764 42.57 MB ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
3 68014 17.92 MB zone_lan_forward all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -
4 0 0.00 B zone_wan_forward all -- eth0 * 0.0.0.0/0 0.0.0.0/0 -
5 0 0.00 B zone_guestzone_forward all -- br-guest * 0.0.0.0/0 0.0.0.0/0 -
6 0 0.00 B reject all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain delegate_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 547 40.78 KB ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 -
2 299158 115.15 MB input_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for input /
3 153060 37.27 MB ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 29112 1.18 MB syn_flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
5 108796 75.64 MB zone_lan_input all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -
6 37176 2.24 MB zone_wan_input all -- eth0 * 0.0.0.0/0 0.0.0.0/0 -
7 0 0.00 B zone_guestzone_input all -- br-guest * 0.0.0.0/0 0.0.0.0/0 -
Chain delegate_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 547 40.78 KB ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 -
2 252456 52.14 MB output_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for output /
3 123409 42.53 MB ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 124 26.31 KB zone_lan_output all -- * br-lan 0.0.0.0/0 0.0.0.0/0 -
5 128923 9.59 MB zone_wan_output all -- * eth0 0.0.0.0/0 0.0.0.0/0 -
6 0 0.00 B zone_guestzone_output all -- * br-guest 0.0.0.0/0 0.0.0.0/0 -
Chain forwarding_rule (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B adb-fwd all -- * * 0.0.0.0/0 198.18.0.1 /
adb-fwd /
Chain output_rule (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B adb-out all -- * * 0.0.0.0/0 198.18.0.1 /
adb-out /
Chain reject (References: 4)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
2 0 0.00 B REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain syn_flood (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 28986 1.17 MB RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
2 126 7.38 KB DROP all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_guestzone_dest_ACCEPT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B ACCEPT all -- * br-guest 0.0.0.0/0 0.0.0.0/0 -
Chain zone_guestzone_dest_REJECT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B reject all -- * br-guest 0.0.0.0/0 0.0.0.0/0 -
Chain zone_guestzone_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B forwarding_guestzone_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for forwarding /
2 0 0.00 B zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /
forwarding guestzone -> wan /
3 0 0.00 B ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /
Accept port forwards /
4 0 0.00 B zone_guestzone_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_guestzone_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B input_guestzone_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for input /
2 0 0.00 B ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 /
guestzone_DHCP /
3 0 0.00 B ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 /
guestzone_DNS /
4 0 0.00 B ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 /
guestzone_DNS /
5 0 0.00 B ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /
Accept port redirections /
6 0 0.00 B zone_guestzone_src_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_guestzone_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B output_guestzone_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for output /
2 0 0.00 B zone_guestzone_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_guestzone_src_REJECT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B reject all -- br-guest * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_dest_ACCEPT (References: 4)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 124 26.31 KB ACCEPT all -- * br-lan 0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 68014 17.92 MB forwarding_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for forwarding /
2 68014 17.92 MB zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /
forwarding lan -> wan /
3 0 0.00 B ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /
Accept port forwards /
4 0 0.00 B zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 108796 75.64 MB input_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for input /
2 0 0.00 B DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 /
@rule[12] /
3 0 0.00 B DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 /
@rule[12] /
4 0 0.00 B DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 /
@rule[12] /
5 0 0.00 B DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 /
@rule[12] /
6 90 8.33 KB DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 /
@rule[12] /
7 78 17.03 KB DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 /
@rule[12] /
8 0 0.00 B DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 /
@rule[12] /
9 0 0.00 B DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 /
@rule[12] /
10 683 44.90 KB ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /
Accept port redirections /
11 107945 75.57 MB zone_lan_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 124 26.31 KB output_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for output /
2 124 26.31 KB zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_lan_src_ACCEPT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 107945 75.57 MB ACCEPT all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_dest_ACCEPT (References: 3)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 196937 27.50 MB ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_dest_REJECT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B reject all -- * eth0 0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B MINIUPNPD all -- * * 0.0.0.0/0 0.0.0.0/0 -
2 0 0.00 B forwarding_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for forwarding /
3 0 0.00 B zone_lan_dest_ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 /
@rule[7] /
4 0 0.00 B zone_lan_dest_ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 /
@rule[8] /
5 0 0.00 B ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /
Accept port forwards /
6 0 0.00 B zone_wan_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 37176 2.24 MB input_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for input /
2 0 0.00 B ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 /
Allow-DHCP-Renew /
3 310 11.45 KB ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /
Allow-Ping /
4 0 0.00 B ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0 /
Allow-IGMP /
5 0 0.00 B DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 /
@rule[11] /
6 0 0.00 B DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 /
@rule[11] /
7 0 0.00 B DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 /
@rule[11] /
8 0 0.00 B DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 /
@rule[11] /
9 0 0.00 B DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 /
@rule[11] /
10 0 0.00 B DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 /
@rule[11] /
11 0 0.00 B DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 /
@rule[11] /
12 0 0.00 B DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 /
@rule[11] /
13 0 0.00 B ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /
Accept port redirections /
14 36866 2.23 MB zone_wan_src_DROP all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 128923 9.59 MB output_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for output */
2 128923 9.59 MB zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_src_DROP (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 36866 2.23 MB DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 -

Table: NAT

Chain PREROUTING (Policy: ACCEPT, Packets: 107499, Traffic: 20.31 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 163980 23.95 MB GL_SPEC_DMZ all -- * * 0.0.0.0/0 0.0.0.0/0 -
2 163981 23.95 MB delegate_prerouting all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain POSTROUTING (Policy: ACCEPT, Packets: 1742, Traffic: 403.04 KB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 187997 25.21 MB delegate_postrouting all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain adb-dns (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 236380 15.42 MB DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* adb-dns / udp dpt:53 to:192.168.8.1:53
2 5487 279.53 KB DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-dns / tcp dpt:53 to:192.168.8.1:53
3 335095 87.21 MB RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-dns /
Chain adb-nat (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-nat / tcp dpt:80 to:192.168.8.1:65534
2 0 0.00 B DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-nat / tcp dpt:443 to:192.168.8.1:65535
3 0 0.00 B RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /
adb-nat /
Chain delegate_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 187997 25.21 MB postrouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for postrouting /
2 1610 394.12 KB zone_lan_postrouting all -- * br-lan 0.0.0.0/0 0.0.0.0/0 -
3 186255 24.82 MB zone_wan_postrouting all -- * eth0 0.0.0.0/0 0.0.0.0/0 -
4 0 0.00 B zone_guestzone_postrouting all -- * br-guest 0.0.0.0/0 0.0.0.0/0 -
Chain delegate_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 163981 23.95 MB prerouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for prerouting /
2 71187 18.11 MB zone_lan_prerouting all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -
3 39589 2.36 MB zone_wan_prerouting all -- eth0 * 0.0.0.0/0 0.0.0.0/0 -
4 0 0.00 B zone_guestzone_prerouting all -- br-guest * 0.0.0.0/0 0.0.0.0/0 -
Chain prerouting_rule (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 576962 102.90 MB adb-dns all -- br-lan+ * 0.0.0.0/0 0.0.0.0/0 /
adb-dns /
2 0 0.00 B adb-nat all -- * * 0.0.0.0/0 198.18.0.1 /
adb-nat /
Chain zone_guestzone_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B postrouting_guestzone_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for postrouting /
Chain zone_guestzone_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B prerouting_guestzone_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for prerouting /
Chain zone_lan_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 1610 394.12 KB postrouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for postrouting /
Chain zone_lan_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 71187 18.11 MB prerouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for prerouting /
Chain zone_wan_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 186255 24.82 MB postrouting_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for postrouting /
2 186255 24.82 MB MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain zone_wan_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 39589 2.36 MB MINIUPNPD all -- * * 0.0.0.0/0 0.0.0.0/0 -
2 39589 2.36 MB prerouting_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /
user chain for prerouting /
3 2697 143.67 KB REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /
Ssh / redir ports 22
4 3 128.00 B REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22 /
Ssh / redir ports 22
5 573 29.29 KB REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /
Web / redir ports 80
6 3 144.00 B REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 /
Web */ redir ports 80

Table: Mangle

Chain PREROUTING (Policy: ACCEPT, Packets: 785969, Traffic: 192.49 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 3244526 758.64 MB mwan3_hook all -- * * 0.0.0.0/0 0.0.0.0/0 -
2 785969 192.49 MB fwmark all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain FORWARD (Policy: ACCEPT, Packets: 457718, Traffic: 73.41 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 457718 73.41 MB mssfix all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain OUTPUT (Policy: ACCEPT, Packets: 253003, Traffic: 52.18 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 1019505 181.04 MB mwan3_hook all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain mssfix (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 40236 2.40 MB TCPMSS tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 /* wan (mtu_fix) / TCPMSS clamp to PMTU
Chain mwan3_connected (References: 2)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 1680591 194.27 MB MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_connected dst MARK or 0x3f00
Chain mwan3_hook (References: 2)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 4264031 939.68 MB CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore mask 0x3f00
2 1275356 153.78 MB mwan3_ifaces_in all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
3 1094367 140.70 MB mwan3_connected all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
4 797009 112.32 MB mwan3_rules all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
5 4264031 939.68 MB CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0x3f00
6 3149255 408.76 MB mwan3_connected all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x3f00/0x3f00
Chain mwan3_iface_in_wan (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B MARK all -- eth0 * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_connected src mark match 0x0/0x3f00 /
default / MARK or 0x3f00
2 180923 13.05 MB MARK all -- eth0 * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /
wan / MARK xset 0x100/0x3f00
Chain mwan3_ifaces_in (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 1263540 152.46 MB mwan3_iface_in_wan all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
Chain mwan3_policy_default_poli (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 792514 111.56 MB MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /
wan 3 3 / MARK xset 0x100/0x3f00
Chain mwan3_rules (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 792514 111.56 MB mwan3_policy_default_poli all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /
default_rule */

Table: Raw

Chain PREROUTING (Policy: ACCEPT, Packets: 785969, Traffic: 192.49 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 785969 192.49 MB delegate_notrack all -- * * 0.0.0.0/0 0.0.0.0/0 -
Chain OUTPUT (Policy: ACCEPT, Packets: 253003, Traffic: 52.18 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 CT helper pptp

how about you just post /etc/config/firewall instead ?

2 Likes

Normal for what? Without any idea of what you have running on the router or what rules you might have added/removed yourself it's impossible to say whether it's 'normal'.

2 Likes