ubus call system board;
{
"kernel": "4.14.180",
"hostname": "AP7",
"system": "ARMv7 Processor rev 1 (v7l)",
"model": "Linksys WRT1900ACS",
"board_name": "linksys,shelby",
"release": {
"distribution": "OpenWrt",
"version": "19.07.3",
"revision": "r11063-85e04e9f46",
"target": "mvebu/cortexa9",
"description": "OpenWrt 19.07.3 r11063-85e04e9f46"
}
}
uci export network;
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd32:***:***::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.***.***'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '2620:fe::fe'
list dns '2620:fe::9'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'AS_Guest'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.***.***.***'
uci export wireless;
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'VHT80'
option country 'US'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option macaddr '**:**:**:**:**:**'
option ssid 'Main5g'
option macfilter 'allow'
option encryption 'psk2+ccmp'
option key '********'
list maclist '**:**:**:**:**:**'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'HT20'
option country 'US'
option channel '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option macaddr '**:**:**:**:**:**'
option ssid 'Main2g'
option macfilter 'allow'
option encryption 'psk2+ccmp'
option key '*********'
list maclist '**:**:**:**:**:**'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'Guest'
option encryption 'psk2+ccmp'
option isolate '1'
option key '*********'
option network 'Guest'
uci export dhcp;
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
list server '127.0.0.1#****'
list server '127.0.0.1#****'
option noresolv '1'
option doh_backup_noresolv '-1'
list doh_backup_server '127.0.0.1#****'
list doh_backup_server '127.0.0.1#****'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'Guest'
option interface 'Guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,185.228.168.168,185.228.169.168'
uci export firewall;
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'Guest'
option network 'Guest'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
config forwarding
option src 'Guest'
option dest 'wan'
config rule
option name 'Guest_DNS'
option src 'Guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Guest_DHCP'
list proto 'udp'
option src 'Guest'
option dest_port '67-68'
option target 'ACCEPT'
head -n -0 /etc/firewall.user;
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
netstat -lnp | grep dnsmasq;
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5265/dnsmasq
tcp 0 0 192.168.***.***:53 0.0.0.0:* LISTEN 5265/dnsmasq
tcp 0 0 ***.***.***.***:53 0.0.0.0:* LISTEN 5265/dnsmasq
tcp 0 0 10.***.***.***:53 0.0.0.0:* LISTEN 5265/dnsmasq
udp 0 0 127.0.0.1:53 0.0.0.0:* 5265/dnsmasq
udp 0 0 192.168.***.***:53 0.0.0.0:* 5265/dnsmasq
udp 0 0 ***.***.***.***:53 0.0.0.0:* 5265/dnsmasq
udp 0 0 10.***.***.***:53 0.0.0.0:* 5265/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 5265/dnsmasq
(I removed the ipv6 entries from above)
logread -e dnsmasq
I will do the above if still needed it but if I can avoid it I’d like to due to large output that will be extensive to redact. I have no problem doing so if it is still necessary. Also if you see anything sensitive I missed I’d appreciate a heads up. Thank you in advance.