Here we are 
root@OpenWrt:~# uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> iptables-save -c; ip6tables-save -c; \
> ip -4 addr ; ip -4 ro ls tab all ; ip -4 ru; \
> ip -6 addr ; ip -6 ro ls tab all ; ip -6 ru; \
> ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0e:e73a:f262::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '2 3 4 5 0t'
config interface 'lan2'
option type 'bridge'
option ifname 'eth1.3'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option ip6assign '60'
config rule
option in 'lan2'
option lookup '100'
config route
option interface 'wan'
option target '0.0.0.0'
option gateway '192.168.0.1'
option netmask '0.0.0.0'
option table '100'
config route
option interface 'lan'
option target '192.168.1.0'
option netmask '255.255.255.0'
option table '100'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/ahb/18100000.wmac'
option htmode 'HT20'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option key '65e00e9402'
option encryption 'psk-mixed'
option ssid 'TP-LinkVPN'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'lan2'
option interface 'lan2'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan lan2'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'tun0'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
# Generated by iptables-save v1.8.3 on Sun Apr 19 08:46:04 2020
*nat
:PREROUTING ACCEPT [768:82603]
:INPUT ACCEPT [110:8072]
:OUTPUT ACCEPT [368:25955]
:POSTROUTING ACCEPT [282:11672]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[768:82603] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule cha in" -j prerouting_rule
[28:1133] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_wan_prerouti ng
[70:16995] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prero uting
[673:38155] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule c hain" -j postrouting_rule
[380:25669] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_wan_postr outing
[11:814] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postro uting
[0:0] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[0:0] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting r ule chain" -j prerouting_lan_rule
[391:26483] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postr outing rule chain" -j postrouting_wan_rule
[391:26483] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[98:18128] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerout ing rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sun Apr 19 08:46:04 2020
# Generated by iptables-save v1.8.3 on Sun Apr 19 08:46:04 2020
*mangle
:PREROUTING ACCEPT [3776:947201]
:INPUT ACCEPT [3149:874529]
:FORWARD ACCEPT [298:16576]
:OUTPUT ACCEPT [5413:636640]
:POSTROUTING ACCEPT [5413:636640]
[278:14456] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --co mment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun Apr 19 08:46:04 2020
# Generated by iptables-save v1.8.3 on Sun Apr 19 08:46:04 2020
*filter
:INPUT ACCEPT [451:39224]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1:342]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[34:3028] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[3119:871821] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j i nput_rule
[2637:830738] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --c omment "!fw3" -j ACCEPT
[45:2020] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --co mment "!fw3" -j syn_flood
[28:1133] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_wan_input
[3:726] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
[298:16576] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
[298:16576] -A FORWARD -m comment --comment "!fw3" -j reject
[34:3028] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[5384:635524] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[3057:473299] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment -- comment "!fw3" -j ACCEPT
[2313:160933] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_wan_output
[13:950] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
[305:15540] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[24:2895] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-por t-unreachable
[45:2020] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit -- limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3 : Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[0:0] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[0:0] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chai n" -j output_lan_rule
[0:0] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[2313:160933] -A zone_wan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACC EPT
[0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m commen t --comment "!fw3: Prevent NAT leakage" -j DROP
[13:950] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3 : Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[31:1859] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule ch ain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: All ow-DHCP-Renew" -j ACCEPT
[0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3 : Allow-Ping" -j ACCEPT
[0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEP T
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[31:1859] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[2326:161883] -A zone_wan_output -m comment --comment "!fw3: Custom wan output r ule chain" -j output_wan_rule
[2326:161883] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_AC CEPT
[28:1133] -A zone_wan_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
[3:726] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Apr 19 08:46:04 2020
# Generated by ip6tables-save v1.8.3 on Sun Apr 19 08:46:04 2020
*mangle
:PREROUTING ACCEPT [942:107087]
:INPUT ACCEPT [402:35026]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [105:10186]
:POSTROUTING ACCEPT [106:10234]
[0:0] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comm ent "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --co mment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun Apr 19 08:46:04 2020
# Generated by ip6tables-save v1.8.3 on Sun Apr 19 08:46:04 2020
*filter
:INPUT ACCEPT [400:34914]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [32:3108]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[402:35026] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j inp ut_rule
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment " !fw3" -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --commen t "!fw3" -j syn_flood
[0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_wan_input
[2:112] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
[0:0] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j fo rwarding_rule
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[0:0] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[105:10186] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j o utput_rule
[59:5484] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comm ent "!fw3" -j ACCEPT
[4:304] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_wan_output
[10:1290] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
[0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-r eset
[0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-u nreachable
[0:0] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limi t 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[0:0] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[0:0] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chai n" -j output_lan_rule
[0:0] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[4:304] -A zone_wan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m commen t --comment "!fw3: Prevent NAT leakage" -j DROP
[10:1290] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEP T
[0:0] -A zone_wan_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --lim it 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
[0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --lim it 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
[0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
[0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
[0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
[0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --lim it 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
[0:0] -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --lim it 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[2:112] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chai n" -j input_wan_rule
[0:0] -A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m com ment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
[0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 - m comment --comment "!fw3: Allow-MLD" -j ACCEPT
[0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 - m comment --comment "!fw3: Allow-MLD" -j ACCEPT
[0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 - m comment --comment "!fw3: Allow-MLD" -j ACCEPT
[0:0] -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 - m comment --comment "!fw3: Allow-MLD" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1 000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1 000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1 000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[1:48] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limi t 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[1:64] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limi t 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
[0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[14:1594] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[14:1594] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Apr 19 08:46:04 2020
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP gro up default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
8: br-lan2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP gr oup default qlen 1000
inet 192.168.3.1/24 brd 192.168.3.255 scope global br-lan2
valid_lft forever preferred_lft forever
10: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.0.30/24 brd 192.168.0.255 scope global eth0.2
valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel stat e UNKNOWN group default qlen 100
inet 10.8.0.14 peer 10.8.0.13/32 scope global tun0
valid_lft forever preferred_lft forever
default via 192.168.0.1 dev eth0.2 table 100 proto static
192.168.1.0/24 dev br-lan table 100 proto static scope link
0.0.0.0/1 via 10.8.0.13 dev tun0
default via 192.168.0.1 dev eth0.2 proto static src 192.168.0.30
10.8.0.9 via 10.8.0.13 dev tun0 metric 1
10.8.0.13 dev tun0 proto kernel scope link src 10.8.0.14
128.0.0.0/1 via 10.8.0.13 dev tun0
173.245.207.3 via 192.168.0.1 dev eth0.2
192.168.0.0/24 dev eth0.2 proto kernel scope link src 192.168.0.30
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.3.0/24 dev br-lan2 proto kernel scope link src 192.168.3.1
local 10.8.0.14 dev tun0 table local proto kernel scope host src 10.8.0.14
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0 .1
broadcast 192.168.0.0 dev eth0.2 table local proto kernel scope link src 192.168 .0.30
local 192.168.0.30 dev eth0.2 table local proto kernel scope host src 192.168.0. 30
broadcast 192.168.0.255 dev eth0.2 table local proto kernel scope link src 192.1 68.0.30
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168 .1.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.1 68.1.1
broadcast 192.168.3.0 dev br-lan2 table local proto kernel scope link src 192.16 8.3.1
local 192.168.3.1 dev br-lan2 table local proto kernel scope host src 192.168.3. 1
broadcast 192.168.3.255 dev br-lan2 table local proto kernel scope link src 192. 168.3.1
0: from all lookup local
1: from all iif br-lan2 lookup 100
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6666:b3ff:fe78:9469/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6666:b3ff:fe78:9468/64 scope link
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd0e:e73a:f262::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::6666:b3ff:fe78:9468/64 scope link
valid_lft forever preferred_lft forever
8: br-lan2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd0e:e73a:f262:10::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::6666:b3ff:fe78:9468/64 scope link
valid_lft forever preferred_lft forever
10: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6666:b3ff:fe78:9469/64 scope link
valid_lft forever preferred_lft forever
11: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::6666:b3ff:fe78:9468/64 scope link
valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 100
inet6 fe80::8ec2:fc1a:d2a1:5fe7/64 scope link stable-privacy
valid_lft forever preferred_lft forever
fd0e:e73a:f262::/64 dev br-lan proto static metric 1024 pref medium
fd0e:e73a:f262:10::/64 dev br-lan2 proto static metric 1024 pref medium
unreachable fd0e:e73a:f262::/48 dev lo proto static metric 2147483647 error 4294 967148 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev br-lan2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fd0e:e73a:f262:: dev br-lan table local proto kernel metric 0 pref mediu m
local fd0e:e73a:f262::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fd0e:e73a:f262:10:: dev br-lan2 table local proto kernel metric 0 pref m edium
local fd0e:e73a:f262:10::1 dev br-lan2 table local proto kernel metric 0 pref me dium
anycast fe80:: dev eth1 table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan2 table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
anycast fe80:: dev tun0 table local proto kernel metric 0 pref medium
local fe80::6666:b3ff:fe78:9468 dev eth1 table local proto kernel metric 0 pref medium
local fe80::6666:b3ff:fe78:9468 dev br-lan2 table local proto kernel metric 0 pr ef medium
local fe80::6666:b3ff:fe78:9468 dev br-lan table local proto kernel metric 0 pre f medium
local fe80::6666:b3ff:fe78:9468 dev wlan0 table local proto kernel metric 0 pref medium
local fe80::6666:b3ff:fe78:9469 dev eth0 table local proto kernel metric 0 pref medium
local fe80::6666:b3ff:fe78:9469 dev eth0.2 table local proto kernel metric 0 pre f medium
local fe80::8ec2:fc1a:d2a1:5fe7 dev tun0 table local proto kernel metric 0 pref medium
ff00::/8 dev eth1 table local metric 256 pref medium
ff00::/8 dev br-lan table local metric 256 pref medium
ff00::/8 dev br-lan2 table local metric 256 pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev eth0.2 table local metric 256 pref medium
ff00::/8 dev wlan0 table local metric 256 pref medium
ff00::/8 dev tun0 table local metric 256 pref medium
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo failed_policy
4200000006: from all iif br-lan failed_policy
4200000008: from all iif br-lan2 failed_policy
4200000010: from all iif eth0.2 failed_policy
lrwxrwxrwx 1 root root 16 Feb 27 21:05 /etc/resolv.conf -> /tm p/resolv.conf
-rw-r--r-- 1 root root 32 Apr 19 08:43 /tmp/resolv.conf
-rw-r--r-- 1 root root 92 Apr 19 08:15 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 8.8.8.8
nameserver 8.8.4.4