# Generated by xtables-save v1.8.2 on Fri Mar 31 17:02:25 2023
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:SSH - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 10/sec -m comment --comment "Echo Request" -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m comment --comment "Echo Request" -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m hl --hl-eq 255 -m comment --comment "Neighbor Solicitation" -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m hl --hl-eq 255 -m comment --comment "Neighbor Advertisement" -j ACCEPT
-A INPUT -i wan0 -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m hl --hl-eq 255 -m comment --comment "Router Advertisement" -j ACCEPT
-A INPUT -i wan0 -p ipv6-icmp -m icmp6 --icmpv6-type 137 -m hl --hl-eq 255 -m comment --comment "Redirect" -j ACCEPT
-A INPUT -i wan0 -p udp -m udp --sport 547 --dport 546 -d fe80::/64 -m comment --comment "DHCPv6 server/relayagent -> DHCPv6 client" -j ACCEPT
-A INPUT -p udp -m udp --dport 33434:33534 -m comment --comment "traceroute in UDP mode" -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -i br0 -p tcp -m tcp --dport 22 -m comment --comment "new SSH connections from LAN" -j SSH
-A INPUT -i br0 -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m hl --hl-eq 255 -m comment --comment "Router Solicitation" -j ACCEPT
-A INPUT -i br0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i br0 -o wan0 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wan0 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A SSH -m recent --set --name SSH --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource 
-A SSH -m recent --update --seconds 30 --hitcount 10 --name SSH --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource -j LOG --log-prefix "SSH bruteforce: "
-A SSH -m recent --update --seconds 30 --hitcount 10 --name SSH --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource -j DROP
-A SSH -j ACCEPT
COMMIT
# Completed on Fri Mar 31 17:02:25 2023
# Generated by xtables-save v1.8.2 on Fri Mar 31 17:02:25 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Mar 31 17:02:25 2023
# Generated by xtables-save v1.8.2 on Fri Mar 31 17:02:25 2023
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Mar 31 17:02:25 2023
# Generated by xtables-save v1.8.2 on Fri Mar 31 17:02:25 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Mar 31 17:02:25 2023
# Generated by xtables-save v1.8.2 on Fri Mar 31 17:02:25 2023
*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Mar 31 17:02:25 2023