iptables -t nat -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N MINIUPNPD -N MINIUPNPD-POSTROUTING -N openclash -N postrouting_lan_rule -N postrouting_rule -N postrouting_wan_rule -N prerouting_lan_rule -N prerouting_rule -N prerouting_wan_rule -N zone_lan_postrouting -N zone_lan_prerouting -N zone_wan_postrouting -N zone_wan_prerouting -A PREROUTING -d 8.8.4.4/32 -p tcp -j REDIRECT --to-ports 7892 -A PREROUTING -d 8.8.8.8/32 -p tcp -j REDIRECT --to-ports 7892 -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting -A PREROUTING -p tcp -j openclash -A OUTPUT -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892 -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting -A openclash -d 0.0.0.0/8 -j RETURN -A openclash -d 10.0.0.0/8 -j RETURN -A openclash -d 127.0.0.0/8 -j RETURN -A openclash -d 169.254.0.0/16 -j RETURN -A openclash -d 172.16.0.0/12 -j RETURN -A openclash -d 192.168.0.0/16 -j RETURN -A openclash -d 224.0.0.0/4 -j RETURN -A openclash -d 240.0.0.0/4 -j RETURN -A openclash -d 192.168.1.1/32 -j RETURN -A openclash -d 127.0.0.1/32 -j RETURN -A openclash -d 220.172.4.228/32 -j RETURN -A openclash -p tcp -j REDIRECT --to-ports 7892 -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 5900 -m comment --comment "!fw3: M7H-VNC (reflection)" -j SNAT --to-source 192.168.1.1 -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: Openclash (reflection)" -j SNAT --to-source 192.168.1.1 -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule -A zone_lan_prerouting -s 192.168.1.0/24 -d 220.172.4.228/32 -p tcp -m tcp --dport 63243 -m comment --comment "!fw3: M7H-VNC (reflection)" -j DNAT --to-destination 192.168.1.99:5900 -A zone_lan_prerouting -s 192.168.1.0/24 -d 220.172.4.228/32 -p tcp -m tcp --dport 8881 -m comment --comment "!fw3: Openclash (reflection)" -j DNAT --to-destination 192.168.1.1:9090 -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule -A zone_wan_postrouting -j MINIUPNPD-POSTROUTING -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule -A zone_wan_prerouting -p tcp -m tcp --dport 63243 -m comment --comment "!fw3: M7H-VNC" -j DNAT --to-destination 192.168.1.99:5900 -A zone_wan_prerouting -p tcp -m tcp --dport 8881 -m comment --comment "!fw3: Openclash" -j DNAT --to-destination 192.168.1.1:9090 -A zone_wan_prerouting -j MINIUPNPD