华硕 AC68U 路由器仅在第一分钟对客户端进行身份验证,然后丢弃它们

tag-icon tag-icon networking router home-networking asuswrt-merlin
华硕 AC68U 路由器仅在第一分钟对客户端进行身份验证,然后丢弃它们

我的 AC68U 路由器有问题。出于某种原因,它只在第一分钟对客户端进行身份验证,然后如果有任何尝试,它会将其全部丢弃。

例子:

  1. 路由器启动
  2. 如果客户端在重启后的第一分钟内尝试连接,则连接成功(WiFi 和以太网)
  3. 如果客户端因任何原因重新连接,它将被丢弃。路由器将丢弃所有尝试,即使使用以太网也是如此。

我试过:

  1. 禁用了很多东西,但没有成功(DHCP、AI 保护、无线设置,也改变了一些)
  2. 恢复出厂设置。
  3. 固件已更新,但我重新上传了,但没有成功。
  4. 确认没有 MAC 过滤器。

奇怪的是,如果我保持连接,它不会断开或放弃连接(WiFi 或有线),但我只能在重启后的第一分钟(或几秒钟)内连接所有设备。

我两年前买了这个路由器,如果它损坏了,那将是一个巨大的损失

丢弃客户端时的路由器日志:

Oct  6 19:37:50 syslog: wlceventd_proc_event(491): eth1: Deauth_ind xx:xx:xx:xx:xx:xx, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-47
Oct  6 19:37:50 syslog: wlceventd_proc_event(527): eth1: Auth xx:xx:xx:xx:xx:xx, status: Successful (0), rssi:0
Oct  6 19:37:50 syslog: wlceventd_proc_event(556): eth1: Assoc xx:xx:xx:xx:xx:xx, status: Successful (0), rssi:0
Oct  6 19:37:58 syslog: wlceventd_proc_event(491): eth1: Deauth_ind xx:xx:xx:xx:xx:xx, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-47
Oct  6 19:38:01 syslog: wlceventd_proc_event(527): eth1: Auth xx:xx:xx:xx:xx:xx, status: Successful (0), rssi:0
Oct  6 19:38:01 syslog: wlceventd_proc_event(556): eth1: Assoc xx:xx:xx:xx:xx:xx, status: Successful (0), rssi:0

启动日志和成功配对。

May  5 00:05:03 kernel: klogd started: BusyBox v1.25.1 (2021-05-08 04:16:59 CST)
May  5 00:05:03 kernel: Linux version 2.6.36.4brcmarm (root@asus) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Sat May 8 04:23:42 CST 2021
May  5 00:05:03 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
May  5 00:05:03 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
May  5 00:05:03 kernel: Machine: Northstar Prototype
May  5 00:05:03 kernel: Ignoring unrecognised tag 0x00000000
May  5 00:05:03 kernel: Memory policy: ECC disabled, Data cache writealloc
May  5 00:05:03 kernel: Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 60416
May  5 00:05:03 kernel: Kernel command line: root=/dev/mtdblock2 console=ttyS0,115200 init=/sbin/preinit earlyprintk debug
May  5 00:05:03 kernel: Memory: 255496k/255496k available, 6648k reserved, 0K highmem
May  5 00:05:03 kernel: Virtual kernel memory layout:
May  5 00:05:03 kernel:     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
May  5 00:05:03 kernel:     fixmap  : 0xfff00000 - 0xfffe0000   ( 896 kB)
May  5 00:05:03 kernel:     DMA     : 0xf7e00000 - 0xffe00000   ( 128 MB)
May  5 00:05:03 kernel:     vmalloc : 0xd0800000 - 0xf0000000   ( 504 MB)
May  5 00:05:03 kernel:     lowmem  : 0xc0000000 - 0xd0000000   ( 256 MB)
May  5 00:05:03 kernel:     modules : 0xbf000000 - 0xc0000000   (  16 MB)
May  5 00:05:03 kernel:       .init : 0xc0008000 - 0xc003d000   ( 212 kB)
May  5 00:05:03 kernel:       .text : 0xc003d000 - 0xc03a8000   (3500 kB)
May  5 00:05:03 kernel:       .data : 0xc03c0000 - 0xc03e3180   ( 141 kB)
May  5 00:05:03 kernel: External imprecise Data abort at addr=0x0, fsr=0x1c06 ignored.
May  5 00:05:03 kernel: Mount-cache hash table entries: 512
May  5 00:05:03 kernel: CPU1: Booted secondary processor
May  5 00:05:03 kernel: Found a AMD NAND flash:
May  5 00:05:03 kernel: Total size:  128MB
May  5 00:05:03 kernel: Block size:  128KB
May  5 00:05:03 kernel: Page Size:   2048B
May  5 00:05:03 kernel: OOB Size:    64B
May  5 00:05:03 kernel: Sector size: 512B
May  5 00:05:03 kernel: Spare size:  16B
May  5 00:05:03 kernel: ECC level:   8 (8-bit)
May  5 00:05:03 kernel: Device ID: 0x 1 0xf1 0x 0 0x1d 0x 1 0xf1
May  5 00:05:03 kernel: bio: create slab <bio-0> at 0
May  5 00:05:03 kernel: PCI: no core
May  5 00:05:03 kernel: PCI: no core
May  5 00:05:03 kernel: PCI: Fixing up bus 0
May  5 00:05:03 kernel: PCI: Fixing up bus 0
May  5 00:05:03 kernel: PCI: Fixing up bus 1
May  5 00:05:03 kernel: PCI: Fixing up bus 0
May  5 00:05:03 kernel: PCI: Fixing up bus 2
May  5 00:05:03 kernel: VFS: Disk quotas dquot_6.5.2
May  5 00:05:03 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
May  5 00:05:03 kernel: pflash: found no supported devices
May  5 00:05:03 kernel: bcmsflash: found no supported devices
May  5 00:05:03 kernel: Boot partition size = 524288(0x80000)
May  5 00:05:03 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
May  5 00:05:03 kernel: nflash: squash filesystem with lzma found at block 28
May  5 00:05:03 kernel: Creating 4 MTD partitions on "nflash":
May  5 00:05:03 kernel: 0x000000000000-0x000000080000 : "boot"
May  5 00:05:03 kernel: 0x000000080000-0x000000200000 : "nvram"
May  5 00:05:03 kernel: 0x000000200000-0x000004000000 : "linux"
May  5 00:05:03 kernel: 0x00000039c62c-0x000004000000 : "rootfs"
May  5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 16 for vlan1 mvlan_en 0
May  5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 5 for vlan1 mvlan_en 0
May  5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 16 for vlan2 mvlan_en 0
May  5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 5 for vlan2 mvlan_en 0
May  5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 13 for vlan1 mvlan_en 0
May  5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 1 for vlan1 mvlan_en 0
May  5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 16 for eth0.501 mvlan_en 0
May  5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 5 for eth0.501 mvlan_en 0
May  5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 13 for eth0.501 mvlan_en 0
May  5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 1 for eth0.501 mvlan_en 0
May  5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 16 for eth0.502 mvlan_en 0
May  5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 5 for eth0.502 mvlan_en 0
May  5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 13 for eth0.502 mvlan_en 0
May  5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 1 for eth0.502 mvlan_en 0
May  5 00:05:05 kernel: et0: et_mvlan_netdev_event: event 4 for eth0.501 mvlan_en 0
May  5 00:05:05 kernel: et0: et_mvlan_netdev_event: event 4 for eth0.502 mvlan_en 0
May  5 00:05:05 lldpd[266]: cannot get ethtool link information with GLINKSETTINGS (requires 4.9+): Operation not permitted
May  5 00:05:05 lldpd[266]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
May  5 00:05:08 syslog: main(961): wlceventd Start...
May  5 00:05:09 WAN Connection: Fail to connect with some issues.
May  5 00:05:11 acsd: COEX: downgraded chanspec 0x1909 to 0x100b: channel 4 used by exiting BSSs 
May  5 00:05:11 acsd: selected channel spec: 0x100b (11)
May  5 00:05:11 acsd: Adjusted channel spec: 0x100b (11)
May  5 00:05:11 acsd: selected DFS-exit channel spec: 0x100b (11)
May  5 00:05:11 acsd: COEX: downgraded chanspec 0x1909 to 0x100b: channel 4 used by exiting BSSs 
May  5 00:05:11 acsd: selected channel spec: 0x100b (11)
May  5 00:05:11 acsd: Adjusted channel spec: 0x100b (11)
May  5 00:05:11 acsd: selected channel spec: 0x100b (11)
May  5 00:05:11 acsd: acs_set_chspec: 0x100b (11) for reason APCS_INIT
May  5 00:05:13 acsd: selected channel spec: 0xe39b (161/80)
May  5 00:05:13 acsd: Adjusted channel spec: 0xe39b (161/80)
May  5 00:05:13 acsd: selected DFS-exit channel spec: 0xe39b (161/80)
May  5 00:05:13 acsd: selected channel spec: 0xe39b (161/80)
May  5 00:05:13 acsd: Adjusted channel spec: 0xe39b (161/80)
May  5 00:05:13 acsd: selected channel spec: 0xe39b (161/80)
May  5 00:05:13 acsd: acs_set_chspec: 0xe39b (161/80) for reason APCS_INIT
May  5 00:05:13 RT-AC68U: start httpd:80
May  5 00:05:14 avahi-daemon[357]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
May  5 00:05:14 jffs2: valid logs(1)
May  5 00:05:14 httpd: Save SSL certificate...80
May  5 00:05:15 disk monitor: be idle
May  5 00:05:15 hour monitor: daemon is starting
May  5 00:05:15 hour monitor: daemon terminates
May  5 00:05:15 ERP: The model isn't under EU SKU!
May  5 00:05:15 avahi-daemon[357]: Alias name "RT-AC68U" successfully established.
May  5 00:05:15 httpd: mssl_cert_key_match : PASS
May  5 00:05:16 reboot scheduler: [timecheck] NTP sync error
May  5 00:05:16 Mastiff: init
May  5 00:05:16 httpd: Succeed to init SSL certificate...80
May  5 00:05:17 syslog: module ax88179_178a not found in modules.dep
May  5 00:05:18 pppd[484]: pppd 2.4.7 started by thirdworldarmies, uid 0
May  5 00:05:18 pppd[484]: Connected to X via interface eth0
May  5 00:05:18 pppd[484]: Connect: ppp0 <--> eth0
May  5 00:05:18 pppd[484]: CHAP authentication succeeded
May  5 00:05:18 pppd[484]: peer from calling number X authorized
May  5 00:05:18 kernel: xhci_hcd 0000:00:0c.0: Failed to enable MSI-X
May  5 00:05:18 kernel: xhci_hcd 0000:00:0c.0: failed to allocate MSI entry
May  5 00:05:18 kernel: usb usb1: No SuperSpeed endpoint companion for config 1  interface 0 altsetting 0 ep 129: using minimum values
May  5 00:05:18 pppd[484]: local  IP address x
May  5 00:05:18 pppd[484]: remote IP address x
May  5 00:05:18 pppd[484]: primary   DNS address x
May  5 00:05:18 pppd[484]: secondary DNS address x
May  5 00:05:18 syslog: module ledtrig-usbdev not found in modules.dep
May  5 00:05:18 syslog: module leds-usb not found in modules.dep
May  5 00:05:19 kernel: SCSI subsystem initialized
May  5 00:05:19 kernel: nf_conntrack_rtsp v0.6.21 loading
May  5 00:05:19 kernel: nf_nat_rtsp v0.6.21 loading
May  5 00:05:20 wan: finish adding multi routes
May  5 00:05:21 dhcp client: bound 192.168.0.3/255.255.255.0 via 192.168.0.1 for 86400 seconds.
May  5 00:05:21 syslog: fwver: 3.0.0.4_386_43129-g60defb2 (sn: /ha:X )
May  5 00:05:21 ahs: [read_json]Update ahs JSON file.
May  5 00:05:22 syslog:  event: wl_chanspec_changed_action
May  5 00:05:22 syslog: skip event due no re
May  5 00:05:24 WAN Connection: WAN was restored.
May  5 00:05:25 roamast: ROAMING Start...
May  5 00:05:27 ntp: start NTP update
Oct  6 19:29:21 rc_service: ntp 640:notify_rc restart_diskmon
Oct  6 19:29:22 disk_monitor: Finish
Oct  6 19:29:23 disk monitor: be idle
Oct  6 19:29:37 syslog: wlceventd_proc_event(527): eth1: Auth X, status: Successful (0), rssi:0
Oct  6 19:29:37 syslog: wlceventd_proc_event(556): eth1: Assoc X, status: Successful (0), rssi:0
Oct  6 19:29:54 crond[332]: time disparity of 1801164 minutes detected

尝试使用以太网连接时记录(客户端上启用了 DHCP。如果我设置了手动 IP,它只会显示“目标主机不可达”):

Oct  6 20:22:03 user avahi-daemon[1064]: New relevant interface enp4s0.IPv4 for mDNS.
Oct  6 20:22:03 user avahi-daemon[1064]: Registering new address record for 192.168.1.122 on enp4s0.IPv4.
Oct  6 20:22:03 user avahi-daemon[1064]: Joining mDNS multicast group on interface enp4s0.IPv6 with address X.
Oct  6 20:22:03 user avahi-daemon[1064]: New relevant interface enp4s0.IPv6 for mDNS.
Oct  6 20:22:03 user avahi-daemon[1064]: Registering new address record for X on enp4s0.*.
Oct  6 20:22:05 user dbus-daemon[1068]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.21' (uid=0 pid=1452 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Oct  6 20:22:05 user systemd[1]: Starting Network Manager Script Dispatcher Service...
Oct  6 20:22:05 user dbus-daemon[1068]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Oct  6 20:22:05 user systemd[1]: Started Network Manager Script Dispatcher Service.
Oct  6 20:22:15 user systemd[1]: NetworkManager-dispatcher.service: Succeeded.
Oct  6 20:22:48 user NetworkManager[1452]: <warn>  [1633569768.5774] dhcp4 (enp4s0): request timed out
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.5774] dhcp4 (enp4s0): state changed unknown -> timeout
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.5774] device (enp4s0): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed')
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.5778] manager: NetworkManager state is now DISCONNECTED
Oct  6 20:22:48 user NetworkManager[1452]: <warn>  [1633569768.5786] device (enp4s0): Activation: failed for connection 'Wired connection 1'
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.5790] device (enp4s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Oct  6 20:22:48 user avahi-daemon[1064]: Withdrawing address record for X on enp4s0.
Oct  6 20:22:48 user avahi-daemon[1064]: Leaving mDNS multicast group on interface enp4s0.IPv6 with address X.
Oct  6 20:22:48 user avahi-daemon[1064]: Interface enp4s0.IPv6 no longer relevant for mDNS.
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6152] dhcp4 (enp4s0): canceled DHCP transaction
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6152] dhcp4 (enp4s0): state changed timeout -> done
Oct  6 20:22:48 user avahi-daemon[1064]: Withdrawing address record for 192.168.1.122 on enp4s0.
Oct  6 20:22:48 user avahi-daemon[1064]: Leaving mDNS multicast group on interface enp4s0.IPv4 with address 192.168.1.122.
Oct  6 20:22:48 user avahi-daemon[1064]: Interface enp4s0.IPv4 no longer relevant for mDNS.
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6228] policy: auto-activating connection 'Wired connection 1' (6e176a17-2e93-3aba-97f3-1c2100cbb44f)
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6252] device (enp4s0): Activation: starting connection 'Wired connection 1' (6e176a17-2e93-3aba-97f3-1c2100cbb44f)
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6255] device (enp4s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Oct  6 20:22:48 user dbus-daemon[1068]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.21' (uid=0 pid=1452 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6268] manager: NetworkManager state is now CONNECTING
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6273] device (enp4s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6291] device (enp4s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Oct  6 20:22:48 user systemd[1]: Starting Network Manager Script Dispatcher Service...
Oct  6 20:22:48 user NetworkManager[1452]: <info>  [1633569768.6309] dhcp4 (enp4s0): activation: beginning transaction (timeout in 45 seconds)
Oct  6 20:22:48 user avahi-daemon[1064]: Joining mDNS multicast group on interface enp4s0.IPv4 with address 192.168.1.122.
Oct  6 20:22:48 user avahi-daemon[1064]: New relevant interface enp4s0.IPv4 for mDNS.
Oct  6 20:22:48 user avahi-daemon[1064]: Registering new address record for 192.168.1.122 on enp4s0.IPv4.
Oct  6 20:22:48 user avahi-daemon[1064]: Joining mDNS multicast group on interface enp4s0.IPv6 with address X.
Oct  6 20:22:48 user avahi-daemon[1064]: New relevant interface enp4s0.IPv6 for mDNS.
Oct  6 20:22:48 user avahi-daemon[1064]: Registering new address record for X on enp4s0.*.
Oct  6 20:22:48 user dbus-daemon[1068]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Oct  6 20:22:48 user systemd[1]: Started Network Manager Script Dispatcher Service.
Oct  6 20:23:00 user systemd[1]: NetworkManager-dispatcher.service: Succeeded.

路由器 IP 表(我没有设置任何与 IP 或字符串相关的内容。这是今天重置后的结果)

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ACCESS_RESTRICTION
-N FUPNP
-N INPUT_ICMP
-N INPUT_PING
-N OUTPUT_DNS
-N OUTPUT_IP
-N PControls
-N PTCSRVLAN
-N PTCSRVWAN
-N SECURITY
-N default_block
-N logaccept
-N logdrop
-N logdrop_dns
-N logdrop_ip
-A INPUT -p icmp -m icmp --icmp-type 8 -j INPUT_PING
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m multiport --dports 80,1025 -j ACCESS_RESTRICTION
-A INPUT ! -i br0 -j PTCSRVWAN
-A INPUT -i br0 -j PTCSRVLAN
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -p icmp -j INPUT_ICMP
-A INPUT -i br1 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br1 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i br1 -p udp -m udp --dport 68 -j ACCEPT
-A INPUT -i br1 -j DROP
-A INPUT -i br2 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br2 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i br2 -p udp -m udp --dport 68 -j ACCEPT
-A INPUT -i br2 -j DROP
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br1 -o ppp0 -j ACCEPT
-A FORWARD -i br2 -o ppp0 -j ACCEPT
-A FORWARD ! -i br0 -o ppp0 -j DROP
-A FORWARD ! -i br0 -o eth0 -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -p udp -m udp --dport 53 -m u32 --u32 "0x0>>0x16&0x3c@0x8>>0xf&0x1=0x0" -j OUTPUT_DNS
-A OUTPUT -p tcp -m tcp --dport 53 -m u32 --u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x8>>0xf&0x1=0x0" -j OUTPUT_DNS
-A OUTPUT -j OUTPUT_IP
-A ACCESS_RESTRICTION -s 192.168.1.122/32 -p tcp -m multiport --dports 80 -j ACCEPT
-A ACCESS_RESTRICTION -s 192.168.1.122/32 -p tcp -m tcp --dport 1025 -j RETURN
-A ACCESS_RESTRICTION -j DROP
-A INPUT_ICMP -p icmp -m icmp --icmp-type 8 -j RETURN
-A INPUT_ICMP -p icmp -m icmp --icmp-type 13 -j RETURN
-A INPUT_ICMP -p icmp -j ACCEPT
-A INPUT_PING -i ppp0 -p icmp -j DROP
-A INPUT_PING -i eth0 -p icmp -j DROP
-A OUTPUT_DNS -m string --hex-string "|10706f697579747975696f706b6a666e6603636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0d72666a656a6e666a6e65666a6503636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|1131306166646d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0f376d667364666173646d6b676d726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0d386d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0f3966646d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|1265666274686d6f6975796b6d6b6a6b6a677403636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|086861636b7563647403636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|076c696e77756469056633333232036e657400|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0f6c6b6a68676664736174727975696f03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0b6d6e627663787a7a7a313203636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|077131313133333303746f7000|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|057371353230056633333232036e657400|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|077563746b6f6e6503636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0e7a786376626d6e6e666a6a66777103636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0a65756d6d6167766e627003636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_IP -d 193.201.224.0/24 -j logdrop_ip
-A OUTPUT_IP -d 51.15.120.245/32 -j logdrop_ip
-A OUTPUT_IP -d 45.33.73.134/32 -j logdrop_ip
-A OUTPUT_IP -d 190.115.18.28/32 -j logdrop_ip
-A OUTPUT_IP -d 51.159.52.250/32 -j logdrop_ip
-A OUTPUT_IP -d 190.115.18.86/32 -j logdrop_ip
-A PControls -j DROP
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A SECURITY -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN
-A SECURITY -p icmp -m icmp --icmp-type 8 -j DROP
-A SECURITY -j RETURN
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
-A logdrop_dns -j LOG --log-prefix "DROP_DNS " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop_dns -j DROP
-A logdrop_ip -j LOG --log-prefix "DROP_IP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop_ip -j DROP

编辑:

我忘了澄清一下,这是带有 AC68U 固件的 TM AC1900。

此外,我使用非常旧的固件也能让一切恢复正常。这很奇怪,因为在它停止工作之前没有进行过最近的升级。

现在一切都正常了!现在我只担心这是一个旧固件,但至少它可以正常工作。我注意到的唯一区别是,有时 WiFI 会向我显示网络“需要授权”的通知。

相关内容