Маршрутизатор Asus AC68U аутентифицирует клиентов только в течение первой минуты, а затем отключает их.
У меня проблема с роутером AC68U. По какой-то причине он аутентифицирует клиентов только в течение первой минуты, а затем отбрасывает их всех, если есть какие-либо попытки.
Пример:
- Ботинки маршрутизатора
- Если клиенты попытаются подключиться в течение первой минуты после перезагрузки, они успешны (WiFI и Ethernet).
- Если клиент по какой-либо причине переподключится, он будет удален. Маршрутизатор отклонит все попытки, даже если используется Ethernet.
Я пытался:
- отключил много вещей, но безуспешно (DHCP, защита AI, настройки беспроводной сети, а также кое-что изменил)
- Сброс к заводским настройкам.
- Прошивка уже актуальна, но я ее перезалил, но безуспешно.
- Подтверждено, что MAC-фильтров нет.
Странно то, что если я сохраняю соединение, оно не отключается и не прерывается (Wi-Fi или проводное), но я могу подключить все устройства только в течение первой минуты (или секунд) после перезагрузки.
Я купил этот маршрутизатор 2 года назад, поэтому если он выйдет из строя, это будет ужасная потеря.
Журнал маршрутизатора при отключении клиентов:
Oct 6 19:37:50 syslog: wlceventd_proc_event(491): eth1: Deauth_ind xx:xx:xx:xx:xx:xx, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-47
Oct 6 19:37:50 syslog: wlceventd_proc_event(527): eth1: Auth xx:xx:xx:xx:xx:xx, status: Successful (0), rssi:0
Oct 6 19:37:50 syslog: wlceventd_proc_event(556): eth1: Assoc xx:xx:xx:xx:xx:xx, status: Successful (0), rssi:0
Oct 6 19:37:58 syslog: wlceventd_proc_event(491): eth1: Deauth_ind xx:xx:xx:xx:xx:xx, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-47
Oct 6 19:38:01 syslog: wlceventd_proc_event(527): eth1: Auth xx:xx:xx:xx:xx:xx, status: Successful (0), rssi:0
Oct 6 19:38:01 syslog: wlceventd_proc_event(556): eth1: Assoc xx:xx:xx:xx:xx:xx, status: Successful (0), rssi:0
Журнал загрузки и успешное сопряжение.
May 5 00:05:03 kernel: klogd started: BusyBox v1.25.1 (2021-05-08 04:16:59 CST)
May 5 00:05:03 kernel: Linux version 2.6.36.4brcmarm (root@asus) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Sat May 8 04:23:42 CST 2021
May 5 00:05:03 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
May 5 00:05:03 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
May 5 00:05:03 kernel: Machine: Northstar Prototype
May 5 00:05:03 kernel: Ignoring unrecognised tag 0x00000000
May 5 00:05:03 kernel: Memory policy: ECC disabled, Data cache writealloc
May 5 00:05:03 kernel: Built 1 zonelists in Zone order, mobility grouping on. Total pages: 60416
May 5 00:05:03 kernel: Kernel command line: root=/dev/mtdblock2 console=ttyS0,115200 init=/sbin/preinit earlyprintk debug
May 5 00:05:03 kernel: Memory: 255496k/255496k available, 6648k reserved, 0K highmem
May 5 00:05:03 kernel: Virtual kernel memory layout:
May 5 00:05:03 kernel: vector : 0xffff0000 - 0xffff1000 ( 4 kB)
May 5 00:05:03 kernel: fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
May 5 00:05:03 kernel: DMA : 0xf7e00000 - 0xffe00000 ( 128 MB)
May 5 00:05:03 kernel: vmalloc : 0xd0800000 - 0xf0000000 ( 504 MB)
May 5 00:05:03 kernel: lowmem : 0xc0000000 - 0xd0000000 ( 256 MB)
May 5 00:05:03 kernel: modules : 0xbf000000 - 0xc0000000 ( 16 MB)
May 5 00:05:03 kernel: .init : 0xc0008000 - 0xc003d000 ( 212 kB)
May 5 00:05:03 kernel: .text : 0xc003d000 - 0xc03a8000 (3500 kB)
May 5 00:05:03 kernel: .data : 0xc03c0000 - 0xc03e3180 ( 141 kB)
May 5 00:05:03 kernel: External imprecise Data abort at addr=0x0, fsr=0x1c06 ignored.
May 5 00:05:03 kernel: Mount-cache hash table entries: 512
May 5 00:05:03 kernel: CPU1: Booted secondary processor
May 5 00:05:03 kernel: Found a AMD NAND flash:
May 5 00:05:03 kernel: Total size: 128MB
May 5 00:05:03 kernel: Block size: 128KB
May 5 00:05:03 kernel: Page Size: 2048B
May 5 00:05:03 kernel: OOB Size: 64B
May 5 00:05:03 kernel: Sector size: 512B
May 5 00:05:03 kernel: Spare size: 16B
May 5 00:05:03 kernel: ECC level: 8 (8-bit)
May 5 00:05:03 kernel: Device ID: 0x 1 0xf1 0x 0 0x1d 0x 1 0xf1
May 5 00:05:03 kernel: bio: create slab <bio-0> at 0
May 5 00:05:03 kernel: PCI: no core
May 5 00:05:03 kernel: PCI: no core
May 5 00:05:03 kernel: PCI: Fixing up bus 0
May 5 00:05:03 kernel: PCI: Fixing up bus 0
May 5 00:05:03 kernel: PCI: Fixing up bus 1
May 5 00:05:03 kernel: PCI: Fixing up bus 0
May 5 00:05:03 kernel: PCI: Fixing up bus 2
May 5 00:05:03 kernel: VFS: Disk quotas dquot_6.5.2
May 5 00:05:03 kernel: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
May 5 00:05:03 kernel: pflash: found no supported devices
May 5 00:05:03 kernel: bcmsflash: found no supported devices
May 5 00:05:03 kernel: Boot partition size = 524288(0x80000)
May 5 00:05:03 kernel: lookup_nflash_rootfs_offset: offset = 0x200000
May 5 00:05:03 kernel: nflash: squash filesystem with lzma found at block 28
May 5 00:05:03 kernel: Creating 4 MTD partitions on "nflash":
May 5 00:05:03 kernel: 0x000000000000-0x000000080000 : "boot"
May 5 00:05:03 kernel: 0x000000080000-0x000000200000 : "nvram"
May 5 00:05:03 kernel: 0x000000200000-0x000004000000 : "linux"
May 5 00:05:03 kernel: 0x00000039c62c-0x000004000000 : "rootfs"
May 5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 16 for vlan1 mvlan_en 0
May 5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 5 for vlan1 mvlan_en 0
May 5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 16 for vlan2 mvlan_en 0
May 5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 5 for vlan2 mvlan_en 0
May 5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 13 for vlan1 mvlan_en 0
May 5 00:05:03 kernel: et0: et_mvlan_netdev_event: event 1 for vlan1 mvlan_en 0
May 5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 16 for eth0.501 mvlan_en 0
May 5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 5 for eth0.501 mvlan_en 0
May 5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 13 for eth0.501 mvlan_en 0
May 5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 1 for eth0.501 mvlan_en 0
May 5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 16 for eth0.502 mvlan_en 0
May 5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 5 for eth0.502 mvlan_en 0
May 5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 13 for eth0.502 mvlan_en 0
May 5 00:05:04 kernel: et0: et_mvlan_netdev_event: event 1 for eth0.502 mvlan_en 0
May 5 00:05:05 kernel: et0: et_mvlan_netdev_event: event 4 for eth0.501 mvlan_en 0
May 5 00:05:05 kernel: et0: et_mvlan_netdev_event: event 4 for eth0.502 mvlan_en 0
May 5 00:05:05 lldpd[266]: cannot get ethtool link information with GLINKSETTINGS (requires 4.9+): Operation not permitted
May 5 00:05:05 lldpd[266]: cannot get ethtool link information with GSET (requires 2.6.19+): Operation not permitted
May 5 00:05:08 syslog: main(961): wlceventd Start...
May 5 00:05:09 WAN Connection: Fail to connect with some issues.
May 5 00:05:11 acsd: COEX: downgraded chanspec 0x1909 to 0x100b: channel 4 used by exiting BSSs
May 5 00:05:11 acsd: selected channel spec: 0x100b (11)
May 5 00:05:11 acsd: Adjusted channel spec: 0x100b (11)
May 5 00:05:11 acsd: selected DFS-exit channel spec: 0x100b (11)
May 5 00:05:11 acsd: COEX: downgraded chanspec 0x1909 to 0x100b: channel 4 used by exiting BSSs
May 5 00:05:11 acsd: selected channel spec: 0x100b (11)
May 5 00:05:11 acsd: Adjusted channel spec: 0x100b (11)
May 5 00:05:11 acsd: selected channel spec: 0x100b (11)
May 5 00:05:11 acsd: acs_set_chspec: 0x100b (11) for reason APCS_INIT
May 5 00:05:13 acsd: selected channel spec: 0xe39b (161/80)
May 5 00:05:13 acsd: Adjusted channel spec: 0xe39b (161/80)
May 5 00:05:13 acsd: selected DFS-exit channel spec: 0xe39b (161/80)
May 5 00:05:13 acsd: selected channel spec: 0xe39b (161/80)
May 5 00:05:13 acsd: Adjusted channel spec: 0xe39b (161/80)
May 5 00:05:13 acsd: selected channel spec: 0xe39b (161/80)
May 5 00:05:13 acsd: acs_set_chspec: 0xe39b (161/80) for reason APCS_INIT
May 5 00:05:13 RT-AC68U: start httpd:80
May 5 00:05:14 avahi-daemon[357]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
May 5 00:05:14 jffs2: valid logs(1)
May 5 00:05:14 httpd: Save SSL certificate...80
May 5 00:05:15 disk monitor: be idle
May 5 00:05:15 hour monitor: daemon is starting
May 5 00:05:15 hour monitor: daemon terminates
May 5 00:05:15 ERP: The model isn't under EU SKU!
May 5 00:05:15 avahi-daemon[357]: Alias name "RT-AC68U" successfully established.
May 5 00:05:15 httpd: mssl_cert_key_match : PASS
May 5 00:05:16 reboot scheduler: [timecheck] NTP sync error
May 5 00:05:16 Mastiff: init
May 5 00:05:16 httpd: Succeed to init SSL certificate...80
May 5 00:05:17 syslog: module ax88179_178a not found in modules.dep
May 5 00:05:18 pppd[484]: pppd 2.4.7 started by thirdworldarmies, uid 0
May 5 00:05:18 pppd[484]: Connected to X via interface eth0
May 5 00:05:18 pppd[484]: Connect: ppp0 <--> eth0
May 5 00:05:18 pppd[484]: CHAP authentication succeeded
May 5 00:05:18 pppd[484]: peer from calling number X authorized
May 5 00:05:18 kernel: xhci_hcd 0000:00:0c.0: Failed to enable MSI-X
May 5 00:05:18 kernel: xhci_hcd 0000:00:0c.0: failed to allocate MSI entry
May 5 00:05:18 kernel: usb usb1: No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values
May 5 00:05:18 pppd[484]: local IP address x
May 5 00:05:18 pppd[484]: remote IP address x
May 5 00:05:18 pppd[484]: primary DNS address x
May 5 00:05:18 pppd[484]: secondary DNS address x
May 5 00:05:18 syslog: module ledtrig-usbdev not found in modules.dep
May 5 00:05:18 syslog: module leds-usb not found in modules.dep
May 5 00:05:19 kernel: SCSI subsystem initialized
May 5 00:05:19 kernel: nf_conntrack_rtsp v0.6.21 loading
May 5 00:05:19 kernel: nf_nat_rtsp v0.6.21 loading
May 5 00:05:20 wan: finish adding multi routes
May 5 00:05:21 dhcp client: bound 192.168.0.3/255.255.255.0 via 192.168.0.1 for 86400 seconds.
May 5 00:05:21 syslog: fwver: 3.0.0.4_386_43129-g60defb2 (sn: /ha:X )
May 5 00:05:21 ahs: [read_json]Update ahs JSON file.
May 5 00:05:22 syslog: event: wl_chanspec_changed_action
May 5 00:05:22 syslog: skip event due no re
May 5 00:05:24 WAN Connection: WAN was restored.
May 5 00:05:25 roamast: ROAMING Start...
May 5 00:05:27 ntp: start NTP update
Oct 6 19:29:21 rc_service: ntp 640:notify_rc restart_diskmon
Oct 6 19:29:22 disk_monitor: Finish
Oct 6 19:29:23 disk monitor: be idle
Oct 6 19:29:37 syslog: wlceventd_proc_event(527): eth1: Auth X, status: Successful (0), rssi:0
Oct 6 19:29:37 syslog: wlceventd_proc_event(556): eth1: Assoc X, status: Successful (0), rssi:0
Oct 6 19:29:54 crond[332]: time disparity of 1801164 minutes detected
Зарегистрируйтесь при попытке подключения через Ethernet (DHCP включен на клиенте. Если я устанавливаю IP-адрес вручную, он просто говорит «Хост назначения недоступен»):
Oct 6 20:22:03 user avahi-daemon[1064]: New relevant interface enp4s0.IPv4 for mDNS.
Oct 6 20:22:03 user avahi-daemon[1064]: Registering new address record for 192.168.1.122 on enp4s0.IPv4.
Oct 6 20:22:03 user avahi-daemon[1064]: Joining mDNS multicast group on interface enp4s0.IPv6 with address X.
Oct 6 20:22:03 user avahi-daemon[1064]: New relevant interface enp4s0.IPv6 for mDNS.
Oct 6 20:22:03 user avahi-daemon[1064]: Registering new address record for X on enp4s0.*.
Oct 6 20:22:05 user dbus-daemon[1068]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.21' (uid=0 pid=1452 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Oct 6 20:22:05 user systemd[1]: Starting Network Manager Script Dispatcher Service...
Oct 6 20:22:05 user dbus-daemon[1068]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Oct 6 20:22:05 user systemd[1]: Started Network Manager Script Dispatcher Service.
Oct 6 20:22:15 user systemd[1]: NetworkManager-dispatcher.service: Succeeded.
Oct 6 20:22:48 user NetworkManager[1452]: <warn> [1633569768.5774] dhcp4 (enp4s0): request timed out
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.5774] dhcp4 (enp4s0): state changed unknown -> timeout
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.5774] device (enp4s0): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed')
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.5778] manager: NetworkManager state is now DISCONNECTED
Oct 6 20:22:48 user NetworkManager[1452]: <warn> [1633569768.5786] device (enp4s0): Activation: failed for connection 'Wired connection 1'
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.5790] device (enp4s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Oct 6 20:22:48 user avahi-daemon[1064]: Withdrawing address record for X on enp4s0.
Oct 6 20:22:48 user avahi-daemon[1064]: Leaving mDNS multicast group on interface enp4s0.IPv6 with address X.
Oct 6 20:22:48 user avahi-daemon[1064]: Interface enp4s0.IPv6 no longer relevant for mDNS.
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6152] dhcp4 (enp4s0): canceled DHCP transaction
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6152] dhcp4 (enp4s0): state changed timeout -> done
Oct 6 20:22:48 user avahi-daemon[1064]: Withdrawing address record for 192.168.1.122 on enp4s0.
Oct 6 20:22:48 user avahi-daemon[1064]: Leaving mDNS multicast group on interface enp4s0.IPv4 with address 192.168.1.122.
Oct 6 20:22:48 user avahi-daemon[1064]: Interface enp4s0.IPv4 no longer relevant for mDNS.
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6228] policy: auto-activating connection 'Wired connection 1' (6e176a17-2e93-3aba-97f3-1c2100cbb44f)
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6252] device (enp4s0): Activation: starting connection 'Wired connection 1' (6e176a17-2e93-3aba-97f3-1c2100cbb44f)
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6255] device (enp4s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 6 20:22:48 user dbus-daemon[1068]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.21' (uid=0 pid=1452 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6268] manager: NetworkManager state is now CONNECTING
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6273] device (enp4s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6291] device (enp4s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Oct 6 20:22:48 user systemd[1]: Starting Network Manager Script Dispatcher Service...
Oct 6 20:22:48 user NetworkManager[1452]: <info> [1633569768.6309] dhcp4 (enp4s0): activation: beginning transaction (timeout in 45 seconds)
Oct 6 20:22:48 user avahi-daemon[1064]: Joining mDNS multicast group on interface enp4s0.IPv4 with address 192.168.1.122.
Oct 6 20:22:48 user avahi-daemon[1064]: New relevant interface enp4s0.IPv4 for mDNS.
Oct 6 20:22:48 user avahi-daemon[1064]: Registering new address record for 192.168.1.122 on enp4s0.IPv4.
Oct 6 20:22:48 user avahi-daemon[1064]: Joining mDNS multicast group on interface enp4s0.IPv6 with address X.
Oct 6 20:22:48 user avahi-daemon[1064]: New relevant interface enp4s0.IPv6 for mDNS.
Oct 6 20:22:48 user avahi-daemon[1064]: Registering new address record for X on enp4s0.*.
Oct 6 20:22:48 user dbus-daemon[1068]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Oct 6 20:22:48 user systemd[1]: Started Network Manager Script Dispatcher Service.
Oct 6 20:23:00 user systemd[1]: NetworkManager-dispatcher.service: Succeeded.
Таблицы IP-адресов маршрутизатора (я не устанавливал ничего, связанного с IP-адресами или строками. Это после сегодняшнего сброса)
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ACCESS_RESTRICTION
-N FUPNP
-N INPUT_ICMP
-N INPUT_PING
-N OUTPUT_DNS
-N OUTPUT_IP
-N PControls
-N PTCSRVLAN
-N PTCSRVWAN
-N SECURITY
-N default_block
-N logaccept
-N logdrop
-N logdrop_dns
-N logdrop_ip
-A INPUT -p icmp -m icmp --icmp-type 8 -j INPUT_PING
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m multiport --dports 80,1025 -j ACCESS_RESTRICTION
-A INPUT ! -i br0 -j PTCSRVWAN
-A INPUT -i br0 -j PTCSRVLAN
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -p icmp -j INPUT_ICMP
-A INPUT -i br1 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br1 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i br1 -p udp -m udp --dport 68 -j ACCEPT
-A INPUT -i br1 -j DROP
-A INPUT -i br2 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i br2 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i br2 -p udp -m udp --dport 68 -j ACCEPT
-A INPUT -i br2 -j DROP
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br1 -o ppp0 -j ACCEPT
-A FORWARD -i br2 -o ppp0 -j ACCEPT
-A FORWARD ! -i br0 -o ppp0 -j DROP
-A FORWARD ! -i br0 -o eth0 -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -p udp -m udp --dport 53 -m u32 --u32 "0x0>>0x16&0x3c@0x8>>0xf&0x1=0x0" -j OUTPUT_DNS
-A OUTPUT -p tcp -m tcp --dport 53 -m u32 --u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x8>>0xf&0x1=0x0" -j OUTPUT_DNS
-A OUTPUT -j OUTPUT_IP
-A ACCESS_RESTRICTION -s 192.168.1.122/32 -p tcp -m multiport --dports 80 -j ACCEPT
-A ACCESS_RESTRICTION -s 192.168.1.122/32 -p tcp -m tcp --dport 1025 -j RETURN
-A ACCESS_RESTRICTION -j DROP
-A INPUT_ICMP -p icmp -m icmp --icmp-type 8 -j RETURN
-A INPUT_ICMP -p icmp -m icmp --icmp-type 13 -j RETURN
-A INPUT_ICMP -p icmp -j ACCEPT
-A INPUT_PING -i ppp0 -p icmp -j DROP
-A INPUT_PING -i eth0 -p icmp -j DROP
-A OUTPUT_DNS -m string --hex-string "|10706f697579747975696f706b6a666e6603636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0d72666a656a6e666a6e65666a6503636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|1131306166646d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0f376d667364666173646d6b676d726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0d386d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0f3966646d617361787373736171726b03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|1265666274686d6f6975796b6d6b6a6b6a677403636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|086861636b7563647403636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|076c696e77756469056633333232036e657400|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0f6c6b6a68676664736174727975696f03636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0b6d6e627663787a7a7a313203636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|077131313133333303746f7000|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|057371353230056633333232036e657400|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|077563746b6f6e6503636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0e7a786376626d6e6e666a6a66777103636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_DNS -m string --hex-string "|0a65756d6d6167766e627003636f6d00|" --algo bm --to 65535 --icase -j logdrop_dns
-A OUTPUT_IP -d 193.201.224.0/24 -j logdrop_ip
-A OUTPUT_IP -d 51.15.120.245/32 -j logdrop_ip
-A OUTPUT_IP -d 45.33.73.134/32 -j logdrop_ip
-A OUTPUT_IP -d 190.115.18.28/32 -j logdrop_ip
-A OUTPUT_IP -d 51.159.52.250/32 -j logdrop_ip
-A OUTPUT_IP -d 190.115.18.86/32 -j logdrop_ip
-A PControls -j DROP
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A SECURITY -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN
-A SECURITY -p icmp -m icmp --icmp-type 8 -j DROP
-A SECURITY -j RETURN
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
-A logdrop_dns -j LOG --log-prefix "DROP_DNS " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop_dns -j DROP
-A logdrop_ip -j LOG --log-prefix "DROP_IP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop_ip -j DROP
РЕДАКТИРОВАТЬ:
Забыл уточнить, что это ТМ AC1900 с прошивкой AC68U.
Также мне удалось вернуть все в норму, используя очень старую прошивку. Это странно, потому что не было последних обновлений до того, как он перестал работать.
Теперь все работает! Теперь только боюсь, что это старая прошивка, но она хотя бы работает. Единственное отличие, которое я заметил, это то, что иногда WiFI показывает мне уведомление о том, что сеть "Требует авторизации".