Debian 8.2 - AP на Intel Centrino Advanced-N6205 (62205ANHMW)

Wiphy phy0
	max # scan SSIDs: 20
	max scan IEs length: 195 bytes
	Retry short limit: 7
	Retry long limit: 4
	Coverage class: 0 (up to 0m)
	Device supports RSN-IBSS.
	Supported Ciphers:
		* WEP40 (00-0f-ac:1)
		* WEP104 (00-0f-ac:5)
		* TKIP (00-0f-ac:2)
		* CCMP (00-0f-ac:4)
	Available Antennas: TX 0 RX 0
	Supported interface modes:
		 * IBSS
		 * managed
		 * AP
		 * AP/VLAN
		 * monitor
	Band 1:
		Capabilities: 0x1072
			HT20/HT40
			Static SM Power Save
			RX Greenfield
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT TX/RX MCS rate indexes supported: 0-15, 32
		Bitrates (non-HT):
			* 1.0 Mbps
			* 2.0 Mbps (short preamble supported)
			* 5.5 Mbps (short preamble supported)
			* 11.0 Mbps (short preamble supported)
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 2412 MHz [1] (15.0 dBm)
			* 2417 MHz [2] (15.0 dBm)
			* 2422 MHz [3] (15.0 dBm)
			* 2427 MHz [4] (15.0 dBm)
			* 2432 MHz [5] (15.0 dBm)
			* 2437 MHz [6] (15.0 dBm)
			* 2442 MHz [7] (15.0 dBm)
			* 2447 MHz [8] (15.0 dBm)
			* 2452 MHz [9] (15.0 dBm)
			* 2457 MHz [10] (15.0 dBm)
			* 2462 MHz [11] (15.0 dBm)
			* 2467 MHz [12] (15.0 dBm) (no IR)
			* 2472 MHz [13] (15.0 dBm) (no IR)
	Band 2:
		Capabilities: 0x1072
			HT20/HT40
			Static SM Power Save
			RX Greenfield
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT TX/RX MCS rate indexes supported: 0-15, 32
		Bitrates (non-HT):
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 5180 MHz [36] (15.0 dBm) (no IR)
			* 5200 MHz [40] (15.0 dBm) (no IR)
			* 5220 MHz [44] (15.0 dBm) (no IR)
			* 5240 MHz [48] (15.0 dBm) (no IR)
			* 5260 MHz [52] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5280 MHz [56] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5300 MHz [60] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5320 MHz [64] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5500 MHz [100] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5520 MHz [104] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5540 MHz [108] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5560 MHz [112] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5580 MHz [116] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5600 MHz [120] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5620 MHz [124] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5640 MHz [128] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5660 MHz [132] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5680 MHz [136] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5700 MHz [140] (15.0 dBm) (no IR, radar detection)
			  DFS state: usable (for 27712 sec)
			  DFS CAC time: 0 ms
			* 5745 MHz [149] (15.0 dBm) (no IR)
			* 5765 MHz [153] (15.0 dBm) (no IR)
			* 5785 MHz [157] (15.0 dBm) (no IR)
			* 5805 MHz [161] (15.0 dBm) (no IR)
			* 5825 MHz [165] (15.0 dBm) (no IR)
	Supported commands:
		 * new_interface
		 * set_interface
		 * new_key
		 * start_ap
		 * new_station
		 * new_mpath
		 * set_mesh_config
		 * set_bss
		 * authenticate
		 * associate
		 * deauthenticate
		 * disassociate
		 * join_ibss
		 * join_mesh
		 * set_tx_bitrate_mask
		 * frame
		 * frame_wait_cancel
		 * set_wiphy_netns
		 * set_channel
		 * set_wds_peer
		 * probe_client
		 * set_noack_map
		 * register_beacons
		 * start_p2p_device
		 * set_mcast_rate
		 * Unknown command (104)
		 * connect
		 * disconnect
	Supported TX frame types:
		 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
	Supported RX frame types:
		 * IBSS: 0x40 0xb0 0xc0 0xd0
		 * managed: 0x40 0xd0
		 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * mesh point: 0xb0 0xc0 0xd0
		 * P2P-client: 0x40 0xd0
		 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * P2P-device: 0x40 0xd0
	WoWLAN support:
		 * wake up on disconnect
		 * wake up on magic packet
		 * wake up on pattern match, up to 20 patterns of 16-128 bytes,
		   maximum packet offset 0 bytes
		 * can do GTK rekeying
		 * wake up on GTK rekey failure
		 * wake up on EAP identity request
		 * wake up on rfkill release
	software interface modes (can always be added):
		 * AP/VLAN
		 * monitor
	valid interface combinations:
		 * #{ managed } <= 1, #{ AP } <= 1,
		   total <= 2, #channels <= 1, STA/AP BI must match
		 * #{ managed } <= 2,
		   total <= 2, #channels <= 1
	HT Capability overrides:
		 * MCS: ff ff ff ff ff ff ff ff ff ff
		 * maximum A-MSDU length
		 * supported channel width
		 * short GI for 40 MHz
		 * max A-MPDU length exponent
		 * min MPDU start spacing
	Device supports TX status socket option.
	Device supports HT-IBSS.
	Device supports SAE with AUTHENTICATE command
	Device supports scan flush.
	Device supports per-vif TX power setting
	Driver supports a userspace MPM

interface=wlan0
driver=nl80211
ssid=Home
hw_mode=g
ieee80211n=1
ht_capab=[HT40-][SHORT-GI-40]
channel=6
wpa=2
wpa_passphrase=<my pass>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
auth_algs=1
macaddr_acl=0

country_code=US

ignore_broadcast_ssid=0
wmm_enabled=1

interface=eth1
interface=wlan0
listen-address=127.0.0.1
domain=home.home
dhcp-range=eth1,192.168.1.100,192.168.1.110,24h
dhcp-range=wlan0,192.168.5.100,192.168.5.110,24h
dhcp-option=2,255.255.255.0
dhcp-option=3,192.168.5.1

dhcp-host=E0:CB:4E:A0:06:8F,192.168.5.115

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -s 192.168.1.0/24 ! -d 192.168.1.0/24  -j SNAT --to-source 10.26.131.110
-A POSTROUTING -o eth0 -s 192.168.5.0/24 ! -d 192.168.5.0/24  -j SNAT --to-source 10.26.131.110
COMMIT

*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:lan_ssh - [0:0]
:lan_rules - [0:0]
:icmp_allow - [0:0]
:wan_rules_out - [0:0]
:wan_rules_in - [0:0]
:fwd_rules_out - [0:0]
:fwd_rules_in - [0:0]
:rate_limit - [0:0]
:check-flags - [0:0]

#LAN
-A lan_rules -p tcp --dport 22 -j lan_ssh
-A lan_rules -m state --state NEW -j ACCEPT
-A lan_ssh -s 192.168.1.105,192.168.5.115 -j ACCEPT
-A lan_ssh -j DROP

#Scan
-A check-flags -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit 5/minute -j LOG --log-level alert --log-prefix "NMAP-XMAS:"
-A check-flags -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
-A check-flags -p tcp --tcp-flags ALL ALL -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "XMAS:"
-A check-flags -p tcp --tcp-flags ALL ALL -j DROP
-A check-flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "XMAS-PSH:"
-A check-flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
-A check-flags -p tcp --tcp-flags ALL NONE -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix "NULL_SCAN:"
-A check-flags -p tcp --tcp-flags ALL NONE -j DROP
-A check-flags -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix "SYN/RST:"
-A check-flags -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix "SYN/FIN:"
-A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

#ICMP traffic
-A icmp_allow -p icmp --icmp-type 4 -j ACCEPT
-A icmp_allow -p icmp --icmp-type 12 -j ACCEPT
-A icmp_allow -p icmp --icmp-type 3 -j ACCEPT
-A icmp_allow -p icmp --icmp-type 11 -j ACCEPT
-A icmp_allow -p icmp --icmp-type 8 -j ACCEPT
-A icmp_allow -p icmp --icmp-type 0 -j ACCEPT
-A icmp_allow -p icmp -j LOG --log-prefix "Bad ICMP traffic:"
-A icmp_allow -p icmp -j DROP

#fwd_rules_out
-A fwd_rules_out -p tcp -m tcp -m multiport --dports 21,53,80,443,465,993,995 -j ACCEPT
-A fwd_rules_out -p udp -m udp -m multiport --dports 53,123 -j ACCEPT
-A fwd_rules_out -j DROP

#fwd_rules_in
-A fwd_rules_in -j DROP

#FTP
-A rate_limit -p tcp --dport 2121 -m limit --limit 3/min --limit-burst 3 -j RETURN
-A rate_limit -j LOG --log-prefix "IN DROP: "
-A rate_limit -j DROP

#WAN
-A wan_rules_in -p tcp -m tcp --dport 2121 -m state --state NEW -j rate_limit
-A wan_rules_in -p tcp -m tcp --dport 2121 -m connlimit ! --connlimit-above 5 -j ACCEPT
#-A wan_rules_in -m pkttype --pkt-type multicast -j ACCEPT
-A wan_rules_in -j DROP

-A wan_rules_out -p tcp -m tcp -m multiport --dports 21,53,80,443 -j ACCEPT
-A wan_rules_out -p udp -m udp -m multiport --dports 53,123 -j ACCEPT
-A wan_rules_out -j DROP

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j check-flags
-A INPUT -j icmp_allow
-A INPUT -i eth1 -j lan_rules
-A INPUT -i wlan0 -j lan_rules
-A INPUT -i eth0 -j wan_rules_in

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j check-flags
-A FORWARD -j icmp_allow
-A FORWARD -i eth1 -o eth0 -j fwd_rules_out
-A FORWARD -i wlan0 -o eth0 -j fwd_rules_out
-A FORWARD -i eth0 -o eth1 -j fwd_rules_in


-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j check-flags
-A OUTPUT -j icmp_allow
-A OUTPUT -o eth0 -j wan_rules_out
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -o wlan0 -j ACCEPT
COMMIT

auto wlan0
iface wlan0 inet static
        address 192.168.5.1
        netmask 255.255.255.0
        network 192.168.5.0
        broadcast 192.168.5.255