802.11q doesn't apply to cellular network traffic, however, I'm not knowledgeable enough about how data is transmitted via the cellular radios or how it's handed off to the wifi radio - so are there any special rules that must be added within iptables to make sure data access is maintained?
For example, if I were to add something similar to the below, would the data flow function normally on my Nexus 6:
iptables -t filter -P INPUT ACCEPT iptables -t filter -P OUTPUT ACCEPT iptables -t filter -P FORWARD DROP iptables -t filter -N delegate_input iptables -t filter -N delegate_output iptables -t filter -N delegate_forward iptables -t filter -N delegate_rate_limit iptables -t filter -N reject iptables -t filter -N input_rule iptables -t filter -N output_rule iptables -t filter -N forwarding_rule iptables -t filter -N syn_flood iptables -t filter -N zone_lan_input iptables -t filter -N zone_lan_output iptables -t filter -N zone_lan_forward iptables -t filter -N zone_lan_src_ACCEPT iptables -t filter -N zone_lan_dest_ACCEPT iptables -t filter -N zone_lan_dest_DROP iptables -t filter -N input_lan_rule iptables -t filter -N output_lan_rule iptables -t filter -N forwarding_lan_rule iptables -t filter -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule iptables -t filter -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule iptables -t filter -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule iptables -t filter -N zone_wan_input iptables -t filter -N zone_wan_output iptables -t filter -N zone_wan_forward iptables -t filter -N zone_wan_src_DROP iptables -t filter -N zone_wan_dest_ACCEPT iptables -t filter -N zone_wan_dest_DROP iptables -t filter -N input_wan_rule iptables -t filter -N output_wan_rule iptables -t filter -N forwarding_wan_rule iptables -t filter -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule iptables -t filter -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule iptables -t filter -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule iptables -t filter -D INPUT -j delegate_input iptables -t filter -A INPUT -j delegate_input iptables -t filter -D OUTPUT -j delegate_output iptables -t filter -A OUTPUT -j delegate_output iptables -t filter -D FORWARD -j delegate_forward iptables -t filter -A FORWARD -j delegate_forward iptables -t filter -A delegate_input -i lo -j ACCEPT iptables -t filter -A delegate_output -o lo -j ACCEPT iptables -t filter -A delegate_input -m comment --comment "user chain for input" -j input_rule iptables -t filter -A delegate_output -m comment --comment "user chain for output" -j output_rule iptables -t filter -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule iptables -t filter -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -t filter -A delegate_input -m conntrack --ctstate INVALID -j DROP iptables -t filter -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -t filter -A delegate_output -m conntrack --ctstate INVALID -j DROP iptables -t filter -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -t filter -A delegate_forward -m conntrack --ctstate INVALID -j DROP iptables -t filter -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN iptables -t filter -A syn_flood -j DROP iptables -t filter -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood iptables -t filter -A reject -p tcp -j DROP iptables -t filter -A reject -j DROP iptables -t filter -A delegate_rate_limit -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j DROP iptables -t filter -A delegate_rate_limit -p tcp --dport 23 -m limit --limit 3/min --limit-burst 3 -j DROP iptables -t filter -A delegate_rate_limit -p tcp --dport 1194 -m limit --limit 3/min --limit-burst 3 -j DROP iptables -t filter -A delegate_rate_limit -p udp --dport 1194 -m limit --limit 3/min --limit-burst 3 -j DROP iptables -t filter -A delegate_rate_limit -p tcp --dport 2221 -m limit --limit 3/min --limit-burst 3 -j ACCEPT iptables -t filter -A delegate_rate_limit -p ICMP --icmp-type echo-request -m limit --limit 3/sec -j ACCEPT iptables -t filter -A delegate_rate_limit ! -p ICMP -j LOG --log-prefix " Connection dropped " iptables -t filter -A delegate_rate_limit -p tcp -j DROP iptables -t filter -A delegate_rate_limit -p udp -j DROP iptables -t filter -A delegate_rate_limit -j DROP iptables -t filter -I delegate_input -p ICMP --icmp-type echo-request -j rate_limit iptables -t filter -I delegate_input -p tcp --dport 22 -m state --state NEW -j rate_limit iptables -t filter -I delegate_input -p tcp --dport 23 -m state --state NEW -j rate_limit iptables -t filter -I delegate_input -p tcp --dport 1194 -m state --state NEW -j rate_limit iptables -t filter -I delegate_input -p udp --dport 1194 -m state --state NEW -j rate_limit iptables -t filter -I delegate_input -p tcp --dport 2221 -m state --state NEW -j rate_limit iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT iptables -t filter -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT iptables -t filter -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT iptables -t filter -A zone_lan_input -j zone_lan_src_ACCEPT iptables -t filter -A zone_lan_forward -j zone_lan_dest_DROP iptables -t filter -A zone_lan_output -j zone_lan_dest_ACCEPT iptables -t filter -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT iptables -t filter -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT iptables -t filter -A zone_wan_input -j zone_wan_src_DROP iptables -t filter -A zone_wan_forward -j zone_wan_dest_DROP iptables -t filter -A zone_wan_output -j zone_wan_dest_ACCEPT iptables -t filter -D zone_wan_dest_ACCEPT -o eth1 -j ACCEPT iptables -t filter -A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT iptables -t filter -D zone_wan_src_DROP -i eth1 -j DROP iptables -t filter -A zone_wan_src_DROP -i eth1 -j DROP iptables -t filter -D zone_wan_dest_DROP -o eth1 -j DROP iptables -t filter -A zone_wan_dest_DROP -o eth1 -j DROP iptables -t filter -D delegate_input -i eth1 -j zone_wan_input iptables -t filter -A delegate_input -i eth1 -j zone_wan_input iptables -t filter -D delegate_output -o eth1 -j zone_wan_output iptables -t filter -A delegate_output -o eth1 -j zone_wan_output iptables -t filter -D delegate_forward -i eth1 -j zone_wan_forward iptables -t filter -A delegate_forward -i eth1 -j zone_wan_forward iptables -t filter -D zone_wan_dest_ACCEPT -o eth1 -j ACCEPT iptables -t filter -A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT iptables -t filter -D zone_wan_src_DROP -i eth1 -j DROP iptables -t filter -A zone_wan_src_DROP -i eth1 -j DROP iptables -t filter -D zone_wan_dest_DROP -o eth1 -j DROP iptables -t filter -A zone_wan_dest_DROP -o eth1 -j DROP iptables -t filter -D delegate_input -i eth1 -j zone_wan_input iptables -t filter -A delegate_input -i eth1 -j zone_wan_input iptables -t filter -D delegate_output -o eth1 -j zone_wan_output iptables -t filter -A delegate_output -o eth1 -j zone_wan_output iptables -t filter -D delegate_forward -i eth1 -j zone_wan_forward iptables -t filter -A delegate_forward -i eth1 -j zone_wan_forward iptables -t nat -N delegate_prerouting iptables -t nat -N delegate_postrouting iptables -t nat -N prerouting_rule iptables -t nat -N postrouting_rule iptables -t nat -N zone_lan_postrouting iptables -t nat -N zone_lan_prerouting iptables -t nat -N prerouting_lan_rule iptables -t nat -N postrouting_lan_rule iptables -t nat -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule iptables -t nat -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule iptables -t nat -N zone_wan_postrouting iptables -t nat -N zone_wan_prerouting iptables -t nat -N prerouting_wan_rule iptables -t nat -N postrouting_wan_rule iptables -t nat -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule iptables -t nat -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule iptables -t nat -D PREROUTING -j delegate_prerouting iptables -t nat -A PREROUTING -j delegate_prerouting iptables -t nat -D POSTROUTING -j delegate_postrouting iptables -t nat -A POSTROUTING -j delegate_postrouting iptables -t nat -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule iptables -t nat -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule iptables -t nat -D delegate_prerouting -i br0 -j zone_lan_prerouting iptables -t nat -A delegate_prerouting -i br0 -j zone_lan_prerouting iptables -t nat -D delegate_postrouting -o br0 -j zone_lan_postrouting iptables -t nat -A delegate_postrouting -o br0 -j zone_lan_postrouting iptables -t nat -A zone_wan_postrouting -j MASQUERADE iptables -t nat -D delegate_prerouting -i eth1 -j zone_wan_prerouting iptables -t nat -A delegate_prerouting -i eth1 -j zone_wan_prerouting iptables -t nat -D delegate_postrouting -o eth1 -j zone_wan_postrouting iptables -t nat -A delegate_postrouting -o eth1 -j zone_wan_postrouting iptables -t nat -D delegate_prerouting -i eth1 -j zone_wan_prerouting iptables -t nat -A delegate_prerouting -i eth1 -j zone_wan_prerouting iptables -t nat -D delegate_postrouting -o eth1 -j zone_wan_postrouting iptables -t nat -A delegate_postrouting -o eth1 -j zone_wan_postrouting iptables -t nat -I delegate_postrouting -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr` iptables -t mangle -N mssfix iptables -t mangle -N fwmark iptables -t mangle -D FORWARD -j mssfix iptables -t mangle -A FORWARD -j mssfix iptables -t mangle -D PREROUTING -j fwmark iptables -t mangle -A PREROUTING -j fwmark iptables -t mangle -D mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu iptables -t mangle -A mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu iptables -t mangle -D mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu iptables -t mangle -A mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu iptables -t raw -N delegate_notrack iptables -t raw -D PREROUTING -j delegate_notrack iptables -t raw -A PREROUTING -j delegate_notrack
.gif)
