Shorewall 5.0.14.1 Dump at gtmo.gtm.onat.gob.cu - vie sep 29 10:05:40 CDT 2017

Shorewall is running
State:Started vie sep 29 10:05:24 CDT 2017 from /etc/shorewall/ (/var/lib/shorewall/firewall compiled vie sep 29 10:05:24 CDT 2017 by Shorewall version 5.0.14.1)

Counters reset vie sep 29 10:05:25 CDT 2017

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net-fw     all  --  enp4s1 *       0.0.0.0/0            0.0.0.0/0           
    0     0 loc-fw     all  --  enp5s0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 dmz-fw     all  --  enp7s0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net_frwd   all  --  enp4s1 *       0.0.0.0/0            0.0.0.0/0           
    0     0 loc_frwd   all  --  enp5s0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 dmz_frwd   all  --  enp7s0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 fw-net     all  --  *      enp4s1  0.0.0.0/0            0.0.0.0/0           
    0     0 fw-loc     all  --  *      enp5s0  0.0.0.0/0            0.0.0.0/0           
    0     0 fw-dmz     all  --  *      enp7s0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain &dmz-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&dmz-fw::"

Chain &dmz-loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&dmz-loc::"

Chain &dmz-net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&dmz-net::"

Chain &fw-dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&fw-dmz::"

Chain &fw-loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&fw-loc::"

Chain &fw-net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&fw-net::"

Chain &loc-dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&loc-dmz::"

Chain &loc-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&loc-fw::"

Chain &loc-net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&loc-net::"

Chain &net-dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&net-dmz::"

Chain &net-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&net-fw::"

Chain &net-loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:&net-loc::"

Chain Broadcast (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST

Chain Drop (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3 code 4 /* Needed ICMP types */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11 /* Needed ICMP types */
    0     0 Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:137:139 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:137 dpts:1024:65535 /* SMB */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,139,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900 /* UPnP */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 /* Late DNS Replies */

Chain Reject (11 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3 code 4 /* Needed ICMP types */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11 /* Needed ICMP types */
    0     0 Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 135,445 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  udp dpts:137:139 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  udp spt:137 dpts:1024:65535 /* SMB */
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 135,139,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900 /* UPnP */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 /* Late DNS Replies */

Chain dmz-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &dmz-fw    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:dmz-fw:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain dmz-loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &dmz-loc   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ~log1      udp  --  *      *       0.0.0.0/0            192.168.41.16       [goto]  udp dpt:123 /* NTP */
    0     0 ~log1      tcp  --  *      *       0.0.0.0/0            192.168.41.16       [goto]  multiport dports 111,2049,20048,43810,52834
    0     0 ~log1      udp  --  *      *       0.0.0.0/0            192.168.41.16       [goto]  multiport dports 111,2049,20048,47934,54948
    0     0 ~log1      udp  --  *      *       0.0.0.0/0            192.168.41.16       [goto]  multiport dports 135,445 /* SMB */
    0     0 ~log1      udp  --  *      *       0.0.0.0/0            192.168.41.16       [goto]  udp dpts:137:139 /* SMB */
    0     0 ~log1      udp  --  *      *       0.0.0.0/0            192.168.41.16       [goto]  udp spt:137 dpts:1024:65535 /* SMB */
    0     0 ~log1      tcp  --  *      *       0.0.0.0/0            192.168.41.16       [goto]  multiport dports 135,139,445 /* SMB */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:dmz-loc:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain dmz-net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &dmz-net   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:dmz-net:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain dmz_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 dmz-net    all  --  *      enp4s1  0.0.0.0/0            0.0.0.0/0           
    0     0 dmz-loc    all  --  *      enp5s0  0.0.0.0/0            0.0.0.0/0           

Chain dynamic (6 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain fw-dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &fw-dmz    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:fw-dmz:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain fw-loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &fw-loc    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.41.16        udp dpt:123 /* NTP */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:fw-loc:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain fw-net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &fw-net    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:fw-net:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain loc-dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &loc-dmz   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.14.12        tcp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.14.12        tcp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.14.12        udp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.14.12        udp dpt:53 /* DNS */
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            192.168.14.13       [goto]  tcp dpt:21 /* FTP */
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            192.168.14.18       [goto]  tcp dpt:3128 /* Squid */
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            192.168.14.15       [goto]  multiport dports 5222,5223,5269
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            192.168.14.8        [goto]  multiport dports 110,995,25,465
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            192.168.14.14       [goto]  multiport dports 80,443
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 ACCEPT     tcp  --  *      *       192.168.41.6         0.0.0.0/0            tcp dpt:22 /* SSH */
    0     0 ACCEPT     tcp  --  *      *       192.168.41.6         192.168.14.2         tcp dpt:8006
    0     0 ACCEPT     tcp  --  *      *       192.168.41.6         192.168.14.9         tcp dpt:8006
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:loc-dmz:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain loc-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &loc-fw    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     icmp --  *      *       192.168.41.6         0.0.0.0/0            icmptype 8 /* Ping */
    0     0 ACCEPT     tcp  --  *      *       192.168.41.6         0.0.0.0/0            tcp dpt:22 /* SSH */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:loc-fw:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain loc-net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &loc-net   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:loc-net:ACCEPT:"
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 loc-net    all  --  *      enp4s1  0.0.0.0/0            0.0.0.0/0           
    0     0 loc-dmz    all  --  *      enp7s0  0.0.0.0/0            0.0.0.0/0           

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logflags (7 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net-dmz (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &net-dmz   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.14.12        udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.14.12        tcp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.14.13        tcp dpt:21 /* FTP */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.14.18        tcp dpt:3128 /* Squid */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.14.15        multiport dports 5222,5223,5269
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.14.8         multiport dports 110,995,25,465
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.14.14        multiport dports 80,443
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net-dmz:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &net-fw    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net-fw:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net-loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
    0     0 &net-loc   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net-loc:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 net-loc    all  --  *      enp5s0  0.0.0.0/0            0.0.0.0/0           
    0     0 net-dmz    all  --  *      enp7s0  0.0.0.0/0            0.0.0.0/0           

Chain reject (16 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type BROADCAST
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain sha-lh-1ab05d98ecf2a3350047 (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain sha-rh-36fc7deb480246fd8ab0 (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

Chain smurflog (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain smurfs (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0              0.0.0.0/0           
    0     0 smurflog   all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  ADDRTYPE match src-type BROADCAST
    0     0 smurflog   all  --  *      *       224.0.0.0/4          0.0.0.0/0           [goto] 

Chain tcpflags (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x29
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x00
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x06/0x06
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x05/0x05
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x03/0x03
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x19/0x09
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp spt:0 flags:0x17/0x02

Chain ~log0 (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* FTP */ LOG flags 0 level 6 prefix "Shorewall:loc-dmz:ACCEPT:"
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* FTP */

Chain ~log1 (7 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* NTP */ LOG flags 0 level 6 prefix "Shorewall:dmz-loc:ACCEPT:"
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* NTP */

Log (/var/log/messages)

Sep 27 08:15:11 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=60225 DF PROTO=UDP SPT=44068 DPT=53 LEN=64 
Sep 27 08:15:11 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=60226 DF PROTO=UDP SPT=44068 DPT=53 LEN=64 
Sep 27 08:15:16 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=61531 DF PROTO=UDP SPT=44068 DPT=53 LEN=64 
Sep 27 08:15:16 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=61532 DF PROTO=UDP SPT=44068 DPT=53 LEN=64 
Sep 28 08:15:01 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=63799 DF PROTO=UDP SPT=45947 DPT=53 LEN=48 
Sep 28 08:15:01 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=63800 DF PROTO=UDP SPT=45947 DPT=53 LEN=48 
Sep 28 08:15:06 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=2 DF PROTO=UDP SPT=45947 DPT=53 LEN=48 
Sep 28 08:15:06 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=3 DF PROTO=UDP SPT=45947 DPT=53 LEN=48 
Sep 28 08:15:11 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=3587 DF PROTO=UDP SPT=57226 DPT=53 LEN=64 
Sep 28 08:15:11 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=3588 DF PROTO=UDP SPT=57226 DPT=53 LEN=64 
Sep 28 08:15:16 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=6772 DF PROTO=UDP SPT=57226 DPT=53 LEN=64 
Sep 28 08:15:16 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=6773 DF PROTO=UDP SPT=57226 DPT=53 LEN=64 
Sep 29 08:15:01 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=35702 DF PROTO=UDP SPT=57045 DPT=53 LEN=48 
Sep 29 08:15:01 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=35703 DF PROTO=UDP SPT=57045 DPT=53 LEN=48 
Sep 29 08:15:06 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=40361 DF PROTO=UDP SPT=57045 DPT=53 LEN=48 
Sep 29 08:15:06 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=40362 DF PROTO=UDP SPT=57045 DPT=53 LEN=48 
Sep 29 08:15:11 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=40769 DF PROTO=UDP SPT=44499 DPT=53 LEN=64 
Sep 29 08:15:11 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=40770 DF PROTO=UDP SPT=44499 DPT=53 LEN=64 
Sep 29 08:15:16 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=45680 DF PROTO=UDP SPT=44499 DPT=53 LEN=64 
Sep 29 08:15:16 fw-dmz:ACCEPT:IN= OUT=enp7s0 SRC=192.168.14.1 DST=192.168.14.12 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=45681 DF PROTO=UDP SPT=44499 DPT=53 LEN=64 

NAT Table

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net_dnat   all  --  enp4s1 *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 enp4s1_masq  all  --  *      enp4s1  0.0.0.0/0            0.0.0.0/0           

Chain enp4s1_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       tcp  --  *      *       192.168.14.8         0.0.0.0/0            multiport dports 25,110,143,465,993,995 to:172.16.120.8
    0     0 SNAT       tcp  --  *      *       192.168.14.18        0.0.0.0/0            tcp dpt:3128 to:172.16.120.2
    0     0 SNAT       all  --  *      *       192.168.41.0/24      0.0.0.0/0            to:172.16.120.1

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ~log0      udp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  udp dpt:53 /* DNS */
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp dpt:53 /* DNS */
    0     0 ~log1      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp dpt:21 /* FTP */
    0     0 ~log2      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp dpt:3128 /* Squid */
    0     0 ~log3      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 5222,5223,5269
    0     0 ~log4      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 110,995,25,465
    0     0 ~log5      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 80,443

Chain ~log0 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* DNS */ LOG flags 0 level 6 prefix "Shorewall:net_dnat:DNAT:"
    0     0 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* DNS */ to:192.168.14.12

Chain ~log1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* FTP */ LOG flags 0 level 6 prefix "Shorewall:net_dnat:DNAT:"
    0     0 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* FTP */ to:192.168.14.13

Chain ~log2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Squid */ LOG flags 0 level 6 prefix "Shorewall:net_dnat:DNAT:"
    0     0 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Squid */ to:192.168.14.18

Chain ~log3 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net_dnat:DNAT:"
    0     0 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.14.15

Chain ~log4 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net_dnat:DNAT:"
    0     0 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.14.8

Chain ~log5 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net_dnat:DNAT:"
    0     0 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.14.14

Mangle Table

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 tcpre      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 tcin       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK and 0xffffff00
    0     0 tcfor      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 tcout      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 tcpost     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcfor (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcin (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Raw Table

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:10080 CT helper amanda
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 CT helper ftp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1719 CT helper RAS
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1720 CT helper Q.931
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6667 CT helper irc
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137 CT helper netbios-ns
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1723 CT helper pptp
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6566 CT helper sane
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5060 CT helper sip
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161 CT helper snmp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:69 CT helper tftp

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:10080 CT helper amanda
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 CT helper ftp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1719 CT helper RAS
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1720 CT helper Q.931
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6667 CT helper irc
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137 CT helper netbios-ns
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1723 CT helper pptp
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6566 CT helper sane
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5060 CT helper sip
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161 CT helper snmp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:69 CT helper tftp

Conntrack Table (0 out of 31756)


IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp4s1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    inet 172.16.120.1/24 brd 172.16.120.255 scope global enp4s1
       valid_lft forever preferred_lft forever
3: enp7s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    inet 192.168.14.1/24 brd 192.168.14.255 scope global enp7s0
       valid_lft forever preferred_lft forever
4: enp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
    inet 192.168.41.1/24 brd 192.168.41.255 scope global enp5s0
       valid_lft forever preferred_lft forever

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    1048       12       0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    1048       12       0       0       0       0       
2: enp4s1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
    link/ether e8:94:f6:03:36:59 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0       
3: enp7s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
    link/ether e8:94:f6:03:33:d8 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0       
4: enp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000
    link/ether 00:1d:09:ff:44:4a brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0       

Routing Rules

0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 

Table default:


Table local:

local 192.168.41.1 dev enp5s0 proto kernel scope host src 192.168.41.1
local 192.168.14.1 dev enp7s0 proto kernel scope host src 192.168.14.1
local 172.16.120.1 dev enp4s1 proto kernel scope host src 172.16.120.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.41.255 dev enp5s0 proto kernel scope link src 192.168.41.1
broadcast 192.168.41.0 dev enp5s0 proto kernel scope link src 192.168.41.1
broadcast 192.168.14.255 dev enp7s0 proto kernel scope link src 192.168.14.1
broadcast 192.168.14.0 dev enp7s0 proto kernel scope link src 192.168.14.1
broadcast 172.16.120.255 dev enp4s1 proto kernel scope link src 172.16.120.1
broadcast 172.16.120.0 dev enp4s1 proto kernel scope link src 172.16.120.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1

Table main:

192.168.41.0/24 dev enp5s0 proto kernel scope link src 192.168.41.1 metric 100
192.168.14.0/24 dev enp7s0 proto kernel scope link src 192.168.14.1 metric 100
172.16.120.0/24 dev enp4s1 proto kernel scope link src 172.16.120.1 metric 100
default via 172.16.120.254 dev enp4s1 proto static metric 100

Per-IP Counters

   iptaccount is not installed

NF Accounting

No NF Accounting defined (nfacct not found)

Events


/proc

   /proc/version = Linux version 3.10.0-514.16.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Wed Apr 12 15:04:24 UTC 2017
   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 0
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/default/log_martians = 1
   /proc/sys/net/ipv4/conf/enp4s1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/enp4s1/arp_filter = 0
   /proc/sys/net/ipv4/conf/enp4s1/arp_ignore = 0
   /proc/sys/net/ipv4/conf/enp4s1/rp_filter = 1
   /proc/sys/net/ipv4/conf/enp4s1/log_martians = 1
   /proc/sys/net/ipv4/conf/enp5s0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/enp5s0/arp_filter = 0
   /proc/sys/net/ipv4/conf/enp5s0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/enp5s0/rp_filter = 1
   /proc/sys/net/ipv4/conf/enp5s0/log_martians = 1
   /proc/sys/net/ipv4/conf/enp7s0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/enp7s0/arp_filter = 0
   /proc/sys/net/ipv4/conf/enp7s0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/enp7s0/rp_filter = 1
   /proc/sys/net/ipv4/conf/enp7s0/log_martians = 1
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/log_martians = 1

ARP

? (192.168.14.12) at <incomplete> on enp7s0

Modules

iptable_filter         12810  1 
iptable_mangle         12695  1 
iptable_nat            12875  1 
iptable_raw            12678  1 
ip_tables              27115  4 iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_REJECT             12541  4 
nf_conntrack          111302  28 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,nf_conntrack_proto_udplite,nf_nat,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda    13041  3 nf_nat_amanda
nf_conntrack_broadcast    12589  2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp       18638  3 nf_nat_ftp
nf_conntrack_h323      73895  5 nf_nat_h323
nf_conntrack_ipv4      19108  73 
nf_conntrack_irc       13518  3 nf_nat_irc
nf_conntrack_netbios_ns    12665  2 
nf_conntrack_netlink    40449  0 
nf_conntrack_pptp      19257  3 nf_nat_pptp
nf_conntrack_proto_gre    14434  1 nf_conntrack_pptp
nf_conntrack_proto_sctp    19025  0 
nf_conntrack_proto_udplite    13281  0 
nf_conntrack_sane      13143  2 
nf_conntrack_sip       33860  3 nf_nat_sip
nf_conntrack_snmp      12857  3 nf_nat_snmp_basic
nf_conntrack_tftp      13121  3 nf_nat_tftp
nf_defrag_ipv4         12729  1 nf_conntrack_ipv4
nf_log_common          13317  1 nf_log_ipv4
nf_log_ipv4            12767  37 
nf_nat                 26147  10 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat
nf_nat_amanda          12491  0 
nf_nat_ftp             12770  0 
nf_nat_h323            17720  0 
nf_nat_ipv4            14115  1 iptable_nat
nf_nat_irc             12723  0 
nf_nat_pptp            13115  0 
nf_nat_proto_gre       13009  1 nf_nat_pptp
nf_nat_sip             17152  0 
nf_nat_snmp_basic      17302  0 
nf_nat_tftp            12489  0 
nf_reject_ipv4         13373  1 ipt_REJECT
xt_addrtype            12676  5 
xt_comment             12504  63 
xt_conntrack           12760  50 
xt_CT                  12956  22 
xt_LOG                 12690  37 
xt_mark                12563  1 
xt_multiport           12798  18 
xt_nat                 12681  9 
xt_NFLOG               12537  0 
xt_recent              18542  1 

Shorewall has detected the following iptables/netfilter capabilities:
   ACCOUNT Target (ACCOUNT_TARGET): Not available
   Address Type Match (ADDRTYPE): Available
   Amanda Helper: Available
   Arptables JF (ARPTABLESJF): Not available
   AUDIT Target (AUDIT_TARGET): Available
   Basic Ematch (BASIC_EMATCH): Available
   Basic Filter (BASIC_FILTER): Available
   Capabilities Version (CAPVERSION): 50004
   Checksum Target (CHECKSUM_TARGET): Available
   CLASSIFY Target (CLASSIFY_TARGET): Available
   Comments (COMMENTS): Available
   Condition Match (CONDITION_MATCH): Not available
   Connection Tracking Match (CONNTRACK_MATCH): Available
   Connlimit Match (CONNLIMIT_MATCH): Available
   Connmark Match (CONNMARK_MATCH): Available
   CONNMARK Target (CONNMARK): Available
   CT Target (CT_TARGET): Available
   DSCP Match (DSCP_MATCH): Available
   DSCP Target (DSCP_TARGET): Available
   Enhanced Multi-port Match (EMULIPORT): Available
   Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
   Extended Connmark Match (XCONNMARK_MATCH): Available
   Extended CONNMARK Target (XCONNMARK): Available
   Extended MARK Target 2 (EXMARK): Available
   Extended MARK Target (XMARK): Available
   Extended Multi-port Match (XMULIPORT): Available
   Extended REJECT (ENHANCED_REJECT): Available
   FLOW Classifier (FLOW_FILTER): Available
   FTP-0 Helper: Not available
   FTP Helper: Available
   fwmark route mask (FWMARK_RT_MASK): Available
   Geo IP Match (GEOIP_MATCH): Not available
   Goto Support (GOTO_TARGET): Available
   H323 Helper: Available
   Hashlimit Match (HASHLIMIT_MATCH): Available
   Header Match (HEADER_MATCH): Not available
   Helper Match (HELPER_MATCH): Available
   Iface Match (IFACE_MATCH): Not available
   IMQ Target (IMQ_TARGET): Not available
   IPMARK Target (IPMARK_TARGET): Not available
   IPP2P Match (IPP2P_MATCH): Not available
   IP range Match(IPRANGE_MATCH): Available
   ipset V5 (IPSET_V5): Not available
   iptables -S (IPTABLES_S): Available
   iptables --wait option (WAIT_OPTION): Available
   IRC-0 Helper: Not available
   IRC Helper: Available
   Kernel Version (KERNELVERSION): 31000
   LOGMARK Target (LOGMARK_TARGET): Not available
   LOG Target (LOG_TARGET): Available
   Mangle FORWARD Chain (MANGLE_FORWARD): Available
   Mark in the filter table (MARK_ANYWHERE): Available
   MARK Target (MARK): Available
   MASQUERADE Target (MASQUERADE_TGT): Available
   Multi-port Match (MULTIPORT): Available
   NAT (NAT_ENABLED): Available
   Netbios_ns Helper: Available
   New tos Match (NEW_TOS_MATCH): Available
   NFAcct Match: Not available
   NFLOG Target (NFLOG_TARGET): Available
   NFQUEUE Target (NFQUEUE_TARGET): Available
   Owner Match (OWNER_MATCH): Available
   Owner Name Match (OWNER_NAME_MATCH): Available
   Packet length Match (LENGTH_MATCH): Available
   Packet Mangling (MANGLE_ENABLED): Available
   Packet Type Match (USEPKTTYPE): Available
   Persistent SNAT (PERSISTENT_SNAT): Available
   Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
   Physdev Match (PHYSDEV_MATCH): Available
   Policy Match (POLICY_MATCH): Available
   PPTP Helper: Available
   Rawpost Table (RAWPOST_TABLE): Not available
   Raw Table (RAW_TABLE): Available
   Realm Match (REALM_MATCH): Available
   Recent Match "--reap" option (REAP_OPTION): Available
   Recent Match (RECENT_MATCH): Available
   Repeat match (KLUDGEFREE): Available
   RPFilter Match (RPFILTER_MATCH): Available
   SANE-0 Helper: Not available
   SANE Helper: Available
   SIP-0 Helper: Not available
   SIP Helper: Available
   SNMP Helper: Available
   Statistic Match (STATISTIC_MATCH): Available
   TARPIT Target (TARPIT_TARGET): Not available
   TCPMSS Match (TCPMSS_MATCH): Available
   TCPMSS Target (TCPMSS_TARGET): Available
   TFTP-0 Helper: Not available
   TFTP Helper: Available
   Time Match (TIME_MATCH): Available
   TPROXY Target (TPROXY_TARGET): Available
   UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
   ULOG Target (ULOG_TARGET): Not available

Netid  State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
tcp    LISTEN     0      128       *:22                    *:*                   users:(("sshd",pid=818,fd=3))
tcp    LISTEN     0      100    127.0.0.1:25                    *:*                   users:(("master",pid=2008,fd=13))

Traffic Control

Device lo:
qdisc noqueue 0: root refcnt 2 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 


Device enp4s1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 


Device enp7s0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 


Device enp5s0:
qdisc mq 0: root 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 

class mq :1 root 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 
class mq :2 root 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 
class mq :3 root 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 
class mq :4 root 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 
class mq :5 root 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 


TC Filters

Device lo:

Device enp4s1:

Device enp7s0:

Device enp5s0:

