Tom & Bill
Attached is the output of the "shorewall dump" command.
I changed LOGFILE = /var/log/shorewall but nothing is ever written
there.
Thanks
Jim
On 12/12/2017 02:39 PM, Tom Eastep wrote:
On 12/12/2017 01:16 PM, jamby wrote:
Bill
from the FW I can ping out into the internet. And Firefox will
connect to websites.
But from 192.168.2.8 neither will work. And nothing shows up the
messages file.
As frustrated as I am, I am sure its worse for you since you can't see
what is going on here.
I am sure I have some minor statement wrong that's keeping it from running.
The best way to proceed would be to forward the output of 'shorewall
dump', collected as described at
http://www.shorewall.org/support.htm#Guidelines
-Tom
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Shorewall 5.0.14.1 Dump at nub3 - Tue Dec 12 15:14:28 PST 2017
Shorewall is running
State:Started Tue Dec 12 12:55:41 PST 2017 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Tue Dec 12 12:55:41 PST 2017 by Shorewall
version 5.0.14.1)
Counters reset Tue Dec 12 12:55:41 PST 2017
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
17354 25M wan-fw all -- enp4s0 * 0.0.0.0/0 0.0.0.0/0
314 45151 lan-fw all -- enp3s0 * 0.0.0.0/0 0.0.0.0/0
252 29498 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 134 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
377 22620 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 wan_frwd all -- enp4s0 * 0.0.0.0/0 0.0.0.0/0
499 30275 lan_frwd all -- enp3s0 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy ACCEPT 23 packets, 2730 bytes)
pkts bytes target prot opt in out source destination
Chain Reject (3 references)
pkts bytes target prot opt in out source destination
2 134 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
2 134 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain lan-fw (1 references)
pkts bytes target prot opt in out source destination
292 43321 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
16 1384 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
314 45151 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain lan_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * enp3s0 0.0.0.0/0 0.0.0.0/0
[goto]
499 30275 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
406 24266 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
499 30275 ACCEPT all -- * enp4s0 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (8 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sfilter (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain sha-lh-acbfe68c7645adfd56e0 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-c74671b297964da54693 (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain wan-fw (1 references)
pkts bytes target prot opt in out source destination
305 20917 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
305 20917 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
16971 25M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
17049 25M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
11 859 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
3 252 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
291 19806 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain wan-lan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:wan-lan:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain wan_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 wan-lan all -- * enp3s0 0.0.0.0/0 0.0.0.0/0
Log (/var/log/shorewall)
NAT Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 23 packets, 2730 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 23 packets, 2730 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
499 30275 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
Chain OUTPUT (policy ACCEPT 23 packets, 2730 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 23 packets, 2730 bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 23 packets, 2730 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 23 packets, 2730 bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (1 out of 65536)
ipv4 2 tcp 6 65 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=52790
dport=25 src=127.0.0.1 dst=127.0.0.1 sport=25 dport=52790 [ASSURED] mark=0
secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state
DOWN qlen 1000
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
76745 917 0 0 0 0
TX: bytes packets errors dropped carrier collsns
76745 917 0 0 0 0
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN
mode DEFAULT qlen 1000
link/ether 00:1a:a0:c8:63:e9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
172858 1607 0 0 0 0
TX: bytes packets errors dropped carrier collsns
57276 453 0 0 0 0
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state
DOWN mode DEFAULT qlen 1000
link/ether 00:18:f8:0c:9e:a6 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
25092796 19021 0 0 0 0
TX: bytes packets errors dropped carrier collsns
924637 12773 36 0 36 0
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state
DOWN mode DEFAULT qlen 1000
link/ether 52:54:00:e6:7f:3d brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0
state DOWN mode DEFAULT qlen 1000
link/ether 52:54:00:e6:7f:3d brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
virbr0 8000.525400e67f3d yes virbr0-nic
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.122.1 dev virbr0 proto kernel scope host src 192.168.122.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.122.255 dev virbr0 proto kernel scope link src 192.168.122.1
broadcast 192.168.122.0 dev virbr0 proto kernel scope link src 192.168.122.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
/proc
/proc/version = Linux version 3.10.0-693.11.1.el7.x86_64
(buil...@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat
4.8.5-16) (GCC) ) #1 SMP Mon Dec 4 23:52:40 UTC 2017
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/enp3s0/proxy_arp = 0
/proc/sys/net/ipv4/conf/enp3s0/arp_filter = 0
/proc/sys/net/ipv4/conf/enp3s0/arp_ignore = 0
/proc/sys/net/ipv4/conf/enp3s0/rp_filter = 0
/proc/sys/net/ipv4/conf/enp3s0/log_martians = 1
/proc/sys/net/ipv4/conf/enp4s0/proxy_arp = 0
/proc/sys/net/ipv4/conf/enp4s0/arp_filter = 0
/proc/sys/net/ipv4/conf/enp4s0/arp_ignore = 0
/proc/sys/net/ipv4/conf/enp4s0/rp_filter = 0
/proc/sys/net/ipv4/conf/enp4s0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/virbr0/proxy_arp = 0
/proc/sys/net/ipv4/conf/virbr0/arp_filter = 0
/proc/sys/net/ipv4/conf/virbr0/arp_ignore = 0
/proc/sys/net/ipv4/conf/virbr0/rp_filter = 0
/proc/sys/net/ipv4/conf/virbr0/log_martians = 1
/proc/sys/net/ipv4/conf/virbr0-nic/proxy_arp = 0
/proc/sys/net/ipv4/conf/virbr0-nic/arp_filter = 0
/proc/sys/net/ipv4/conf/virbr0-nic/arp_ignore = 0
/proc/sys/net/ipv4/conf/virbr0-nic/rp_filter = 0
/proc/sys/net/ipv4/conf/virbr0-nic/log_martians = 1
ARP
Modules
ip_set 36439 2 ip_set_hash_ip,xt_set
ip_set_hash_ip 27260 0
iptable_filter 12810 1
iptable_mangle 12695 1
iptable_nat 12875 0
iptable_raw 12678 0
ip_tables 27115 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_MASQUERADE 12678 0
ipt_REJECT 12541 4
ipt_rpfilter 12606 0
nf_conntrack 133387 30
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,nf_nat,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 13041 1 nf_nat_amanda
nf_conntrack_broadcast 12589 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 18638 1 nf_nat_ftp
nf_conntrack_h323 73895 1 nf_nat_h323
nf_conntrack_ipv4 15053 12
nf_conntrack_irc 13518 1 nf_nat_irc
nf_conntrack_netbios_ns 12665 0
nf_conntrack_netlink 40449 0
nf_conntrack_pptp 19257 1 nf_nat_pptp
nf_conntrack_proto_gre 14434 1 nf_conntrack_pptp
nf_conntrack_sane 13143 0
nf_conntrack_sip 33860 1 nf_nat_sip
nf_conntrack_snmp 12857 1 nf_nat_snmp_basic
nf_conntrack_tftp 13121 1 nf_nat_tftp
nf_defrag_ipv4 12729 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 35104 1 xt_TPROXY
nf_log_common 13317 1 nf_log_ipv4
nf_log_ipv4 12767 6
nf_nat 26787 11
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,nf_nat_masquerade_ipv4
nf_nat_amanda 12491 0
nf_nat_ftp 12770 0
nf_nat_h323 17720 0
nf_nat_ipv4 14115 1 iptable_nat
nf_nat_irc 12723 0
nf_nat_masquerade_ipv4 13412 1 ipt_MASQUERADE
nf_nat_pptp 13115 0
nf_nat_proto_gre 13009 1 nf_nat_pptp
nf_nat_sip 17152 0
nf_nat_snmp_basic 17302 0
nf_nat_tftp 12489 0
nf_reject_ipv4 13373 1 ipt_REJECT
xt_addrtype 12676 5
xt_AUDIT 12682 0
xt_CHECKSUM 12549 0
xt_CLASSIFY 12507 0
xt_comment 12504 9
xt_connlimit 12917 0
xt_connmark 12755 0
xt_conntrack 12760 11
xt_CT 12956 0
xt_dscp 12597 0
xt_DSCP 12629 0
xt_hashlimit 17569 0
xt_helper 12583 0
xt_iprange 12783 0
xt_length 12536 0
xt_LOG 12690 6
xt_mark 12563 1
xt_multiport 12798 2
xt_nat 12681 0
xt_NFLOG 12537 0
xt_NFQUEUE 12697 0
xt_owner 12534 0
xt_physdev 12587 0
xt_pkttype 12504 0
xt_policy 12582 0
xt_realm 12498 0
xt_recent 18542 1
xt_set 13181 0
xt_statistic 12601 0
xt_tcpmss 12501 0
xt_TCPMSS 12707 1
xt_time 12661 0
xt_TPROXY 17327 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match Counters (IPSET_MATCH_COUNTERS): Available
Ipset Match (IPSET_MATCH): Available
Ipset Match Nomatch (IPSET_MATCH_NOMATCH): Available
ipset V5 (IPSET_V5): Available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 31000
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
udp UNCONN 0 0 *:36755 *:*
users:(("avahi-daemon",pid=713,fd=13))
udp UNCONN 0 0 127.0.0.1:53 *:*
users:(("dnsmasq",pid=1075,fd=8))
udp UNCONN 0 0 192.168.2.1:53 *:*
users:(("dnsmasq",pid=1075,fd=6))
udp UNCONN 0 0 192.168.122.1:53 *:*
users:(("dnsmasq",pid=1604,fd=5))
udp UNCONN 0 0 * %enp3s0:67 *:*
users:(("dnsmasq",pid=1075,fd=4))
udp UNCONN 0 0 * %virbr0:67 *:*
users:(("dnsmasq",pid=1604,fd=3))
udp UNCONN 0 0 *:137 *:*
users:(("nmbd",pid=1122,fd=16))
udp UNCONN 0 0 *:138 *:*
users:(("nmbd",pid=1122,fd=17))
udp UNCONN 0 0 *:5353 *:*
users:(("avahi-daemon",pid=713,fd=12))
udp UNCONN 0 0 127.0.0.1:323 *:*
users:(("chronyd",pid=777,fd=1))
tcp LISTEN 0 50 *:139 *:*
users:(("smbd",pid=1509,fd=38))
tcp LISTEN 0 128 *:111 *:*
users:(("systemd",pid=1,fd=44))
tcp LISTEN 0 5 127.0.0.1:53 *:*
users:(("dnsmasq",pid=1075,fd=9))
tcp LISTEN 0 5 192.168.2.1:53 *:*
users:(("dnsmasq",pid=1075,fd=7))
tcp LISTEN 0 5 192.168.122.1:53 *:*
users:(("dnsmasq",pid=1604,fd=6))
tcp LISTEN 0 128 *:22 *:*
users:(("sshd",pid=1077,fd=3))
tcp LISTEN 0 128 127.0.0.1:631 *:*
users:(("cupsd",pid=1074,fd=12))
tcp LISTEN 0 10 *:25 *:*
users:(("sendmail",pid=6094,fd=4))
tcp LISTEN 0 50 *:445 *:*
users:(("smbd",pid=1509,fd=37))
Traffic Control
Device lo:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device enp3s0:
qdisc mq 0: root
Sent 53322 bytes 453 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 53322 bytes 453 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :1 root
Sent 53322 bytes 453 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :5 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device enp4s0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 928477 bytes 12809 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device virbr0:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device virbr0-nic:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 180 bytes 2 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device lo:
Device enp3s0:
Device enp4s0:
Device virbr0:
Device virbr0-nic:
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
