Hej SW-list,
This is the first time that I'm writing directly to the SW list. First
of all, I want to thank you for this great software! I can hardly
believe that I have been using SW for more than 15 years - embedded in
the also great environment of LEAF (Linux Embedded Appliance Framework
(formerly Firewall)).
And now, for the first time, I have a problem that I don't understand
and hope for help:
My LEAF box (Ver. 6.x with SW 5.1.7.2 on Alix hardware) worked great on
a VDSL internet line with 25 Mbps / 5Mbps. I used a FritzBox 7490 as
modem (PassThrough). I have a web server and a mail server in a DMZ
segment, a few desktop PCs in the LAN segment and a few wireless devices
in a WLAN segment. The box also serves as an OpenVPN server. Nothing
really extraordinary, I think.
A few hours ago I got a new internet line switched with higher
bandwidth. Unfortunately, I don't (yet) have any detailed technical
specifications for the line other than the bandwidth (100Mbps / 40Mbps).
A new FritzBox 7590 serves as modem. During a conversation with the
support of the provider the keyword 'VLAN 7' was mentioned. This seems
to indicate a BNG connection from Telekom, but I didn't have to set up
VLAN tagging.
Now to the problem description: With the unchanged SW configuration,
REJECTS of TCP packets from and to the zone 'net' occur, which were
transported correctly before the switchover! It looks like some packets
are passing through sporadically, but I can't secure that and I can't
even reproduce it. All other zones work fine with each other, so
loc-wlan, wlan-dmz, dmz-loc and so on. In addition, icmp packets are
transported over the zone net without any problems.
In order to be able to use my environment, I removed all restrictions as
a temporary solution, with a global statement in /shorewall/policy:
all all ACCEPT
This is of course undesirable and I am looking for the cause of the
problem. I asked the provider for detailed specifications of the line.
Maybe someone has an idea here? I deactivated the global ACCEPT again
and made a dump, which is attached.
Many thanks and many greetings,
Boris
Shorewall 5.1.7.2 Dump at nordgate4 - Wed Sep 5 14:45:09 UTC 2018
Shorewall is running
State:Started Wed Sep 5 14:38:44 UTC 2018 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Wed Sep 5 14:38:40 UTC 2018 by Shorewall
version 5.1.7.2)
Counters reset Wed Sep 5 14:38:44 UTC 2018
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
242 29499 net-fw all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
54 2648 loc-fw all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn-fw all -- tun+ * 0.0.0.0/0 0.0.0.0/0
236 16845 wlan-fw all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
71 5564 dmz-fw all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
14 1175 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
3 108 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
11 1067 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "INPUT REJECT " nflog-group 4
11 1067 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
270 16144 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
19816 28M net_frwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 loc_frwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 vpn_frwd all -- tun+ * 0.0.0.0/0 0.0.0.0/0
12222 866K wlan_frwd all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
3020 2655K dmz_frwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0
84 46158 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
84 46158 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "FORWARD REJECT " nflog-group 4
84 46158 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
325 34764 fw-net all -- * ppp0 0.0.0.0/0 0.0.0.0/0
4 248 fw-loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
154 20244 fw-wlan all -- * wlan0 0.0.0.0/0 0.0.0.0/0
71 9342 fw-dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "OUTPUT REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain Broadcast (20 references)
pkts bytes target prot opt in out source destination
100 4800 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
Chain dmz-fw (1 references)
pkts bytes target prot opt in out source destination
30 2192 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
41 3372 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
30 2192 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,22 /* DNS, SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123 /* NTP */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "dmz-fw REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "dmz-loc REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-vpn (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "dmz-vpn REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz-wlan (1 references)
pkts bytes target prot opt in out source destination
2601 2346K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
1 40 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
1 40 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "dmz-wlan REJECT " nflog-group 4
1 40 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * eth2 0.0.0.0/0 0.0.0.0/0
[goto]
10 676 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
3014 2655K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
418 310K ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 dmz-loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 dmz-vpn all -- * tun+ 0.0.0.0/0 0.0.0.0/0
2602 2346K dmz-wlan all -- * wlan0 0.0.0.0/0 0.0.0.0/0
Chain dynamic (10 references)
pkts bytes target prot opt in out source destination
Chain fw-dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
71 9342 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "fw-dmz REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fw-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
4 248 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "fw-loc REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fw-net (1 references)
pkts bytes target prot opt in out source destination
38 2508 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1194
150 22435 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
137 9821 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 /* DNS */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123 /* NTP */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "fw-net REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain fw-wlan (1 references)
pkts bytes target prot opt in out source destination
1 338 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
153 19906 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "fw-wlan REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc-dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* HTTP, HTTPS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.24.120 multiport dports 110,995,143,143,25,587
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.24.120 tcp dpt:443 ctorigdstport 4443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 /* FTP */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "loc-dmz REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc-fw (1 references)
pkts bytes target prot opt in out source destination
51 2462 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
3 186 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
1 62 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,22 /* DNS, SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* HTTP, HTTPS */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123 /* NTP */
50 2400 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "loc-fw REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * eth1 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 loc-dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "logflags DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-dmz (1 references)
pkts bytes target prot opt in out source destination
308 36509 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
2 104 ACCEPT tcp -- * * 0.0.0.0/0
192.168.24.100 multiport dports 80,443
7 412 ACCEPT tcp -- * * 0.0.0.0/0
192.168.24.120 multiport dports 110,995,143,143,25,587
6 360 ACCEPT tcp -- * * 0.0.0.0/0
192.168.24.120 tcp dpt:443 ctorigdstport 4443
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-fw (1 references)
pkts bytes target prot opt in out source destination
43 2734 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
66 5628 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
32 2208 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1194
167 24557 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
5 284 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
38 2450 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
38 2450 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.23.195 tcp dpt:9981 ctorigdstport 81
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * ppp0 0.0.0.0/0 0.0.0.0/0
[goto]
15 876 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
19802 28M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net-loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ~comb0 all -- * tun+ 0.0.0.0/0 0.0.0.0/0
19493 28M ~comb0 all -- * wlan0 0.0.0.0/0 0.0.0.0/0
323 37385 net-dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain reject (17 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
90 46851 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
6 414 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain sfilter (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "sfilter DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain sha-lh-b6eb2c83db2a7edb0594 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-fb181bd6ba61a513bcdf (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (10 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain vpn-fw (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain vpn-net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "vpn-net REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain vpn_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * tun+ 0.0.0.0/0 0.0.0.0/0
[goto]
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 vpn-net all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain wlan-dmz (1 references)
pkts bytes target prot opt in out source destination
2207 222K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
25 1537 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* HTTP, HTTPS */
26 1540 ACCEPT tcp -- * * 0.0.0.0/0
192.168.24.120 multiport dports 110,995,143,143,25,587
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.24.120 tcp dpt:443 ctorigdstport 4443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 /* FTP */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "wlan-dmz REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain wlan-fw (1 references)
pkts bytes target prot opt in out source destination
152 9421 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
1 330 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
79 7084 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
84 7424 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
101 6691 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 /* DNS */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53,22 /* DNS, SSH */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* HTTP, HTTPS */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:123 /* NTP */
50 2400 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
nflog-prefix "wlan-fw REJECT " nflog-group 4
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain wlan_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all -- * wlan0 0.0.0.0/0 0.0.0.0/0
[goto]
129 9078 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
12214 863K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
9964 641K ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
2258 225K wlan-dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain ~comb0 (2 references)
pkts bytes target prot opt in out source destination
19493 28M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Log (/var/log/shorewall.log)
Sep 5 14:44:42 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=1492 TOS=00 PREC=0x00 TTL=244 ID=50130 PROTO=TCP SPT=443
DPT=45410 SEQ=3869039138 ACK=2098924459 WINDOW=1137 ACK URGP=0 MARK=0
Sep 5 14:44:42 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=1492 TOS=00 PREC=0x00 TTL=244 ID=50131 PROTO=TCP SPT=443
DPT=45410 SEQ=3869040578 ACK=2098924459 WINDOW=1137 ACK URGP=0 MARK=0
Sep 5 14:44:42 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=470 TOS=00 PREC=0x00 TTL=244 ID=50132 PROTO=TCP SPT=443
DPT=45410 SEQ=3869042018 ACK=2098924459 WINDOW=1137 ACK PSH URGP=0 MARK=0
Sep 5 14:44:52 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=1492 TOS=00 PREC=0x00 TTL=244 ID=53383 PROTO=TCP SPT=443
DPT=45412 SEQ=1000649110 ACK=1986188422 WINDOW=1137 ACK URGP=0 MARK=0
Sep 5 14:44:52 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=1492 TOS=00 PREC=0x00 TTL=244 ID=53384 PROTO=TCP SPT=443
DPT=45412 SEQ=1000650550 ACK=1986188422 WINDOW=1137 ACK URGP=0 MARK=0
Sep 5 14:44:52 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=1492 TOS=00 PREC=0x00 TTL=244 ID=53385 PROTO=TCP SPT=443
DPT=45412 SEQ=1000651990 ACK=1986188422 WINDOW=1137 ACK URGP=0 MARK=0
Sep 5 14:44:52 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=470 TOS=00 PREC=0x00 TTL=244 ID=53386 PROTO=TCP SPT=443
DPT=45412 SEQ=1000653430 ACK=1986188422 WINDOW=1137 ACK PSH URGP=0 MARK=0
Sep 5 14:44:55 FORWARD REJECT IN=eth0 OUT=eth2 SRC=2.247.247.130
DST=192.168.24.120 LEN=52 TOS=00 PREC=0x00 TTL=50 ID=23995 DF PROTO=TCP
SPT=25346 DPT=110 SEQ=2938554572 ACK=2456378748 WINDOW=343 ACK URGP=0 MARK=0
Sep 5 14:44:55 FORWARD REJECT IN=eth0 OUT=eth2 SRC=2.247.247.130
DST=192.168.24.120 LEN=58 TOS=00 PREC=0x00 TTL=50 ID=23996 DF PROTO=TCP
SPT=25346 DPT=110 SEQ=2938554572 ACK=2456378748 WINDOW=343 ACK PSH URGP=0
MARK=0
Sep 5 14:44:58 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=216.58.213.206
DST=192.168.25.153 LEN=121 TOS=00 PREC=0x00 TTL=57 ID=27767 PROTO=TCP SPT=443
DPT=55340 SEQ=1640482824 ACK=3816325244 WINDOW=240 ACK PSH URGP=0 MARK=0
Sep 5 14:44:58 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=216.58.213.206
DST=192.168.25.153 LEN=90 TOS=00 PREC=0x00 TTL=57 ID=27768 PROTO=TCP SPT=443
DPT=55340 SEQ=1640482893 ACK=3816326415 WINDOW=249 ACK PSH URGP=0 MARK=0
Sep 5 14:44:58 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=216.58.213.206
DST=192.168.25.153 LEN=358 TOS=00 PREC=0x00 TTL=57 ID=27769 PROTO=TCP SPT=443
DPT=55340 SEQ=1640482931 ACK=3816326415 WINDOW=249 ACK PSH URGP=0 MARK=0
Sep 5 14:44:58 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=216.58.213.206
DST=192.168.25.153 LEN=495 TOS=00 PREC=0x00 TTL=57 ID=27770 PROTO=TCP SPT=443
DPT=55340 SEQ=1640483237 ACK=3816326415 WINDOW=249 ACK PSH URGP=0 MARK=0
Sep 5 14:44:58 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=216.58.213.206
DST=192.168.25.153 LEN=98 TOS=00 PREC=0x00 TTL=57 ID=27771 PROTO=TCP SPT=443
DPT=55340 SEQ=1640483680 ACK=3816326415 WINDOW=249 ACK PSH URGP=0 MARK=0
Sep 5 14:44:58 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=216.58.213.206
DST=192.168.25.153 LEN=208 TOS=00 PREC=0x00 TTL=57 ID=27782 PROTO=TCP SPT=443
DPT=55342 SEQ=445521404 ACK=254448996 WINDOW=240 ACK PSH URGP=0 MARK=0
Sep 5 14:45:00 INPUT REJECT IN=eth0 OUT= SRC=79.247.162.132
DST=217.70.192.188 LEN=69 TOS=00 PREC=0x00 TTL=55 ID=36439 DF PROTO=UDP
SPT=1194 DPT=1194 LEN=49 MARK=0
Sep 5 14:45:03 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=1492 TOS=00 PREC=0x00 TTL=244 ID=57791 PROTO=TCP SPT=443
DPT=45420 SEQ=806149962 ACK=2121437653 WINDOW=1137 ACK URGP=0 MARK=0
Sep 5 14:45:03 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=1492 TOS=00 PREC=0x00 TTL=244 ID=57792 PROTO=TCP SPT=443
DPT=45420 SEQ=806151402 ACK=2121437653 WINDOW=1137 ACK URGP=0 MARK=0
Sep 5 14:45:03 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=1492 TOS=00 PREC=0x00 TTL=244 ID=57793 PROTO=TCP SPT=443
DPT=45420 SEQ=806152842 ACK=2121437653 WINDOW=1137 ACK URGP=0 MARK=0
Sep 5 14:45:03 FORWARD REJECT IN=eth0 OUT=wlan0 SRC=193.99.144.85
DST=192.168.25.153 LEN=470 TOS=00 PREC=0x00 TTL=244 ID=57794 PROTO=TCP SPT=443
DPT=45420 SEQ=806154282 ACK=2121437653 WINDOW=1137 ACK PSH URGP=0 MARK=0
NAT Table
Chain PREROUTING (policy ACCEPT 370 packets, 24144 bytes)
pkts bytes target prot opt in out source destination
53 3398 net_dnat all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:4443 to:192.168.24.120:443
0 0 DNAT tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:4443 to:192.168.24.120:443
Chain INPUT (policy ACCEPT 96 packets, 6702 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 137 packets, 9821 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 201 packets, 13682 bytes)
pkts bytes target prot opt in out source destination
219 16215 ppp0_masq all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:81 to:192.168.23.195:9981
2 104 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 to:192.168.24.100
7 412 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 110,995,143,143,25,587 to:192.168.24.120
6 360 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:4443 to:192.168.24.120:443
Chain ppp0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.23.0/24 0.0.0.0/0
9 636 MASQUERADE all -- * * 192.168.24.0/24 0.0.0.0/0
73 5758 MASQUERADE all -- * * 192.168.25.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 35773 packets, 32M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 618 packets, 55800 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 35145 packets, 32M bytes)
pkts bytes target prot opt in out source destination
35145 32M MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
Chain OUTPUT (policy ACCEPT 556 packets, 64704 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 35615 packets, 32M bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 35773 packets, 32M bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
1 428 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 556 packets, 64704 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (59 out of 8192)
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52108 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52108 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431766 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52150 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52150 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431776 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52172 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52172 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431393 ESTABLISHED src=79.247.162.132 dst=217.70.192.188
sport=34716 dport=143 src=192.168.24.120 dst=79.247.162.132 sport=143
dport=34716 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431777 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52174 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52174 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52154 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52154 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 52 TIME_WAIT src=192.168.25.153 dst=192.168.24.100
sport=49170 dport=443 src=192.168.24.100 dst=192.168.25.153 sport=443
dport=49170 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431770 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52160 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52160 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52170 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52170 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 8 CLOSE src=192.168.25.153 dst=216.58.213.206 sport=55346
dport=443 src=216.58.213.206 dst=217.70.192.188 sport=443 dport=55346 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 292 ESTABLISHED src=192.168.25.153 dst=193.99.144.85
sport=45420 dport=443 src=193.99.144.85 dst=217.70.192.188 sport=443
dport=45420 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431961 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52162 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52162 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 17 src=192.168.25.153 dst=192.168.25.254 sport=58477
dport=53 src=192.168.25.254 dst=192.168.25.153 sport=53 dport=58477 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431961 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52118 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52118 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52114 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52114 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 232 ESTABLISHED src=213.115.36.166 dst=217.70.192.188
sport=50533 dport=22 src=217.70.192.188 dst=213.115.36.166 sport=22 dport=50533
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 123 src=192.168.25.153 dst=192.168.25.254 sport=42535
dport=53 src=192.168.25.254 dst=192.168.25.153 sport=53 dport=42535 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52192 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52192 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431755 ESTABLISHED src=192.168.25.101 dst=108.177.119.188
sport=38125 dport=5228 src=108.177.119.188 dst=217.70.192.188 sport=5228
dport=38125 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52164 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52164 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 107 src=192.168.25.153 dst=192.168.25.254 sport=44450
dport=53 src=192.168.25.254 dst=192.168.25.153 sport=53 dport=44450 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52116 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52116 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431393 ESTABLISHED src=79.247.162.132 dst=217.70.192.188
sport=34718 dport=143 src=192.168.24.120 dst=79.247.162.132 sport=143
dport=34718 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52104 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52104 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431957 ESTABLISHED src=192.168.25.104 dst=74.125.143.188
sport=59966 dport=5228 src=74.125.143.188 dst=217.70.192.188 sport=5228
dport=59966 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 161 src=217.70.192.188 dst=159.69.38.175 sport=123
dport=123 src=159.69.38.175 dst=217.70.192.188 sport=123 dport=123 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 233 ESTABLISHED src=192.168.25.104 dst=52.209.146.186
sport=47094 dport=5223 src=52.209.146.186 dst=217.70.192.188 sport=5223
dport=47094 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 2 src=217.70.192.188 dst=213.178.70.1 sport=29864
dport=53 src=213.178.70.1 dst=217.70.192.188 sport=53 dport=29864 mark=0 zone=0
use=2
ipv4 2 udp 17 22 src=192.168.24.120 dst=192.168.24.254 sport=28186
dport=53 src=192.168.24.254 dst=192.168.24.120 sport=53 dport=28186 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 2 src=217.70.192.188 dst=213.178.70.1 sport=17153
dport=53 src=213.178.70.1 dst=217.70.192.188 sport=53 dport=17153 mark=0 zone=0
use=2
ipv4 2 tcp 6 294 ESTABLISHED src=2.247.247.130 dst=217.70.192.188
sport=25346 dport=110 src=192.168.24.120 dst=2.247.247.130 sport=110
dport=25346 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 82 TIME_WAIT src=192.168.25.153 dst=192.168.24.100
sport=49208 dport=443 src=192.168.24.100 dst=192.168.25.153 sport=443
dport=49208 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52106 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52106 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52110 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52110 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 112 TIME_WAIT src=192.168.25.153 dst=192.168.24.100
sport=49220 dport=443 src=192.168.24.100 dst=192.168.25.153 sport=443
dport=49220 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 22 TIME_WAIT src=192.168.25.153 dst=192.168.24.100
sport=49168 dport=443 src=192.168.24.100 dst=192.168.25.153 sport=443
dport=49168 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 7 src=192.168.25.153 dst=192.168.25.254 sport=44140
dport=53 src=192.168.25.254 dst=192.168.25.153 sport=53 dport=44140 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 179 src=79.247.162.132 dst=217.70.192.188 sport=1194
dport=1194 src=217.70.192.188 dst=79.247.162.132 sport=1194 dport=1194
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 235 ESTABLISHED src=213.115.36.166 dst=217.70.192.188
sport=50726 dport=22 src=217.70.192.188 dst=213.115.36.166 sport=22 dport=50726
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 2 CLOSE src=192.168.25.153 dst=193.99.144.85 sport=45412
dport=443 src=193.99.144.85 dst=217.70.192.188 sport=443 dport=45412 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 194 ESTABLISHED src=177.21.119.132 dst=217.70.192.188
sport=51995 dport=80 src=192.168.24.100 dst=177.21.119.132 sport=80 dport=51995
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 106 src=192.168.23.122 dst=192.168.23.254 sport=53
dport=53 src=192.168.23.254 dst=192.168.23.122 sport=53 dport=53 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431769 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52158 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52158 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52152 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52152 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431919 ESTABLISHED src=91.64.14.52 dst=217.70.192.188
sport=35673 dport=143 src=192.168.24.120 dst=91.64.14.52 sport=143 dport=35673
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=192.168.25.153 dst=192.168.25.254
sport=38154 dport=22 src=192.168.25.254 dst=192.168.25.153 sport=22 dport=38154
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 299 ESTABLISHED src=89.204.137.155 dst=217.70.192.188
sport=10010 dport=143 src=192.168.24.120 dst=89.204.137.155 sport=143
dport=10010 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=192.168.25.153 dst=213.158.112.138
sport=38692 dport=80 src=213.158.112.138 dst=217.70.192.188 sport=80
dport=38692 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 8 CLOSE src=192.168.25.153 dst=216.58.213.206 sport=55342
dport=443 src=216.58.213.206 dst=217.70.192.188 sport=443 dport=55342 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431950 ESTABLISHED src=192.168.25.101 dst=13.69.158.96
sport=48078 dport=443 src=13.69.158.96 dst=217.70.192.188 sport=443 dport=48078
[ASSURED] mark=0 zone=0 use=2
ipv4 2 unknown 2 501 src=192.168.178.1 dst=224.0.0.1 [UNREPLIED]
src=224.0.0.1 dst=192.168.178.1 mark=0 zone=0 use=2
ipv4 2 tcp 6 431772 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52166 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52166 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431962 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52112 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52112 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 2 src=217.70.192.188 dst=82.97.146.3 sport=29864
dport=53 src=82.97.146.3 dst=217.70.192.188 sport=53 dport=29864 mark=0 zone=0
use=2
ipv4 2 udp 17 152 src=192.168.25.153 dst=192.168.25.254 sport=56408
dport=53 src=192.168.25.254 dst=192.168.25.153 sport=53 dport=56408 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431773 ESTABLISHED src=192.168.25.153 dst=192.168.24.120
sport=52168 dport=143 src=192.168.24.120 dst=192.168.25.153 sport=143
dport=52168 [ASSURED] mark=0 zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN group default qlen 1000
inet 192.168.23.254/24 brd 192.168.23.255 scope global eth1
valid_lft forever preferred_lft forever
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN group default qlen 1000
inet 192.168.24.254/24 brd 192.168.24.255 scope global eth2
valid_lft forever preferred_lft forever
8: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
inet 192.168.25.254/24 brd 192.168.25.255 scope global wlan0
valid_lft forever preferred_lft forever
10: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN group default qlen 100
inet 10.9.1.1 peer 10.9.1.2/32 scope global tun0
valid_lft forever preferred_lft forever
12: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast
state UNKNOWN group default qlen 3
inet 217.70.192.188 peer 213.178.81.101/32 scope global ppp0
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
911 13 0 0 0 0
TX: bytes packets errors dropped carrier collsns
911 13 0 0 0 0
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group
default qlen 1000
link/ether 96:be:41:bc:d4:8a brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN mode DEFAULT group default qlen 1000
link/ether 00:0d:b9:13:fb:d8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
227561850 449301 0 44728 0 0
TX: bytes packets errors dropped carrier collsns
190388894 403027 0 0 0 0
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN mode DEFAULT group default qlen 1000
link/ether 00:0d:b9:13:fb:d9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
6076134 72282 0 0 0 0
TX: bytes packets errors dropped carrier collsns
160984324 116097 0 0 0 0
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN mode DEFAULT group default qlen 1000
link/ether 00:0d:b9:13:fb:da brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
341184630 419171 0 0 0 0
TX: bytes packets errors dropped carrier collsns
75979041 315159 0 0 0 0
6: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group
default qlen 32
link/ether ca:55:23:b4:0c:4e brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
7: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group
default qlen 32
link/ether 96:8b:37:7c:21:e4 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
8: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DEFAULT group default qlen 1000
link/ether 02:80:48:54:85:80 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
11529075 98137 0 124 0 0
TX: bytes packets errors dropped carrier collsns
163977888 143432 0 0 0 0
10: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN mode DEFAULT group default qlen 100
link/none
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
11: wlan0_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DEFAULT group default qlen 1000
link/ether 02:80:48:54:85:81 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
12: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast
state UNKNOWN mode DEFAULT group default qlen 3
link/ppp
RX: bytes packets errors dropped overrun mcast
30525613 23407 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2261099 14260 0 0 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 217.70.192.188 dev ppp0 proto kernel scope host src 217.70.192.188
local 192.168.25.254 dev wlan0 proto kernel scope host src 192.168.25.254
local 192.168.24.254 dev eth2 proto kernel scope host src 192.168.24.254
local 192.168.23.254 dev eth1 proto kernel scope host src 192.168.23.254
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.9.1.1 dev tun0 proto kernel scope host src 10.9.1.1
broadcast 192.168.25.255 dev wlan0 proto kernel scope link src 192.168.25.254
broadcast 192.168.25.0 dev wlan0 proto kernel scope link src 192.168.25.254
broadcast 192.168.24.255 dev eth2 proto kernel scope link src 192.168.24.254
broadcast 192.168.24.0 dev eth2 proto kernel scope link src 192.168.24.254
broadcast 192.168.23.255 dev eth1 proto kernel scope link src 192.168.23.254
broadcast 192.168.23.0 dev eth1 proto kernel scope link src 192.168.23.254
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
213.178.81.101 dev ppp0 proto kernel scope link src 217.70.192.188
10.9.1.2 dev tun0 proto kernel scope link src 10.9.1.1
192.168.25.0/24 dev wlan0 proto kernel scope link src 192.168.25.254
192.168.24.0/24 dev eth2 proto kernel scope link src 192.168.24.254
192.168.23.0/24 dev eth1 proto kernel scope link src 192.168.23.254
192.168.10.0/24 via 10.9.1.2 dev tun0
10.9.1.0/24 via 10.9.1.2 dev tun0
default dev ppp0 scope link
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 4.9.59-geode (kapeka@stalker) (gcc version
5.4.0 (GCC) ) #1 Sat Oct 28 18:04:39 CEST 2017
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/dummy0/proxy_arp = 0
/proc/sys/net/ipv4/conf/dummy0/arp_filter = 0
/proc/sys/net/ipv4/conf/dummy0/arp_ignore = 0
/proc/sys/net/ipv4/conf/dummy0/rp_filter = 0
/proc/sys/net/ipv4/conf/dummy0/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 0
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 0
/proc/sys/net/ipv4/conf/eth2/log_martians = 1
/proc/sys/net/ipv4/conf/ifb0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ifb0/arp_filter = 0
/proc/sys/net/ipv4/conf/ifb0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ifb0/rp_filter = 0
/proc/sys/net/ipv4/conf/ifb0/log_martians = 1
/proc/sys/net/ipv4/conf/ifb1/proxy_arp = 0
/proc/sys/net/ipv4/conf/ifb1/arp_filter = 0
/proc/sys/net/ipv4/conf/ifb1/arp_ignore = 0
/proc/sys/net/ipv4/conf/ifb1/rp_filter = 0
/proc/sys/net/ipv4/conf/ifb1/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/ppp0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ppp0/arp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ppp0/rp_filter = 0
/proc/sys/net/ipv4/conf/ppp0/log_martians = 1
/proc/sys/net/ipv4/conf/tun0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tun0/arp_filter = 0
/proc/sys/net/ipv4/conf/tun0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tun0/rp_filter = 0
/proc/sys/net/ipv4/conf/tun0/log_martians = 1
/proc/sys/net/ipv4/conf/wlan0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan0/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan0/rp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/log_martians = 1
/proc/sys/net/ipv4/conf/wlan0_0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan0_0/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan0_0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan0_0/rp_filter = 0
/proc/sys/net/ipv4/conf/wlan0_0/log_martians = 1
ARP
? (192.168.25.104) at 5c:51:81:28:fa:4b [ether] on wlan0
? (192.168.24.120) at b8:27:eb:c6:1d:f9 [ether] on eth2
? (192.168.23.195) at b8:27:eb:c2:31:76 [ether] on eth1
? (192.168.25.101) at 20:02:af:1e:30:c5 [ether] on wlan0
? (192.168.23.122) at f4:ce:46:bf:d6:40 [ether] on eth1
? (192.168.24.100) at b8:27:eb:16:65:f6 [ether] on eth2
? (192.168.25.153) at 00:24:d7:d3:01:9c [ether] on wlan0
Modules
ip_tables 8281 4 iptable_nat,iptable_mangle,iptable_raw,iptable_filter, Live
0xb8c5b000
ipt_MASQUERADE 917 3 - Live 0xb8fbd000
ipt_REJECT 1033 4 - Live 0xb8f15000
iptable_filter 1202 1 - Live 0xb8c67000
iptable_mangle 1162 1 - Live 0xb8ecf000
iptable_nat 1305 1 - Live 0xb8f32000
iptable_raw 1022 1 - Live 0xb8e64000
nf_conntrack 49951 29
nf_nat_masquerade_ipv4,nf_nat_ipv4,xt_CT,nf_conntrack_ipv4,xt_conntrack,nf_conntrack_sane,nf_conntrack_proto_udplite,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_nat_tftp,nf_nat_snmp_basic,nf_conntrack_snmp,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_nat,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netbios_ns,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,nf_conntrack_amanda,
Live 0xb8c93000
nf_conntrack_amanda 1845 3 nf_nat_amanda, Live 0xb8cb0000
nf_conntrack_broadcast 893 2 nf_conntrack_snmp,nf_conntrack_netbios_ns, Live
0xb8cf8000
nf_conntrack_ftp 4951 3 nf_nat_ftp, Live 0xb8cc3000
nf_conntrack_h323 33041 5 nf_nat_h323, Live 0xb8cdb000
nf_conntrack_ipv4 5674 54 - Live 0xb8e41000
nf_conntrack_irc 2843 3 nf_nat_irc, Live 0xb8cf0000
nf_conntrack_netbios_ns 829 2 - Live 0xb8d01000
nf_conntrack_netlink 19079 0 - Live 0xb8dc4000
nf_conntrack_pptp 3146 3 nf_nat_pptp, Live 0xb8d15000
nf_conntrack_proto_gre 2896 1 nf_conntrack_pptp, Live 0xb8d0b000
nf_conntrack_proto_sctp 5843 0 - Live 0xb8dd4000
nf_conntrack_proto_udplite 2955 0 - Live 0xb8dde000
nf_conntrack_sane 3076 2 - Live 0xb8de7000
nf_conntrack_sip 15763 3 nf_nat_sip, Live 0xb8d25000
nf_conntrack_snmp 959 3 nf_nat_snmp_basic, Live 0xb8d92000
nf_conntrack_tftp 2821 3 nf_nat_tftp, Live 0xb8d32000
nf_defrag_ipv4 987 1 nf_conntrack_ipv4, Live 0xb8e35000
nf_log_common 2226 1 nf_log_ipv4, Live 0xb8df8000
nf_log_ipv4 3037 2 - Live 0xb8e01000
nf_nat 10060 11
nf_nat_masquerade_ipv4,xt_nat,nf_nat_ipv4,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,
Live 0xb8d41000
nf_nat_amanda 1000 0 - Live 0xb8d4d000
nf_nat_ftp 1412 0 - Live 0xb8d56000
nf_nat_h323 4655 0 - Live 0xb8d61000
nf_nat_ipv4 3527 1 iptable_nat, Live 0xb8f29000
nf_nat_irc 1214 0 - Live 0xb8d6b000
nf_nat_masquerade_ipv4 1421 1 ipt_MASQUERADE, Live 0xb8fb5000
nf_nat_pptp 1882 0 - Live 0xb8d7d000
nf_nat_proto_gre 953 1 nf_nat_pptp, Live 0xb8d74000
nf_nat_sip 6229 0 - Live 0xb8d88000
nf_nat_snmp_basic 6241 0 - Live 0xb8d9d000
nf_nat_tftp 870 0 - Live 0xb8da6000
nf_reject_ipv4 1987 1 ipt_REJECT, Live 0xb8f0d000
xt_CT 3099 22 - Live 0xb8e75000
xt_LOG 991 2 - Live 0xb8def000
xt_NFLOG 902 16 - Live 0xb8e16000
xt_TCPMSS 2540 1 - Live 0xb92a8000
xt_addrtype 2133 19 - Live 0xb8efc000
xt_comment 747 41 - Live 0xb8f3e000
xt_conntrack 2425 31 - Live 0xb8e2b000
xt_mark 893 1 - Live 0xb8edf000
xt_multiport 1334 13 - Live 0xb8e4f000
xt_nat 1465 6 - Live 0xb8fac000
xt_recent 6010 1 - Live 0xb8f5c000
xt_tcpudp 1847 63 - Live 0xb8e86000
Shorewall has detected the following iptables/netfilter capabilities:
--nflog-size support (NFLOG_SIZE): Not available
ACCOUNT Target (ACCOUNT_TARGET): Not available
AUDIT Target (AUDIT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
Basic Ematch (BASIC_EMATCH): Not available
Basic Filter (BASIC_FILTER): Not available
CLASSIFY Target (CLASSIFY_TARGET): Not available
CONNMARK Target (CONNMARK): Not available
CT Target (CT_TARGET): Available
Capabilities Version (CAPVERSION): 50106
Checksum Target (CHECKSUM_TARGET): Not available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Not available
Connmark Match (CONNMARK_MATCH): Not available
DSCP Match (DSCP_MATCH): Not available
DSCP Target (DSCP_TARGET): Not available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended MARK Target (XMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Not available
FTP Helper: Available
FTP-0 Helper: Not available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Not available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IP range Match(IPRANGE_MATCH): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IRC Helper: Available
IRC-0 Helper: Not available
Iface Match (IFACE_MATCH): Not available
Kernel Version (KERNELVERSION): 40959
LOG Target (LOG_TARGET): Available
LOGMARK Target (LOGMARK_TARGET): Not available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
NETMAP Target (NETMAP_TARGET): Not available
NFAcct Match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE CPU Fanout (CPU_FANOUT): Not available
NFQUEUE Target (NFQUEUE_TARGET): Not available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Not available
Owner Match (OWNER_MATCH): Not available
Owner Name Match (OWNER_NAME_MATCH): Not available
PPTP Helper: Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Not available
Packet length Match (LENGTH_MATCH): Not available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev Match (PHYSDEV_MATCH): Not available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Not available
Policy Match (POLICY_MATCH): Not available
RPFilter Match (RPFILTER_MATCH): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Not available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Not available
SANE Helper: Available
SANE-0 Helper: Not available
SIP Helper: Available
SIP-0 Helper: Not available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Not available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Not available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP Helper: Available
TFTP-0 Helper: Not available
TPROXY Target (TPROXY_TARGET): Not available
Time Match (TIME_MATCH): Not available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
fwmark route mask (FWMARK_RT_MASK): Available
ipset V5 (IPSET_V5): Not available
iptables --wait option (WAIT_OPTION): Available
iptables -S (IPTABLES_S): Available
iptables-restore --wait option (RESTORE_WAIT_OPTION): Not available
Traffic Control
TC Filters
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
