Shorewall 5.0.4 Dump at Firewall-Server-TechRoom - Sat Nov 30 14:42:28 CST 2019

Shorewall is running
State:Started (Sat Nov 30 14:42:14 CST 2019) from /etc/shorewall/ (/var/lib/shorewall/firewall compiled by Shorewall version 5.0.4)

Counters reset Sat Nov 30 14:42:14 CST 2019

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   484 net-fw     all  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0           
  102  6928 loc-fw     all  --  enp4s0 *       0.0.0.0/0            0.0.0.0/0           
    1    40 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  159  108K net_frwd   all  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0           
  154 21979 loc_frwd   all  --  enp4s0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   500 fw-net     all  --  *      enp3s0  0.0.0.0/0            0.0.0.0/0           
   62  7536 fw-loc     all  --  *      enp4s0  0.0.0.0/0            0.0.0.0/0           
    1    40 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain Broadcast (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST

Chain Drop (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3 code 4 /* Needed ICMP types */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11 /* Needed ICMP types */
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:137:139 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:137 dpts:1024:65535 /* SMB */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,139,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900 /* UPnP */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 /* Late DNS Replies */

Chain Reject (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    60            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    60 Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3 code 4 /* Needed ICMP types */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11 /* Needed ICMP types */
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,445 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:137:139 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:137 dpts:1024:65535 /* SMB */
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,139,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900 /* UPnP */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 /* Late DNS Replies */

Chain dynamic (4 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain fw-loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 fw-loc~    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
   62  7536 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6889 /* BitTorrent */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6999 /* BitTorrent32 */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent32 */
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw-loc~ (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw-net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    4   500 fw-net~    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    1   328 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6889 /* BitTorrent */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6999 /* BitTorrent32 */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent32 */
    2   112 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    60 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    60 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:fw-net:REJECT:"
    1    60 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain fw-net~ (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   112 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    60 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:20
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9091
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:9091
    0     0 RETURN     all  --  *      *       0.0.0.0/0            8.8.8.8             
    0     0 RETURN     all  --  *      *       0.0.0.0/0            8.8.4.4             
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22

Chain loc-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 loc-fw~    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
  102  6928 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
  102  6928 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6889 /* BitTorrent */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6999 /* BitTorrent32 */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent32 */
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc-fw~ (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc-net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    3   195 loc-net~   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    3   195 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    3   195 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
  149 21709 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
  151 21784 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       192.168.10.130       0.0.0.0/0            udp dpt:137
    0     0 ACCEPT     udp  --  *      *       192.168.10.130       0.0.0.0/0            udp dpt:138
    0     0 ACCEPT     tcp  --  *      *       192.168.10.130       0.0.0.0/0            tcp dpt:139
    0     0 ACCEPT     tcp  --  *      *       192.168.10.130       0.0.0.0/0            tcp dpt:445
    0     0 ACCEPT     udp  --  *      *       192.168.10.130       0.0.0.0/0            udp dpt:445
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 /* FTP */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6889 /* BitTorrent */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6999 /* BitTorrent32 */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent32 */
    3   195 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc-net~ (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            91.189.92.20         udp dpt:53
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            91.189.92.19         udp dpt:53
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    3   195 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:20
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9091
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:9091
    0     0 RETURN     all  --  *      *       0.0.0.0/0            8.8.8.8             
    0     0 RETURN     all  --  *      *       0.0.0.0/0            8.8.4.4             
    0     0 RETURN     all  --  *      *       192.168.10.130       8.8.8.8             
    0     0 RETURN     all  --  *      *       192.168.10.130       8.8.4.4             
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:123

Chain loc_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  154 21979 loc-net    all  --  *      enp3s0  0.0.0.0/0            0.0.0.0/0           

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logflags (7 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net-fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net-fw~    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    1   328 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    2   156 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:22
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6889 /* BitTorrent */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6999 /* BitTorrent32 */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent32 */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net-fw:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net-fw~ (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:20
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9091
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:9091
    0     0 RETURN     all  --  *      *       8.8.8.8              0.0.0.0/0           
    0     0 RETURN     all  --  *      *       8.8.4.4              0.0.0.0/0           
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22

Chain net-loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net-loc~   all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
  154  108K tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
  159  108K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       multiport dports 135,445 /* SMB */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       udp dpts:137:139 /* SMB */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       udp spt:137 dpts:1024:65535 /* SMB */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.10.130       multiport dports 135,139,445 /* SMB */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       udp dpt:137
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       udp dpt:138
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.10.130       tcp dpt:139
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.10.130       tcp dpt:445
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       udp dpt:445
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       udp dpt:137
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       udp dpt:138
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.10.130       tcp dpt:139
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.10.130       tcp dpt:445
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.10.130       udp dpt:445
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 /* FTP */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6889 /* BitTorrent */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:6881:6999 /* BitTorrent32 */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:6881 /* BitTorrent32 */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net-loc:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net-loc~ (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 RETURN     udp  --  *      *       91.189.92.20         0.0.0.0/0            udp dpt:53
    0     0 RETURN     udp  --  *      *       91.189.92.19         0.0.0.0/0            udp dpt:53
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:20
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9091
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:9091
    0     0 RETURN     all  --  *      *       8.8.8.8              0.0.0.0/0           
    0     0 RETURN     all  --  *      *       8.8.4.4              0.0.0.0/0           
    0     0 RETURN     all  --  *      *       8.8.8.8              192.168.10.130      
    0     0 RETURN     all  --  *      *       8.8.4.4              192.168.10.130      
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:123

Chain net_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  159  108K net-loc    all  --  *      enp4s0  0.0.0.0/0            0.0.0.0/0           

Chain reject (9 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type BROADCAST
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    60 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain sha-lh-49676324b7fa930072e8 (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain sha-rh-2762e6e44b61e02f409a (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

Chain smurflog (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain smurfs (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0              0.0.0.0/0           
    0     0 smurflog   all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  ADDRTYPE match src-type BROADCAST
    0     0 smurflog   all  --  *      *       224.0.0.0/4          0.0.0.0/0           [goto] 

Chain tcpflags (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x29
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x00
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x06/0x06
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x05/0x05
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x03/0x03
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x19/0x09
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp spt:0 flags:0x17/0x02

Log (/var/log/messages)


NAT Table

Chain PREROUTING (policy ACCEPT 2 packets, 143 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net_dnat   all  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3 packets, 444 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 1 packets, 40 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   527 enp3s0_masq  all  --  *      enp3s0  0.0.0.0/0            0.0.0.0/0           

Chain enp3s0_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      *       10.0.0.0/8           0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      *       169.254.0.0/16       0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      *       172.16.0.0/12        0.0.0.0/0           
    4   527 MASQUERADE  all  --  *      *       192.168.0.0/16       0.0.0.0/0           

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,445 /* SMB */ to:192.168.10.130
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:137:139 /* SMB */ to:192.168.10.130
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:137 dpts:1024:65535 /* SMB */ to:192.168.10.130
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,139,445 /* SMB */ to:192.168.10.130
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.10.130:137
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.10.130:138
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.10.130:139
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.10.130:445
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.10.130:445

Mangle Table

Chain PREROUTING (policy ACCEPT 448 packets, 139K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  448  139K tcpre      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 133 packets, 8892 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  133  8892 tcin       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 315 packets, 130K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  315  130K MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK and 0xffffff00
  315  130K tcfor      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 109 packets, 42004 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  109 42004 tcout      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 423 packets, 172K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  423  172K tcpost     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcfor (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcin (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Raw Table

Chain PREROUTING (policy ACCEPT 452 packets, 139K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:10080 CT helper amanda
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 CT helper ftp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1719 CT helper RAS
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1720 CT helper Q.931
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6667 CT helper irc
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137 CT helper netbios-ns
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1723 CT helper pptp
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6566 CT helper sane
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5060 CT helper sip
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161 CT helper snmp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:69 CT helper tftp

Chain OUTPUT (policy ACCEPT 117 packets, 44644 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:10080 CT helper amanda
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 CT helper ftp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1719 CT helper RAS
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1720 CT helper Q.931
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6667 CT helper irc
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137 CT helper netbios-ns
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1723 CT helper pptp
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6566 CT helper sane
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5060 CT helper sip
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161 CT helper snmp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:69 CT helper tftp

Conntrack Table (68 out of 65536)

tcp      6 431988 ESTABLISHED src=192.168.10.43 dst=216.58.194.131 sport=47736 dport=443 src=216.58.194.131 dst=192.168.90.11 sport=443 dport=47736 [ASSURED] mark=0 use=1
udp      17 8 src=192.168.10.51 dst=8.8.8.8 sport=11033 dport=53 src=8.8.8.8 dst=192.168.90.11 sport=53 dport=11033 mark=0 use=1
tcp      6 431994 ESTABLISHED src=192.168.10.47 dst=13.226.189.2 sport=58868 dport=443 src=13.226.189.2 dst=192.168.90.11 sport=443 dport=58868 [ASSURED] mark=0 use=1
tcp      6 431975 ESTABLISHED src=192.168.10.43 dst=172.217.12.78 sport=58912 dport=443 src=172.217.12.78 dst=192.168.90.11 sport=443 dport=58912 [ASSURED] mark=0 use=1
tcp      6 35 TIME_WAIT src=192.168.10.43 dst=192.168.1.1 sport=49616 dport=80 src=192.168.1.1 dst=192.168.90.11 sport=80 dport=49616 [ASSURED] mark=0 use=1
tcp      6 431974 ESTABLISHED src=192.168.10.43 dst=172.217.9.19 sport=47668 dport=443 src=172.217.9.19 dst=192.168.90.11 sport=443 dport=47668 [ASSURED] mark=0 use=1
udp      17 166 src=192.168.10.43 dst=1.1.1.1 sport=41265 dport=53 src=1.1.1.1 dst=192.168.90.11 sport=53 dport=41265 [ASSURED] mark=0 use=1
tcp      6 68 TIME_WAIT src=192.168.10.43 dst=192.168.1.1 sport=49620 dport=80 src=192.168.1.1 dst=192.168.90.11 sport=80 dport=49620 [ASSURED] mark=0 use=1
tcp      6 431888 ESTABLISHED src=192.168.10.51 dst=104.16.216.7 sport=36041 dport=80 src=104.16.216.7 dst=192.168.90.11 sport=80 dport=36041 [ASSURED] mark=0 use=1
tcp      6 6 CLOSE src=192.168.10.47 dst=52.54.246.72 sport=55248 dport=443 src=52.54.246.72 dst=192.168.90.11 sport=443 dport=55248 [ASSURED] mark=0 use=1
udp      17 175 src=192.168.10.51 dst=216.58.193.138 sport=43168 dport=443 src=216.58.193.138 dst=192.168.90.11 sport=443 dport=43168 [ASSURED] mark=0 use=1
udp      17 9 src=192.168.10.51 dst=8.8.8.8 sport=16555 dport=53 src=8.8.8.8 dst=192.168.90.11 sport=53 dport=16555 mark=0 use=1
tcp      6 431992 ESTABLISHED src=192.168.10.43 dst=216.58.194.78 sport=41624 dport=443 src=216.58.194.78 dst=192.168.90.11 sport=443 dport=41624 [ASSURED] mark=0 use=1
tcp      6 431972 ESTABLISHED src=192.168.10.43 dst=216.58.194.78 sport=41620 dport=443 src=216.58.194.78 dst=192.168.90.11 sport=443 dport=41620 [ASSURED] mark=0 use=1
udp      17 102 src=192.168.10.43 dst=172.217.1.227 sport=38231 dport=443 src=172.217.1.227 dst=192.168.90.11 sport=443 dport=38231 [ASSURED] mark=0 use=1
tcp      6 431345 ESTABLISHED src=192.168.10.51 dst=31.13.93.12 sport=42995 dport=443 src=31.13.93.12 dst=192.168.90.11 sport=443 dport=42995 [ASSURED] mark=0 use=1
tcp      6 431399 ESTABLISHED src=192.168.10.51 dst=157.240.19.32 sport=38864 dport=443 src=157.240.19.32 dst=192.168.90.11 sport=443 dport=38864 [ASSURED] mark=0 use=1
tcp      6 431949 ESTABLISHED src=192.168.10.51 dst=63.35.182.91 sport=39516 dport=80 src=63.35.182.91 dst=192.168.90.11 sport=80 dport=39516 [ASSURED] mark=0 use=1
udp      17 176 src=192.168.10.51 dst=172.217.9.161 sport=44529 dport=443 src=172.217.9.161 dst=192.168.90.11 sport=443 dport=44529 [ASSURED] mark=0 use=1
tcp      6 431999 ESTABLISHED src=192.168.10.43 dst=172.217.1.133 sport=37074 dport=443 src=172.217.1.133 dst=192.168.90.11 sport=443 dport=37074 [ASSURED] mark=0 use=2
udp      17 28 src=192.168.90.11 dst=192.168.90.1 sport=68 dport=67 src=192.168.90.1 dst=192.168.90.11 sport=67 dport=68 mark=0 use=1
tcp      6 299 ESTABLISHED src=192.168.10.43 dst=192.168.10.1 sport=36286 dport=22 src=192.168.10.1 dst=192.168.10.43 sport=22 dport=36286 [ASSURED] mark=0 use=1
tcp      6 431996 ESTABLISHED src=192.168.10.47 dst=18.195.179.36 sport=38070 dport=443 src=18.195.179.36 dst=192.168.90.11 sport=443 dport=38070 [ASSURED] mark=0 use=1
tcp      6 431967 ESTABLISHED src=192.168.10.43 dst=172.217.12.68 sport=37946 dport=443 src=172.217.12.68 dst=192.168.90.11 sport=443 dport=37946 [ASSURED] mark=0 use=1
udp      17 14 src=192.168.10.43 dst=172.217.9.14 sport=49167 dport=443 src=172.217.9.14 dst=192.168.90.11 sport=443 dport=49167 [ASSURED] mark=0 use=1
tcp      6 431993 ESTABLISHED src=192.168.10.51 dst=151.101.2.110 sport=60593 dport=443 src=151.101.2.110 dst=192.168.90.11 sport=443 dport=60593 [ASSURED] mark=0 use=1
tcp      6 431977 ESTABLISHED src=192.168.10.47 dst=172.217.6.133 sport=39558 dport=443 src=172.217.6.133 dst=192.168.90.11 sport=443 dport=39558 [ASSURED] mark=0 use=1
tcp      6 101 TIME_WAIT src=192.168.10.43 dst=192.168.1.1 sport=49626 dport=80 src=192.168.1.1 dst=192.168.90.11 sport=80 dport=49626 [ASSURED] mark=0 use=1
tcp      6 431976 ESTABLISHED src=192.168.10.47 dst=13.226.189.31 sport=59716 dport=443 src=13.226.189.31 dst=192.168.90.11 sport=443 dport=59716 [ASSURED] mark=0 use=1
tcp      6 431978 ESTABLISHED src=192.168.10.51 dst=172.217.9.161 sport=44557 dport=443 src=172.217.9.161 dst=192.168.90.11 sport=443 dport=44557 [ASSURED] mark=0 use=1
tcp      6 431345 ESTABLISHED src=192.168.10.51 dst=31.13.93.12 sport=42998 dport=443 src=31.13.93.12 dst=192.168.90.11 sport=443 dport=42998 [ASSURED] mark=0 use=1
udp      17 8 src=192.168.10.51 dst=8.8.8.8 sport=16817 dport=53 src=8.8.8.8 dst=192.168.90.11 sport=53 dport=16817 mark=0 use=1
tcp      6 431992 ESTABLISHED src=192.168.10.43 dst=172.217.9.14 sport=41908 dport=443 src=172.217.9.14 dst=192.168.90.11 sport=443 dport=41908 [ASSURED] mark=0 use=1
tcp      6 92 TIME_WAIT src=192.168.10.43 dst=151.101.65.140 sport=58082 dport=443 src=151.101.65.140 dst=192.168.90.11 sport=443 dport=58082 [ASSURED] mark=0 use=1
tcp      6 431988 ESTABLISHED src=192.168.10.47 dst=31.13.93.19 sport=47354 dport=443 src=31.13.93.19 dst=192.168.90.11 sport=443 dport=47354 [ASSURED] mark=0 use=1
tcp      6 6 CLOSE src=192.168.10.47 dst=52.54.246.72 sport=55250 dport=443 src=52.54.246.72 dst=192.168.90.11 sport=443 dport=55250 [ASSURED] mark=0 use=1
tcp      6 52 CLOSE_WAIT src=192.168.10.43 dst=157.249.177.128 sport=48102 dport=443 src=157.249.177.128 dst=192.168.90.11 sport=443 dport=48102 [ASSURED] mark=0 use=1
tcp      6 431998 ESTABLISHED src=192.168.10.47 dst=172.217.12.46 sport=50788 dport=443 src=172.217.12.46 dst=192.168.90.11 sport=443 dport=50788 [ASSURED] mark=0 use=1
tcp      6 431999 ESTABLISHED src=192.168.10.47 dst=31.13.93.19 sport=47458 dport=443 src=31.13.93.19 dst=192.168.90.11 sport=443 dport=47458 [ASSURED] mark=0 use=1
tcp      6 431840 ESTABLISHED src=192.168.10.51 dst=64.233.177.188 sport=43247 dport=443 src=64.233.177.188 dst=192.168.90.11 sport=443 dport=43247 [ASSURED] mark=0 use=1
tcp      6 431978 ESTABLISHED src=192.168.10.51 dst=108.177.9.188 sport=48078 dport=5228 src=108.177.9.188 dst=192.168.90.11 sport=5228 dport=48078 [ASSURED] mark=0 use=1
tcp      6 431997 ESTABLISHED src=192.168.10.43 dst=172.217.1.131 sport=44640 dport=443 src=172.217.1.131 dst=192.168.90.11 sport=443 dport=44640 [ASSURED] mark=0 use=1
udp      17 7 src=192.168.10.51 dst=8.8.8.8 sport=4351 dport=53 src=8.8.8.8 dst=192.168.90.11 sport=53 dport=4351 mark=0 use=1
tcp      6 431974 ESTABLISHED src=192.168.10.47 dst=185.199.108.153 sport=52778 dport=443 src=185.199.108.153 dst=192.168.90.11 sport=443 dport=52778 [ASSURED] mark=0 use=1
tcp      6 431901 ESTABLISHED src=192.168.10.51 dst=172.217.12.37 sport=47565 dport=443 src=172.217.12.37 dst=192.168.90.11 sport=443 dport=47565 [ASSURED] mark=0 use=1
udp      17 168 src=192.168.90.11 dst=1.1.1.1 sport=40661 dport=53 src=1.1.1.1 dst=192.168.90.11 sport=53 dport=40661 [ASSURED] mark=0 use=1
udp      17 10 src=192.168.10.51 dst=8.8.8.8 sport=9483 dport=53 src=8.8.8.8 dst=192.168.90.11 sport=53 dport=9483 mark=0 use=1
tcp      6 431990 ESTABLISHED src=192.168.10.43 dst=172.217.14.170 sport=42614 dport=443 src=172.217.14.170 dst=192.168.90.11 sport=443 dport=42614 [ASSURED] mark=0 use=1
tcp      6 431957 ESTABLISHED src=192.168.10.47 dst=173.194.200.188 sport=35324 dport=443 src=173.194.200.188 dst=192.168.90.11 sport=443 dport=35324 [ASSURED] mark=0 use=1
unknown  2 534 src=0.0.0.0 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=0.0.0.0 mark=0 use=1
tcp      6 431992 ESTABLISHED src=192.168.10.43 dst=216.58.194.78 sport=41626 dport=443 src=216.58.194.78 dst=192.168.90.11 sport=443 dport=41626 [ASSURED] mark=0 use=1
tcp      6 431957 ESTABLISHED src=192.168.10.47 dst=216.58.194.78 sport=59136 dport=443 src=216.58.194.78 dst=192.168.90.11 sport=443 dport=59136 [ASSURED] mark=0 use=1
tcp      6 431955 ESTABLISHED src=192.168.10.47 dst=172.217.9.163 sport=59958 dport=443 src=172.217.9.163 dst=192.168.90.11 sport=443 dport=59958 [ASSURED] mark=0 use=1
tcp      6 431971 ESTABLISHED src=192.168.10.43 dst=173.194.200.188 sport=54670 dport=443 src=173.194.200.188 dst=192.168.90.11 sport=443 dport=54670 [ASSURED] mark=0 use=1
udp      17 160 src=192.168.10.51 dst=172.217.2.246 sport=55111 dport=443 src=172.217.2.246 dst=192.168.90.11 sport=443 dport=55111 [ASSURED] mark=0 use=1
tcp      6 106 TIME_WAIT src=192.168.10.43 dst=151.101.65.140 sport=58078 dport=443 src=151.101.65.140 dst=192.168.90.11 sport=443 dport=58078 [ASSURED] mark=0 use=1
udp      17 9 src=192.168.10.51 dst=8.8.8.8 sport=7033 dport=53 src=8.8.8.8 dst=192.168.90.11 sport=53 dport=7033 mark=0 use=1
tcp      6 431974 ESTABLISHED src=192.168.10.47 dst=185.199.109.153 sport=53996 dport=443 src=185.199.109.153 dst=192.168.90.11 sport=443 dport=53996 [ASSURED] mark=0 use=1
tcp      6 431967 ESTABLISHED src=192.168.10.43 dst=172.217.12.68 sport=37944 dport=443 src=172.217.12.68 dst=192.168.90.11 sport=443 dport=37944 [ASSURED] mark=0 use=1
tcp      6 431999 ESTABLISHED src=192.168.10.43 dst=192.168.1.1 sport=49628 dport=80 src=192.168.1.1 dst=192.168.90.11 sport=80 dport=49628 [ASSURED] mark=0 use=2
tcp      6 431978 ESTABLISHED src=192.168.10.51 dst=172.217.2.246 sport=36974 dport=443 src=172.217.2.246 dst=192.168.90.11 sport=443 dport=36974 [ASSURED] mark=0 use=1
tcp      6 431871 ESTABLISHED src=192.168.10.51 dst=172.217.9.5 sport=49873 dport=443 src=172.217.9.5 dst=192.168.90.11 sport=443 dport=49873 [ASSURED] mark=0 use=1
udp      17 111 src=192.168.10.43 dst=172.217.12.68 sport=50627 dport=443 src=172.217.12.68 dst=192.168.90.11 sport=443 dport=50627 [ASSURED] mark=0 use=1
tcp      6 431984 ESTABLISHED src=192.168.10.43 dst=172.217.195.189 sport=56284 dport=443 src=172.217.195.189 dst=192.168.90.11 sport=443 dport=56284 [ASSURED] mark=0 use=1
tcp      6 431982 ESTABLISHED src=192.168.10.47 dst=172.217.9.138 sport=40548 dport=443 src=172.217.9.138 dst=192.168.90.11 sport=443 dport=40548 [ASSURED] mark=0 use=1
tcp      6 431980 ESTABLISHED src=192.168.10.51 dst=172.217.2.234 sport=51104 dport=443 src=172.217.2.234 dst=192.168.90.11 sport=443 dport=51104 [ASSURED] mark=0 use=1
tcp      6 2 TIME_WAIT src=192.168.10.43 dst=192.168.1.1 sport=49614 dport=80 src=192.168.1.1 dst=192.168.90.11 sport=80 dport=49614 [ASSURED] mark=0 use=1
udp      17 166 src=192.168.10.43 dst=1.0.0.1 sport=41265 dport=53 src=1.0.0.1 dst=192.168.90.11 sport=53 dport=41265 [ASSURED] mark=0 use=1

IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.90.11/24 brd 192.168.90.255 scope global enp3s0
       valid_lft forever preferred_lft forever
3: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.10.1/24 brd 192.168.10.255 scope global enp4s0
       valid_lft forever preferred_lft forever

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    136257     1585     0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    136257     1585     0       0       0       0       
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:d0:c9:e8:f4:11 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    69063629   93085    0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    15738317   76240    0       0       0       0       
3: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:d0:c9:e8:f4:12 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    17804343   88318    0       0       0       130     
    TX: bytes  packets  errors  dropped carrier collsns 
    70553500   103035   0       0       0       0       

Routing Rules

0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 

Table default:


Table local:

local 192.168.90.11 dev enp3s0 proto kernel scope host src 192.168.90.11
local 192.168.10.1 dev enp4s0 proto kernel scope host src 192.168.10.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.90.255 dev enp3s0 proto kernel scope link src 192.168.90.11
broadcast 192.168.90.0 dev enp3s0 proto kernel scope link src 192.168.90.11
broadcast 192.168.10.255 dev enp4s0 proto kernel scope link src 192.168.10.1
broadcast 192.168.10.0 dev enp4s0 proto kernel scope link src 192.168.10.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1

Table main:

192.168.90.0/24 dev enp3s0 proto kernel scope link src 192.168.90.11
192.168.10.0/24 dev enp4s0 proto kernel scope link src 192.168.10.1
default via 192.168.90.254 dev enp3s0

Per-IP Counters

   iptaccount is not installed

NF Accounting

No NF Accounting defined (nfacct not found)

Events


/proc

   /proc/version = Linux version 4.4.0-169-generic (buildd@lgw01-amd64-022) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12) ) #198-Ubuntu SMP Tue Nov 12 10:34:23 UTC 2019
   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 1
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 1
   /proc/sys/net/ipv4/conf/default/log_martians = 1
   /proc/sys/net/ipv4/conf/enp3s0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/enp3s0/arp_filter = 0
   /proc/sys/net/ipv4/conf/enp3s0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/enp3s0/rp_filter = 1
   /proc/sys/net/ipv4/conf/enp3s0/log_martians = 1
   /proc/sys/net/ipv4/conf/enp4s0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/enp4s0/arp_filter = 0
   /proc/sys/net/ipv4/conf/enp4s0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/enp4s0/rp_filter = 1
   /proc/sys/net/ipv4/conf/enp4s0/log_martians = 1
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 1
   /proc/sys/net/ipv4/conf/lo/log_martians = 1

ARP

? (192.168.10.51) at 8c:f5:a3:11:22:56 [ether] on enp4s0
? (192.168.90.254) at 00:11:09:60:b2:5d [ether] PERM on enp3s0
? (192.168.10.43) at 2c:27:d7:3e:40:d5 [ether] on enp4s0
? (192.168.10.47) at 1c:87:2c:b8:db:37 [ether] on enp4s0
? (192.168.10.130) at 68:05:ca:2d:b1:b1 [ether] on enp4s0
? (192.168.10.90) at 48:f8:b3:8c:85:97 [ether] on enp4s0
? (192.168.90.1) at 00:11:09:60:b2:5d [ether] on enp3s0

Modules

iptable_filter         16384  1
iptable_mangle         16384  1
iptable_nat            16384  1
iptable_raw            16384  1
ip_tables              20480  9 iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_MASQUERADE         16384  4
ipt_REJECT             16384  4
ipt_rpfilter           16384  0
nf_conntrack           94208  32 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,nf_conntrack_proto_udplite,nf_nat,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda    16384  3 nf_nat_amanda
nf_conntrack_broadcast    16384  2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp       16384  3 nf_nat_ftp
nf_conntrack_h323      65536  5 nf_nat_h323
nf_conntrack_ipv4      16384  47
nf_conntrack_irc       16384  3 nf_nat_irc
nf_conntrack_netbios_ns    16384  2
nf_conntrack_netlink    36864  0
nf_conntrack_pptp      20480  3 nf_nat_pptp
nf_conntrack_proto_gre    16384  1 nf_conntrack_pptp
nf_conntrack_proto_sctp    20480  0
nf_conntrack_proto_udplite    16384  0
nf_conntrack_sane      16384  2
nf_conntrack_sip       24576  3 nf_nat_sip
nf_conntrack_snmp      16384  3 nf_nat_snmp_basic
nf_conntrack_tftp      16384  3 nf_nat_tftp
nf_defrag_ipv4         16384  2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6         20480  1 xt_TPROXY
nf_log_common          16384  1 nf_log_ipv4
nf_log_ipv4            16384  8
nf_nat                 24576  11 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,nf_nat_masquerade_ipv4
nf_nat_amanda          16384  0
nf_nat_ftp             16384  0
nf_nat_h323            20480  0
nf_nat_ipv4            16384  1 iptable_nat
nf_nat_irc             16384  0
nf_nat_masquerade_ipv4    16384  1 ipt_MASQUERADE
nf_nat_pptp            16384  0
nf_nat_proto_gre       16384  1 nf_nat_pptp
nf_nat_sip             20480  0
nf_nat_snmp_basic      20480  0
nf_nat_tftp            16384  0
nf_reject_ipv4         16384  1 ipt_REJECT
xt_addrtype            16384  5
xt_AUDIT               16384  0
xt_CHECKSUM            16384  0
xt_CLASSIFY            16384  0
xt_comment             16384  53
xt_connlimit           16384  0
xt_connmark            16384  0
xt_conntrack           16384  24
xt_CT                  16384  22
xt_dscp                16384  0
xt_DSCP                16384  0
xt_hashlimit           20480  0
xt_helper              16384  0
xt_iprange             16384  0
xt_length              16384  0
xt_LOG                 16384  8
xt_mark                16384  1
xt_multiport           16384  8
xt_nat                 16384  9
xt_NFLOG               16384  0
xt_NFQUEUE             16384  0
xt_owner               16384  0
xt_physdev             16384  0
xt_pkttype             16384  0
xt_policy              16384  0
xt_realm               16384  0
xt_recent              20480  1
xt_statistic           16384  0
xt_tcpmss              16384  0
xt_TCPMSS              16384  0
xt_tcpudp              16384  130
xt_time                16384  0
xt_TPROXY              20480  0

Shorewall has detected the following iptables/netfilter capabilities:
   ACCOUNT Target (ACCOUNT_TARGET): Not available
   Address Type Match (ADDRTYPE): Available
   Amanda Helper: Available
   Arptables JF (ARPTABLESJF): Not available
   AUDIT Target (AUDIT_TARGET): Available
   Basic Ematch (BASIC_EMATCH): Available
   Basic Filter (BASIC_FILTER): Available
   Capabilities Version (CAPVERSION): 50004
   Checksum Target (CHECKSUM_TARGET): Available
   CLASSIFY Target (CLASSIFY_TARGET): Available
   Comments (COMMENTS): Available
   Condition Match (CONDITION_MATCH): Not available
   Connection Tracking Match (CONNTRACK_MATCH): Available
   Connlimit Match (CONNLIMIT_MATCH): Available
   Connmark Match (CONNMARK_MATCH): Available
   CONNMARK Target (CONNMARK): Available
   CT Target (CT_TARGET): Available
   DSCP Match (DSCP_MATCH): Available
   DSCP Target (DSCP_TARGET): Available
   Enhanced Multi-port Match (EMULIPORT): Available
   Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
   Extended Connmark Match (XCONNMARK_MATCH): Available
   Extended CONNMARK Target (XCONNMARK): Available
   Extended MARK Target 2 (EXMARK): Available
   Extended MARK Target (XMARK): Available
   Extended Multi-port Match (XMULIPORT): Available
   Extended REJECT (ENHANCED_REJECT): Available
   FLOW Classifier (FLOW_FILTER): Available
   FTP-0 Helper: Not available
   FTP Helper: Available
   fwmark route mask (FWMARK_RT_MASK): Available
   Geo IP Match (GEOIP_MATCH): Not available
   Goto Support (GOTO_TARGET): Available
   H323 Helper: Available
   Hashlimit Match (HASHLIMIT_MATCH): Available
   Header Match (HEADER_MATCH): Not available
   Helper Match (HELPER_MATCH): Available
   Iface Match (IFACE_MATCH): Not available
   IMQ Target (IMQ_TARGET): Not available
   IPMARK Target (IPMARK_TARGET): Not available
   IPP2P Match (IPP2P_MATCH): Not available
   IP range Match(IPRANGE_MATCH): Available
   ipset V5 (IPSET_V5): Not available
   iptables -S (IPTABLES_S): Available
   iptables --wait option (WAIT_OPTION): Available
   IRC-0 Helper: Not available
   IRC Helper: Available
   Kernel Version (KERNELVERSION): 40400
   LOGMARK Target (LOGMARK_TARGET): Not available
   LOG Target (LOG_TARGET): Available
   Mangle FORWARD Chain (MANGLE_FORWARD): Available
   Mark in the filter table (MARK_ANYWHERE): Available
   MARK Target (MARK): Available
   MASQUERADE Target (MASQUERADE_TGT): Available
   Multi-port Match (MULTIPORT): Available
   NAT (NAT_ENABLED): Available
   Netbios_ns Helper: Available
   New tos Match (NEW_TOS_MATCH): Available
   NFAcct Match: Not available
   NFLOG Target (NFLOG_TARGET): Available
   NFQUEUE Target (NFQUEUE_TARGET): Available
   Owner Match (OWNER_MATCH): Available
   Owner Name Match (OWNER_NAME_MATCH): Available
   Packet length Match (LENGTH_MATCH): Available
   Packet Mangling (MANGLE_ENABLED): Available
   Packet Type Match (USEPKTTYPE): Available
   Persistent SNAT (PERSISTENT_SNAT): Available
   Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
   Physdev Match (PHYSDEV_MATCH): Available
   Policy Match (POLICY_MATCH): Available
   PPTP Helper: Available
   Rawpost Table (RAWPOST_TABLE): Not available
   Raw Table (RAW_TABLE): Available
   Realm Match (REALM_MATCH): Available
   Recent Match "--reap" option (REAP_OPTION): Available
   Recent Match (RECENT_MATCH): Available
   Repeat match (KLUDGEFREE): Available
   RPFilter Match (RPFILTER_MATCH): Available
   SANE-0 Helper: Not available
   SANE Helper: Available
   SIP-0 Helper: Not available
   SIP Helper: Available
   SNMP Helper: Available
   Statistic Match (STATISTIC_MATCH): Available
   TARPIT Target (TARPIT_TARGET): Not available
   TCPMSS Match (TCPMSS_MATCH): Available
   TCPMSS Target (TCPMSS_TARGET): Available
   TFTP-0 Helper: Not available
   TFTP Helper: Available
   Time Match (TIME_MATCH): Available
   TPROXY Target (TPROXY_TARGET): Available
   UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
   ULOG Target (ULOG_TARGET): Not available

Netid  State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
udp    UNCONN     0      0         *:43443                 *:*                   users:(("dhcpd",pid=1233,fd=20))
udp    UNCONN     0      0         *:48060                 *:*                   users:(("rpc.mountd",pid=1302,fd=16))
udp    UNCONN     0      0         *:35807                 *:*                   users:(("rpc.mountd",pid=1302,fd=12))
udp    UNCONN     0      0         *:2049                  *:*                  
udp    UNCONN     0      0         *:51201                 *:*                   users:(("rpc.mountd",pid=1302,fd=8))
udp    UNCONN     0      0         *:55334                 *:*                  
udp    UNCONN     0      0         *:67                    *:*                   users:(("dhcpd",pid=1233,fd=7))
udp    UNCONN     0      0         *:68                    *:*                   users:(("dhclient",pid=1070,fd=6))
udp    UNCONN     0      0      192.168.10.1:69                    *:*                   users:(("in.tftpd",pid=1453,fd=4))
udp    UNCONN     0      0         *:111                   *:*                   users:(("rpcbind",pid=1296,fd=6))
udp    UNCONN     0      0         *:624                   *:*                   users:(("rpcbind",pid=1296,fd=7))
tcp    LISTEN     0      128       *:111                   *:*                   users:(("rpcbind",pid=1296,fd=8))
tcp    LISTEN     0      128       *:52915                 *:*                   users:(("rpc.mountd",pid=1302,fd=13))
tcp    LISTEN     0      128       *:22                    *:*                   users:(("sshd",pid=1293,fd=3))
tcp    LISTEN     0      64        *:34171                 *:*                  
tcp    LISTEN     0      64        *:2049                  *:*                  
tcp    LISTEN     0      128       *:37129                 *:*                   users:(("rpc.mountd",pid=1302,fd=17))
tcp    LISTEN     0      128       *:56460                 *:*                   users:(("rpc.mountd",pid=1302,fd=9))
tcp    ESTAB      0      0      192.168.10.1:22                 192.168.10.43:36286               users:(("sshd",pid=3011,fd=3),("sshd",pid=2971,fd=3))

Traffic Control

Device lo:
qdisc noqueue 0: root refcnt 2 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 


Device enp3s0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 15378053 bytes 76240 pkt (dropped 0, overlimits 0 requeues 2) 
 backlog 0b 0p requeues 2 


Device enp4s0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 70146897 bytes 103155 pkt (dropped 0, overlimits 0 requeues 9) 
 backlog 0b 0p requeues 9 



TC Filters

Device lo:

Device enp3s0:

Device enp4s0:

