Are you running a cronjob which is messing with it ?
Check sudo crontab -l and /etc/crontab and /etc/cron.d
When / how often are the ipsets being changed/added ?
Install "psacct" or acct package and enable accounting and see what's running
when that happens. Or move ipset out of the way (or replace it with a
shellscript to run sleep 999) and see what breaks.
On Sun, Nov 15, 2020 at 12:36:43PM -0700, Nigel Aves wrote:
> Shorewall version 5.2.3.4
> Ubuntu Server 20.04.1
> Apache web server with mod_security
>
> I've run into an issue that no matter what I have tried, no success. This
> started a few days ago, my internal network keeps getting "cut off" from
> Google. Can not search, open google.com, google messenger service ... I
> tracked it down to ipsets being created for Google IP addresses, what
> really surprised me was that I was also getting (occasionally) their DNS
> servers, 8.8.8.8 and 8.8.4.4 - I've spent a couple of days now trying to
> find the root cause.
>
> I needed a bandaid to stop the rest of the family complaining ( :) ) so
> this morning I looked at Shorewall Whitelisting using "blrules", and added
> this to the blrules file.
>
> WHITELIST net:172.217.0.0/16 all
> WHITELIST net:8.8.4.4 all
> WHITELIST net:8.8.8.8 all
>
> Ran a Shorewall restart but I am still seeing entries when I do "ipset list
> SW_DBL4"
>
> 172.217.3.206 timeout 597 packets 1 bytes 52
> 172.217.14.195 timeout 598 packets 1 bytes 52
>
> Any ideas as to what I might have done wrong?
>
> Kind Regards, Stay Safe, Nigel.
> Shorewall 5.2.3.4 Dump at apache-web-server.twin-peaks-video.com - Sun Nov 15
> 12:31:31 MST 2020
>
> Shorewall is running
> State:Started Sun Nov 15 12:31:21 MST 2020 from /etc/shorewall/
> (/var/lib/shorewall/firewall compiled Sun Nov 15 12:31:21 MST 2020 by
> Shorewall version 5.2.3.4)
>
> Counters reset Sun Nov 15 12:31:21 MST 2020
>
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 29 3117 net-fw all -- enp6s0 * 0.0.0.0/0 0.0.0.0/0
>
> 44 5221 loc-fw all -- enp5s0 * 0.0.0.0/0 0.0.0.0/0
>
> 10 1146 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
>
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type BROADCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type ANYCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type MULTICAST
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
> [goto]
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 137 62669 net-loc all -- enp6s0 enp5s0 0.0.0.0/0 0.0.0.0/0
>
> 114 35602 loc-net all -- enp5s0 enp6s0 0.0.0.0/0 0.0.0.0/0
>
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type BROADCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type ANYCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type MULTICAST
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
> [goto]
>
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 29 24395 ACCEPT all -- * enp6s0 0.0.0.0/0 0.0.0.0/0
>
> 50 27119 fw-loc all -- * enp5s0 0.0.0.0/0 0.0.0.0/0
>
> 10 1146 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
>
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type BROADCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type ANYCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type MULTICAST
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
> [goto]
>
> Chain dbl_log (4 references)
> pkts bytes target prot opt in out source
> destination
> 52 27913 SET all -- * * 0.0.0.0/0 0.0.0.0/0
> add-set SW_DBL4 src exist timeout 600
> 52 27913 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain fw-loc (1 references)
> pkts bytes target prot opt in out source
> destination
> 50 27119 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
> ctstate RELATED,ESTABLISHED
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp spts:67:68 dpts:67:68 /* DHCPfwd */
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:0x04/0x04
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:0x11/0x11
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> multiport dports 135,445 /* SMB */
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpts:137:139 /* SMB */
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp spt:137 dpts:1024:65535 /* SMB */
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> multiport dports 135,139,445 /* SMB */
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
>
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type BROADCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type ANYCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type MULTICAST
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
> [goto]
>
> Chain loc-fw (1 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 dbl_log all -- * * 0.0.0.0/0 0.0.0.0/0
> match-set SW_DBL4 src
> 26 3841 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
>
> 29 4143 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
> ctstate RELATED,ESTABLISHED
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> multiport dports 110,995 /* POP3, POP3S */
> 1 336 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp spts:67:68 dpts:67:68 /* DHCPfwd */
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:0x04/0x04
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:0x11/0x11
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:22 /* SSH */
> 2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
> icmptype 8 /* Ping */
> 2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
>
> 10 470 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
>
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:53 /* DNS */
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:53 /* DNS */
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> multiport dports 135,445 /* SMB */
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpts:137:139 /* SMB */
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp spt:137 dpts:1024:65535 /* SMB */
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> multiport dports 135,139,445 /* SMB */
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type BROADCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type ANYCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type MULTICAST
> 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
> [goto]
>
> Chain loc-net (1 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 sfilter all -- * enp5s0 0.0.0.0/0 0.0.0.0/0
> [goto]
> 0 0 dbl_log all -- * * 0.0.0.0/0 0.0.0.0/0
> match-set SW_DBL4 src
> 94 21128 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
>
> 114 35602 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain logflags (7 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
> limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix
> "logflags DROP "
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain net-fw (1 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 dbl_log all -- * * 0.0.0.0/0 0.0.0.0/0
> match-set SW_DBL4 src
> 5 228 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
> ctstate INVALID,NEW,UNTRACKED
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpts:67:68
> 27 2888 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
>
> 24 2889 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
> ctstate RELATED,ESTABLISHED
> 3 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:0x04/0x04
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:0x11/0x11
> 2 108 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> multiport dports 80,443 /* HTTP, HTTPS */
> 0 0 ACCEPT tcp -- * * 13.58.65.21 0.0.0.0/0
> tcp dpt:25 /* SMTP */
> 0 0 ACCEPT tcp -- * * 13.58.8.62 0.0.0.0/0
> tcp dpt:25 /* SMTP */
> 0 0 ACCEPT tcp -- * * 52.15.128.102 0.0.0.0/0
> tcp dpt:25 /* SMTP */
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:53 /* DNS */
> 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:53 /* DNS */
> 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
> icmptype 8 /* Ping */
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type BROADCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type ANYCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type MULTICAST
> 0 0 ~log0 tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:!0x17/0x02
> 0 0 ~log1 all -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] ctstate INVALID
> 0 0 ~log1 udp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] udp spt:53 /* Late DNS Replies */
> 0 0 SET all -- * * 0.0.0.0/0 0.0.0.0/0
> add-set SW_DBL4 src exist timeout 600
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain net-loc (1 references)
> pkts bytes target prot opt in out source
> destination
> 52 27913 dbl_log all -- * * 0.0.0.0/0 0.0.0.0/0
> match-set SW_DBL4 src
> 0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
> ctstate INVALID,NEW,UNTRACKED
> 79 33717 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
>
> 85 34756 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
> ctstate RELATED,ESTABLISHED
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:0x04/0x04
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:0x11/0x11
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type BROADCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type ANYCAST
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match dst-type MULTICAST
> 0 0 ~log0 tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp flags:!0x17/0x02
> 0 0 ~log2 all -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] ctstate INVALID
> 0 0 ~log2 udp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] udp spt:53 /* Late DNS Replies */
> 0 0 SET all -- * * 0.0.0.0/0 0.0.0.0/0
> add-set SW_DBL4 src exist timeout 600
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain reject (5 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
> ADDRTYPE match src-type BROADCAST
> 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
>
> 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
>
> 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> reject-with tcp-reset
> 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-port-unreachable
> 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-host-unreachable
> 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-host-prohibited
>
> Chain sfilter (1 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
> limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
> "sfilter DROP "
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain sha-lh-ab1b7f2d1c0871149a38 (0 references)
> pkts bytes target prot opt in out source
> destination
>
> Chain sha-rh-0e95d291b27242bbe5c2 (0 references)
> pkts bytes target prot opt in out source
> destination
>
> Chain shorewall (0 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
> recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
>
> Chain smurflog (2 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
> limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
> "smurfs DROP "
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain smurfs (2 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
>
> 0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] ADDRTYPE match src-type BROADCAST
> 0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
> [goto]
>
> Chain tcpflags (4 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] tcp flags:0x3F/0x29
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] tcp flags:0x3F/0x00
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] tcp flags:0x06/0x06
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] tcp flags:0x05/0x05
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] tcp flags:0x03/0x03
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] tcp flags:0x19/0x09
> 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
> [goto] tcp spt:0 flags:0x17/0x02
>
> Chain ~log0 (2 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
> limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
> "dropNotSyn DROP "
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain ~log1 (2 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
> limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
> "net-fw DROP "
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> Chain ~log2 (2 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
> limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
> "net-loc DROP "
> 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>
>
> ARP rules
>
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>
> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>
> Log (/var/log/shorewall-messages.log)
>
>
> NAT Table
>
> Chain PREROUTING (policy ACCEPT 17 packets, 3918 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain INPUT (policy ACCEPT 7 packets, 716 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 4 packets, 336 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 4 packets, 336 bytes)
> pkts bytes target prot opt in out source
> destination
> 10 3202 MASQUERADE all -- * enp6s0 192.168.1.0/24
> 0.0.0.0/0
>
> Mangle Table
>
> Chain PREROUTING (policy ACCEPT 339 packets, 108K bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain INPUT (policy ACCEPT 88 packets, 9684 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 251 packets, 98271 bytes)
> pkts bytes target prot opt in out source
> destination
> 251 98271 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
> MARK and 0xffffff00
>
> Chain OUTPUT (policy ACCEPT 103 packets, 74999 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 302 packets, 145K bytes)
> pkts bytes target prot opt in out source
> destination
>
> Raw Table
>
> Chain PREROUTING (policy ACCEPT 340 packets, 108K bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:10080 CT helper amanda
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:21 flags:0x17/0x02 CT helper ftp
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:1719 CT helper RAS
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:1720 flags:0x17/0x02 CT helper Q.931
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:6667 flags:0x17/0x02 CT helper irc
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:137 CT helper netbios-ns
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:1723 flags:0x17/0x02 CT helper pptp
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:6566 flags:0x17/0x02 CT helper sane
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:5060 CT helper sip
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:161 CT helper snmp
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:69 CT helper tftp
>
> Chain OUTPUT (policy ACCEPT 105 packets, 77324 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:10080 CT helper amanda
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:21 flags:0x17/0x02 CT helper ftp
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:1719 CT helper RAS
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:1720 flags:0x17/0x02 CT helper Q.931
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:6667 flags:0x17/0x02 CT helper irc
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:137 CT helper netbios-ns
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:1723 flags:0x17/0x02 CT helper pptp
> 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
> tcp dpt:6566 flags:0x17/0x02 CT helper sane
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:5060 CT helper sip
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:161 CT helper snmp
> 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
> udp dpt:69 CT helper tftp
>
> Conntrack Table (10088 out of 262144)
>
> grep: /proc/net/nf_conntrack: No such file or directory
>
> IP Configuration
>
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> 2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
> group default qlen 1000
> inet 192.168.1.1/24 brd 192.168.1.255 scope global enp5s0
> valid_lft forever preferred_lft forever
> 3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
> default qlen 1000
> inet 161.97.238.92/24 brd 161.97.238.255 scope global dynamic enp6s0
> valid_lft 167761sec preferred_lft 167761sec
>
> IP Stats
>
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
> DEFAULT group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> RX: bytes packets errors dropped overrun mcast
> 36953313679 307834628 0 0 0 0
> TX: bytes packets errors dropped carrier collsns
> 36953313679 307834628 0 0 0 0
> 2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
> mode DEFAULT group default qlen 1000
> link/ether 98:48:27:2e:1b:72 brd ff:ff:ff:ff:ff:ff
> RX: bytes packets errors dropped overrun mcast
> 1474226913 7581178 0 10 0 195161
> TX: bytes packets errors dropped carrier collsns
> 27722730277 20671034 0 0 0 0
> 3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
> DEFAULT group default qlen 1000
> link/ether 04:92:26:da:bd:c9 brd ff:ff:ff:ff:ff:ff
> RX: bytes packets errors dropped overrun mcast
> 27785549116 21937473 0 175437 0 179661
> TX: bytes packets errors dropped carrier collsns
> 2998994288 8642486 0 0 0 0
>
> Routing Rules
>
> 0: from all lookup local
> 32766: from all lookup main
> 32767: from all lookup default
>
> Table default:
>
> Error: ipv4: FIB table does not exist.
> Dump terminated
>
> Table local:
>
> local 192.168.1.1 dev enp5s0 proto kernel scope host src 192.168.1.1
> local 161.97.238.92 dev enp6s0 proto kernel scope host src 161.97.238.92
> local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
> broadcast 192.168.1.255 dev enp5s0 proto kernel scope link src 192.168.1.1
> broadcast 192.168.1.0 dev enp5s0 proto kernel scope link src 192.168.1.1
> broadcast 161.97.238.255 dev enp6s0 proto kernel scope link src 161.97.238.92
> broadcast 161.97.238.0 dev enp6s0 proto kernel scope link src 161.97.238.92
> broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
> broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
> local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
>
> Table main:
>
> 161.97.238.1 dev enp6s0 proto dhcp scope link src 161.97.238.92 metric 100
> 192.168.1.0/24 dev enp5s0 proto kernel scope link src 192.168.1.1
> 161.97.238.0/24 dev enp6s0 proto kernel scope link src 161.97.238.92
> default via 161.97.238.1 dev enp6s0 proto dhcp src 161.97.238.92 metric 100
>
> Per-IP Counters
>
> iptaccount is not installed
>
> NF Accounting
>
> No NF Accounting defined (nfacct not found)
>
> Events
>
>
> PFKEY SPD
>
>
> PFKEY SAD
>
>
> /proc
>
> /proc/version = Linux version 5.4.0-53-generic (buildd@lcy01-amd64-007)
> (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #59-Ubuntu SMP Wed Oct 21
> 09:38:44 UTC 2020
> /proc/sys/net/ipv4/ip_forward = 1
> /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
> /proc/sys/net/ipv4/conf/all/proxy_arp = 0
> /proc/sys/net/ipv4/conf/all/arp_filter = 0
> /proc/sys/net/ipv4/conf/all/arp_ignore = 0
> /proc/sys/net/ipv4/conf/all/rp_filter = 0
> /proc/sys/net/ipv4/conf/all/log_martians = 0
> /proc/sys/net/ipv4/conf/default/proxy_arp = 0
> /proc/sys/net/ipv4/conf/default/arp_filter = 0
> /proc/sys/net/ipv4/conf/default/arp_ignore = 0
> /proc/sys/net/ipv4/conf/default/rp_filter = 0
> /proc/sys/net/ipv4/conf/default/log_martians = 1
> /proc/sys/net/ipv4/conf/enp5s0/proxy_arp = 0
> /proc/sys/net/ipv4/conf/enp5s0/arp_filter = 0
> /proc/sys/net/ipv4/conf/enp5s0/arp_ignore = 0
> /proc/sys/net/ipv4/conf/enp5s0/rp_filter = 0
> /proc/sys/net/ipv4/conf/enp5s0/log_martians = 1
> /proc/sys/net/ipv4/conf/enp6s0/proxy_arp = 0
> /proc/sys/net/ipv4/conf/enp6s0/arp_filter = 0
> /proc/sys/net/ipv4/conf/enp6s0/arp_ignore = 0
> /proc/sys/net/ipv4/conf/enp6s0/rp_filter = 1
> /proc/sys/net/ipv4/conf/enp6s0/log_martians = 1
> /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
> /proc/sys/net/ipv4/conf/lo/arp_filter = 0
> /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
> /proc/sys/net/ipv4/conf/lo/rp_filter = 0
> /proc/sys/net/ipv4/conf/lo/log_martians = 1
>
> ARP
>
> ? (192.168.1.131) at 3e:94:ed:0e:9f:91 [ether] on enp5s0
> ? (192.168.1.123) at <incomplete> on enp5s0
> ? (192.168.1.139) at 1c:bf:ce:48:b1:2f [ether] on enp5s0
> ? (192.168.1.132) at f0:03:8c:e6:a7:e1 [ether] on enp5s0
> ? (192.168.1.55) at 00:22:f2:08:48:af [ether] on enp5s0
> ? (192.168.1.124) at 3e:94:ed:0e:9f:91 [ether] on enp5s0
> ? (192.168.1.117) at <incomplete> on enp5s0
> ? (192.168.1.45) at 94:b8:6d:d2:b9:c3 [ether] on enp5s0
> ? (192.168.1.125) at <incomplete> on enp5s0
> ? (161.97.238.1) at 60:9c:9f:59:b2:00 [ether] on enp6s0
> ? (192.168.1.118) at dc:dc:e2:11:75:46 [ether] on enp5s0
> ? (192.168.1.126) at <incomplete> on enp5s0
> ? (192.168.1.119) at e8:61:7e:0a:67:eb [ether] on enp5s0
> ? (192.168.1.20) at 2c:59:e5:77:65:31 [ether] on enp5s0
> ? (192.168.1.135) at <incomplete> on enp5s0
> ? (192.168.1.144) at <incomplete> on enp5s0
> ? (192.168.1.127) at 04:c9:d9:10:9b:c7 [ether] on enp5s0
> ? (192.168.1.50) at 18:c0:4d:05:b0:5c [ether] on enp5s0
> ? (192.168.1.145) at 04:c9:d9:10:9b:c7 [ether] on enp5s0
> ? (192.168.1.40) at 00:90:a9:ed:d2:f5 [ether] on enp5s0
> ? (192.168.1.128) at fc:49:2d:b2:30:fc [ether] on enp5s0
> ? (192.168.1.146) at 3e:94:ed:0e:9f:91 [ether] on enp5s0
> ? (192.168.1.30) at 3e:94:ed:0e:9f:91 [ether] on enp5s0
> ? (192.168.1.136) at <incomplete> on enp5s0
> ? (192.168.1.114) at 00:57:c1:a5:a5:cf [ether] on enp5s0
> ? (192.168.1.254) at 40:16:7e:31:99:90 [ether] on enp5s0
> ? (192.168.1.138) at 4c:a1:61:04:9d:e2 [ether] on enp5s0
>
> Modules
>
> ip_set 53248 3 ip_set_hash_ip,xt_set,ip_set_hash_net
> ip_set_hash_ip 40960 0
> ip_set_hash_net 49152 1
> ip_tables 32768 6
> iptable_filter,iptable_raw,iptable_nat,iptable_mangle
> ipt_REJECT 16384 4
> ipt_rpfilter 16384 0
> iptable_filter 16384 1
> iptable_mangle 16384 1
> iptable_nat 16384 1
> iptable_raw 16384 1
> nf_conncount 24576 1 xt_connlimit
> nf_conntrack 139264 32
> xt_conntrack,nf_nat_irc,nf_nat,nf_conntrack_tftp,nf_nat_ftp,xt_state,nf_conntrack_pptp,nf_conntrack_netbios_ns,nf_conntrack_sane,xt_nat,nf_nat_tftp,nf_nat_amanda,nf_conntrack_sip,xt_helper,nf_conntrack_h323,nf_nat_pptp,xt_NETMAP,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_amanda,nf_conntrack_netlink,xt_connmark,nf_conntrack_ftp,xt_CT,nf_nat_h323,nf_conncount,nf_conntrack_snmp,nf_nat_snmp_basic,xt_MASQUERADE,xt_connlimit,nf_nat_sip,xt_REDIRECT
> nf_conntrack_amanda 16384 3 nf_nat_amanda
> nf_conntrack_broadcast 16384 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
> nf_conntrack_ftp 24576 3 nf_nat_ftp
> nf_conntrack_h323 81920 5 nf_nat_h323
> nf_conntrack_irc 20480 3 nf_nat_irc
> nf_conntrack_netbios_ns 16384 2
> nf_conntrack_netlink 45056 0
> nf_conntrack_pptp 24576 3 nf_nat_pptp
> nf_conntrack_sane 20480 2
> nf_conntrack_sip 36864 3 nf_nat_sip
> nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
> nf_conntrack_tftp 20480 3 nf_nat_tftp
> nf_defrag_ipv4 16384 2 nf_conntrack,xt_TPROXY
> nf_defrag_ipv6 24576 2 nf_conntrack,xt_TPROXY
> nf_log_common 16384 1 nf_log_ipv4
> nf_log_ipv4 16384 6
> nf_nat 40960 12
> nf_nat_irc,nf_nat_ftp,xt_nat,nf_nat_tftp,nf_nat_amanda,nf_nat_pptp,xt_NETMAP,nf_nat_h323,iptable_nat,xt_MASQUERADE,nf_nat_sip,xt_REDIRECT
> nf_nat_amanda 16384 0
> nf_nat_ftp 20480 0
> nf_nat_h323 24576 0
> nf_nat_irc 20480 0
> nf_nat_pptp 20480 0
> nf_nat_sip 20480 0
> nf_nat_snmp_basic 20480 0
> nf_nat_tftp 16384 0
> nf_reject_ipv4 16384 1 ipt_REJECT
> nf_tables 135168 2
> nf_tproxy_ipv4 20480 1 xt_TPROXY
> nf_tproxy_ipv6 20480 1 xt_TPROXY
> xt_AUDIT 16384 0
> xt_CHECKSUM 16384 0
> xt_CLASSIFY 16384 0
> xt_CT 16384 22
> xt_DSCP 16384 0
> xt_LOG 20480 6
> xt_MASQUERADE 20480 1
> xt_NETMAP 20480 0
> xt_NFLOG 16384 0
> xt_NFQUEUE 16384 0
> xt_REDIRECT 20480 0
> xt_TCPMSS 16384 0
> xt_TPROXY 20480 0
> xt_addrtype 16384 23
> xt_comment 16384 24
> xt_connlimit 16384 0
> xt_connmark 16384 0
> xt_conntrack 16384 8
> xt_dscp 16384 0
> xt_hashlimit 20480 6
> xt_helper 16384 0
> xt_iprange 20480 0
> xt_length 16384 0
> xt_mark 16384 1
> xt_multiport 20480 6
> xt_nat 16384 0
> xt_owner 16384 0
> xt_physdev 16384 0
> xt_policy 16384 0
> xt_realm 16384 0
> xt_recent 24576 1
> xt_set 16384 7
> xt_state 16384 0
> xt_statistic 16384 0
> xt_tcpmss 16384 0
> xt_tcpudp 20480 56
> xt_time 16384 0
>
> Shorewall has detected the following iptables/netfilter capabilities:
> --nflog-size support (NFLOG_SIZE): Available
> ACCOUNT Target (ACCOUNT_TARGET): Not available
> AUDIT Target (AUDIT_TARGET): Available
> Address Type Match (ADDRTYPE): Available
> Amanda Helper: Available
> Arptables JF (ARPTABLESJF): Not available
> Basic Ematch (BASIC_EMATCH): Available
> Basic Filter (BASIC_FILTER): Available
> CLASSIFY Target (CLASSIFY_TARGET): Available
> CONNMARK Target (CONNMARK): Available
> CT Target (CT_TARGET): Available
> Capabilities Version (CAPVERSION): 50200
> Checksum Target (CHECKSUM_TARGET): Available
> Comments (COMMENTS): Available
> Condition Match (CONDITION_MATCH): Not available
> Connection Tracking Match (CONNTRACK_MATCH): Available
> Connlimit Match (CONNLIMIT_MATCH): Available
> Connmark Match (CONNMARK_MATCH): Available
> DSCP Match (DSCP_MATCH): Available
> DSCP Target (DSCP_TARGET): Available
> Enhanced Multi-port Match (EMULIPORT): Available
> Extended CONNMARK Target (XCONNMARK): Available
> Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
> Extended Connmark Match (XCONNMARK_MATCH): Available
> Extended MARK Target (XMARK): Available
> Extended MARK Target 2 (EXMARK): Available
> Extended Multi-port Match (XMULIPORT): Available
> Extended REJECT (ENHANCED_REJECT): Available
> FLOW Classifier (FLOW_FILTER): Available
> FTP Helper: Available
> FTP-0 Helper: Not available
> Geo IP Match (GEOIP_MATCH): Not available
> Goto Support (GOTO_TARGET): Available
> H323 Helper: Available
> Hashlimit Match (HASHLIMIT_MATCH): Available
> Header Match (HEADER_MATCH): Not available
> Helper Match (HELPER_MATCH): Available
> IMQ Target (IMQ_TARGET): Not available
> INPUT chain in nat table (NAT_INPUT_CHAIN): Available
> IP range Match(IPRANGE_MATCH): Available
> IPMARK Target (IPMARK_TARGET): Not available
> IPP2P Match (IPP2P_MATCH): Not available
> IRC Helper: Available
> IRC-0 Helper: Not available
> Iface Match (IFACE_MATCH): Not available
> Ipset Match (IPSET_MATCH): Available
> Ipset Match Counters (IPSET_MATCH_COUNTERS): Available
> Ipset Match Nomatch (IPSET_MATCH_NOMATCH): Available
> Kernel Version (KERNELVERSION): 50400
> LOG Target (LOG_TARGET): Available
> LOGMARK Target (LOGMARK_TARGET): Not available
> MARK Target (MARK): Available
> MASQUERADE Target (MASQUERADE_TGT): Available
> Mangle FORWARD Chain (MANGLE_FORWARD): Available
> Mark in the filter table (MARK_ANYWHERE): Available
> Multi-port Match (MULTIPORT): Available
> NAT (NAT_ENABLED): Available
> NETMAP Target (NETMAP_TARGET): Available
> NFAcct Match: Not available
> NFLOG Target (NFLOG_TARGET): Available
> NFQUEUE CPU Fanout (CPU_FANOUT): Available
> NFQUEUE Target (NFQUEUE_TARGET): Available
> Netbios_ns Helper: Available
> New tos Match (NEW_TOS_MATCH): Available
> Owner Match (OWNER_MATCH): Available
> Owner Name Match (OWNER_NAME_MATCH): Available
> PPTP Helper: Available
> Packet Mangling (MANGLE_ENABLED): Available
> Packet length Match (LENGTH_MATCH): Available
> Persistent SNAT (PERSISTENT_SNAT): Available
> Physdev Match (PHYSDEV_MATCH): Available
> Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
> Policy Match (POLICY_MATCH): Available
> RPFilter Match (RPFILTER_MATCH): Available
> Raw Table (RAW_TABLE): Available
> Realm Match (REALM_MATCH): Available
> Recent Match "--reap" option (REAP_OPTION): Available
> Recent Match (RECENT_MATCH): Available
> Repeat match (KLUDGEFREE): Available
> SANE Helper: Available
> SANE-0 Helper: Not available
> SIP Helper: Available
> SIP-0 Helper: Not available
> SNMP Helper: Available
> Statistic Match (STATISTIC_MATCH): Available
> TARPIT Target (TARPIT_TARGET): Not available
> TCPMSS Match (TCPMSS_MATCH): Available
> TCPMSS Target (TCPMSS_TARGET): Available
> TFTP Helper: Available
> TFTP-0 Helper: Not available
> TPROXY Target (TPROXY_TARGET): Available
> Time Match (TIME_MATCH): Available
> UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
> ULOG Target (ULOG_TARGET): Not available
> fwmark route mask (FWMARK_RT_MASK): Available
> ipset V5 (IPSET_V5): Available
> iptables --wait option (WAIT_OPTION): Available
> iptables -S (IPTABLES_S): Available
> iptables-restore --wait option (RESTORE_WAIT_OPTION): Available
>
> Netid State Recv-Q Send-Q Local Address:Port Peer
> Address:Port Process
>
> udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:*
> users:(("systemd-resolve",pid=987714,fd=12))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=204))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=203))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=202))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=201))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=200))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=199))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=198))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=197))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=196))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=195))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=194))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=193))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=192))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=191))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=190))
>
> udp UNCONN 0 0 161.97.238.92:53 0.0.0.0:*
> users:(("named",pid=1297,fd=189))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=170))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=169))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=168))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=167))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=166))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=165))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=164))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=163))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=162))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=161))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=160))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=159))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=158))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=157))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=156))
>
> udp UNCONN 0 0 192.168.1.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=155))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=133))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=136))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=135))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=134))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=132))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=131))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=130))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=129))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=128))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=127))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=126))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=125))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=124))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=123))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=122))
>
> udp UNCONN 0 0 127.0.0.1:53 0.0.0.0:*
> users:(("named",pid=1297,fd=121))
>
> udp UNCONN 0 0 0.0.0.0:67 0.0.0.0:*
> users:(("dhcpd",pid=1415,fd=9))
>
> udp UNCONN 0 0 161.97.238.92%enp6s0:68 0.0.0.0:*
> users:(("systemd-network",pid=636,fd=15))
>
> udp UNCONN 0 0 192.168.1.255:137 0.0.0.0:*
> users:(("nmbd",pid=1417,fd=17))
>
> udp UNCONN 0 0 192.168.1.1:137 0.0.0.0:*
> users:(("nmbd",pid=1417,fd=16))
>
> udp UNCONN 0 0 192.168.1.1:137 0.0.0.0:*
> users:(("nmbd",pid=1417,fd=14))
>
> udp UNCONN 0 0 192.168.1.255:138 0.0.0.0:*
> users:(("nmbd",pid=1417,fd=19))
>
> udp UNCONN 0 0 192.168.1.1:138 0.0.0.0:*
> users:(("nmbd",pid=1417,fd=18))
>
> udp UNCONN 0 0 192.168.1.1:138 0.0.0.0:*
> users:(("nmbd",pid=1417,fd=15))
>
> udp UNCONN 0 0 0.0.0.0:35320 0.0.0.0:*
> users:(("avahi-daemon",pid=1211,fd=14))
>
> udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
> users:(("avahi-daemon",pid=1211,fd=12))
>
> udp UNCONN 0 0 0.0.0.0:10000 0.0.0.0:*
> users:(("perl",pid=659291,fd=7))
>
> udp UNCONN 0 0 0.0.0.0:45308 0.0.0.0:*
> users:(("dhcpd",pid=1415,fd=20))
>
> tcp LISTEN 0 100 0.0.0.0:995 0.0.0.0:*
> users:(("dovecot",pid=1413,fd=24))
>
> tcp LISTEN 0 4096 127.0.0.1:10023 0.0.0.0:*
> users:(("postgrey --pidf",pid=1629,fd=6))
>
> tcp LISTEN 0 128 0.0.0.0:487 0.0.0.0:*
> users:(("inetd",pid=1414,fd=7))
>
> tcp LISTEN 0 151 127.0.0.1:3306 0.0.0.0:*
> users:(("mysqld",pid=1549,fd=35))
>
> tcp LISTEN 0 100 0.0.0.0:587 0.0.0.0:*
> users:(("master",pid=1977,fd=93))
>
> tcp LISTEN 0 50 192.168.1.1:139 0.0.0.0:*
> users:(("smbd",pid=1685,fd=32))
>
> tcp LISTEN 0 100 0.0.0.0:110 0.0.0.0:*
> users:(("dovecot",pid=1413,fd=22))
>
> tcp LISTEN 0 100 0.0.0.0:143 0.0.0.0:*
> users:(("dovecot",pid=1413,fd=39))
>
> tcp LISTEN 0 4096 0.0.0.0:10000 0.0.0.0:*
> users:(("perl",pid=659291,fd=5))
>
> tcp LISTEN 0 100 0.0.0.0:465 0.0.0.0:*
> users:(("master",pid=1977,fd=18))
>
> tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
> users:(("systemd-resolve",pid=987714,fd=13))
>
> tcp LISTEN 0 10 161.97.238.92:53 0.0.0.0:*
>
> users:(("named",pid=1297,fd=222),("named",pid=1297,fd=221),("named",pid=1297,fd=220),("named",pid=1297,fd=219),("named",pid=1297,fd=218),("named",pid=1297,fd=217),("named",pid=1297,fd=216),("named",pid=1297,fd=215),("named",pid=1297,fd=214),("named",pid=1297,fd=213),("named",pid=1297,fd=212),("named",pid=1297,fd=211),("named",pid=1297,fd=210),("named",pid=1297,fd=209),("named",pid=1297,fd=208),("named",pid=1297,fd=207),("named",pid=1297,fd=206))
> tcp LISTEN 0 10 192.168.1.1:53 0.0.0.0:*
>
> users:(("named",pid=1297,fd=188),("named",pid=1297,fd=187),("named",pid=1297,fd=186),("named",pid=1297,fd=185),("named",pid=1297,fd=184),("named",pid=1297,fd=183),("named",pid=1297,fd=182),("named",pid=1297,fd=181),("named",pid=1297,fd=180),("named",pid=1297,fd=179),("named",pid=1297,fd=178),("named",pid=1297,fd=177),("named",pid=1297,fd=176),("named",pid=1297,fd=175),("named",pid=1297,fd=174),("named",pid=1297,fd=173),("named",pid=1297,fd=172))
> tcp LISTEN 0 10 127.0.0.1:53 0.0.0.0:*
>
> users:(("named",pid=1297,fd=154),("named",pid=1297,fd=153),("named",pid=1297,fd=152),("named",pid=1297,fd=151),("named",pid=1297,fd=150),("named",pid=1297,fd=149),("named",pid=1297,fd=148),("named",pid=1297,fd=147),("named",pid=1297,fd=146),("named",pid=1297,fd=145),("named",pid=1297,fd=144),("named",pid=1297,fd=143),("named",pid=1297,fd=142),("named",pid=1297,fd=141),("named",pid=1297,fd=140),("named",pid=1297,fd=139),("named",pid=1297,fd=138))
> tcp LISTEN 0 128 192.168.1.1:22 0.0.0.0:*
> users:(("sshd",pid=1532,fd=3))
>
> tcp LISTEN 0 4096 0.0.0.0:19511 0.0.0.0:*
> users:(("perl",pid=659445,fd=5))
>
> tcp LISTEN 0 100 0.0.0.0:25 0.0.0.0:*
> users:(("master",pid=1977,fd=13))
>
> tcp LISTEN 0 4096 127.0.0.1:953 0.0.0.0:*
> users:(("named",pid=1297,fd=120))
>
> tcp LISTEN 0 50 192.168.1.1:445 0.0.0.0:*
> users:(("smbd",pid=1685,fd=31))
>
> tcp LISTEN 0 100 0.0.0.0:993 0.0.0.0:*
> users:(("dovecot",pid=1413,fd=41))
>
> tcp TIME-WAIT 0 0 161.97.238.92:44451 199.212.0.53:53
>
>
> tcp SYN-RECV 0 0 161.97.238.92:10000
> 192.168.1.50:51247
>
> tcp ESTAB 0 0 192.168.1.1:22
> 192.168.1.123:38990
> users:(("sshd",pid=1006052,fd=4),("sshd",pid=1005973,fd=4))
>
> tcp ESTAB 0 0 192.168.1.1:139
> 192.168.1.123:45578 users:(("smbd",pid=924290,fd=9))
>
> tcp ESTAB 0 0 192.168.1.1:22
> 192.168.1.123:39468
> users:(("sshd",pid=1008461,fd=4),("sshd",pid=1008382,fd=4))
>
> tcp ESTAB 0 0 192.168.1.1:22
> 192.168.1.50:50375
> users:(("sshd",pid=1018658,fd=4),("sshd",pid=1018554,fd=4))
>
> tcp ESTAB 0 0 161.97.238.92:10000
> 192.168.1.50:51304 users:(("/usr/share/webm",pid=1031602,fd=10))
>
> tcp SYN-RECV 0 0 161.97.238.92:10000
> 192.168.1.50:51258
>
>
> Traffic Control
>
> Device lo:
> qdisc noqueue 0: root refcnt 2
> Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0
>
>
> Device enp5s0:
> qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 1514 target
> 5.0ms interval 100.0ms memory_limit 32Mb ecn
> Sent 27722773872 bytes 20671072 pkt (dropped 0, overlimits 0 requeues
> 583562)
> backlog 0b 0p requeues 583562
> maxpacket 65102 drop_overlimit 0 new_flow_count 275747 ecn_mark 0
> new_flows_len 0 old_flows_len 0
>
>
> Device enp6s0:
> qdisc mq 0: root
> Sent 2998994342 bytes 8642487 pkt (dropped 0, overlimits 0 requeues 18844)
> backlog 0b 0p requeues 18844
> qdisc fq_codel 0: parent :2 limit 10240p flows 1024 quantum 1514 target 5.0ms
> interval 100.0ms memory_limit 32Mb ecn
> Sent 1458532473 bytes 4608509 pkt (dropped 0, overlimits 0 requeues 10813)
> backlog 0b 0p requeues 10813
> maxpacket 67774 drop_overlimit 0 new_flow_count 8183 ecn_mark 0
> new_flows_len 0 old_flows_len 0
> qdisc fq_codel 0: parent :1 limit 10240p flows 1024 quantum 1514 target 5.0ms
> interval 100.0ms memory_limit 32Mb ecn
> Sent 1540461869 bytes 4033978 pkt (dropped 0, overlimits 0 requeues 8031)
> backlog 0b 0p requeues 8031
> maxpacket 67774 drop_overlimit 0 new_flow_count 5608 ecn_mark 0
> new_flows_len 0 old_flows_len 0
>
> class mq :1 root
> Sent 1540461869 bytes 4033978 pkt (dropped 0, overlimits 0 requeues 8031)
> backlog 0b 0p requeues 8031
> class mq :2 root
> Sent 1458532473 bytes 4608509 pkt (dropped 0, overlimits 0 requeues 10813)
> backlog 0b 0p requeues 10813
> class mq :3 root
> Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0
> class mq :4 root
> Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0
> class mq :5 root
> Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0
> class mq :6 root
> Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0
> class mq :7 root
> Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0
> class mq :8 root
> Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0
>
>
> TC Filters
>
> Device lo:
>
> Device enp5s0:
>
> Device enp6s0:
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Justin Pryzby
System Administrator
Telsasoft
+1-952-707-8581
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
