Hello everyone,
I have shorewall installed and allow all the traffic from loc to net.
However, whenever a client in loc starts a google meet call, the remote
party doesn't hear or see anything
In the dump attached, the IP 192.168.10.106 connects to a call, but the
other participants don't hear anything.
Any ideas of what can it be done?
All the best and merry christmas!
Diego Quintana
Shorewall 5.2.3.2 Dump at raspberrypi - Fri 25 Dec 21:37:28 -05 2020
Shorewall is running
State:Started Fri 25 Dec 20:27:53 -05 2020 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Fri 25 Dec 20:27:52 -05 2020 by Shorewall
version 5.2.3.2)
Counters reset Fri 25 Dec 20:27:53 -05 2020
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
14467 3012K net-fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
1192K 1729M ~comb0 all -- eth1 * 0.0.0.0/0 0.0.0.0/0
7 1447 ~comb0 all -- eth2 * 0.0.0.0/0 0.0.0.0/0
6 1576 wg-fw all -- wg0 * 0.0.0.0/0 0.0.0.0/0
120 11372 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"INPUT REJECT "
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
29808 18M net_frwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
22188 3995K loc_frwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
6018 5865K dmz_frwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0
8085 1690K wg_frwd all -- wg0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"FORWARD REJECT "
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
15705 9840K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
473K 25M ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
39 22464 ACCEPT all -- * eth2 0.0.0.0/0 0.0.0.0/0
333 81648 fw-wg all -- * wg0 0.0.0.0/0 0.0.0.0/0
120 11372 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"OUTPUT REJECT "
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain dmz_frwd (1 references)
pkts bytes target prot opt in out source destination
219 11635 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
219 11635 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
5921 5857K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
1330 300K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
4688 5565K ACCEPT all -- * wg0 0.0.0.0/0 0.0.0.0/0
Chain dynamic (7 references)
pkts bytes target prot opt in out source destination
Chain fw-wg (1 references)
pkts bytes target prot opt in out source destination
333 81648 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"fw-wg REJECT "
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc-wg (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"loc-wg REJECT "
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
2564 701K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
2564 701K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
20405 3308K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
22188 3995K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth2 0.0.0.0/0 0.0.0.0/0
0 0 loc-wg all -- * wg0 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix
"logflags DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-dmz (1 references)
pkts bytes target prot opt in out source destination
905 342K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.1.30 tcp dpt:8003
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"net-dmz DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-fw (1 references)
pkts bytes target prot opt in out source destination
787 58247 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
787 58247 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
14 4592 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
6168 633K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
13680 2954K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
97 8422 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
1 30 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
260 15488 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 2222,80
39 5608 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:51820
14 728 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8765
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
362 23379 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"net-fw DROP "
362 23379 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-loc (1 references)
pkts bytes target prot opt in out source destination
23156 16M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"net-loc DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-wg (1 references)
pkts bytes target prot opt in out source destination
5747 1923K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"net-wg DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
28097 18M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
23156 16M net-loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
905 342K net-dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0
5747 1923K net-wg all -- * wg0 0.0.0.0/0 0.0.0.0/0
Chain reject (7 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
4 1424 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"smurfs DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (5 references)
pkts bytes target prot opt in out source destination
30 15332 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (7 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain wg-fw (1 references)
pkts bytes target prot opt in out source destination
4 1424 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
2 152 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
4 1424 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"wg-fw REJECT "
4 1424 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain wg_frwd (1 references)
pkts bytes target prot opt in out source destination
1448 91008 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
7497 1650K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
4943 1431K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
3142 259K ACCEPT all -- * eth2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * wg0 0.0.0.0/0 0.0.0.0/0
Chain ~comb0 (2 references)
pkts bytes target prot opt in out source destination
1040 136K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
1040 136K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
1189K 1729M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
1192K 1729M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain sha-lh-454b9ca8c1c67b4d21bb (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-658c15bccf798b797c24 (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
ARP rules
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
Log (/var/log/messages)
Dec 25 21:36:12 net-fw DROP IN=eth0 OUT= SRC=64.233.186.132 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=117 ID=10752 PROTO=TCP SPT=443 DPT=61930
WINDOW=265 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:12 net-fw DROP IN=eth0 OUT= SRC=64.233.186.132 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=117 ID=10906 PROTO=TCP SPT=443 DPT=61930
WINDOW=265 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:13 net-fw DROP IN=eth0 OUT= SRC=64.233.186.132 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=117 ID=11170 PROTO=TCP SPT=443 DPT=61930
WINDOW=265 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:13 net-fw DROP IN=eth0 OUT= SRC=64.233.186.132 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=117 ID=11551 PROTO=TCP SPT=443 DPT=61930
WINDOW=265 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:14 net-fw DROP IN=eth0 OUT= SRC=64.233.190.101 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=117 ID=37003 PROTO=TCP SPT=443 DPT=61969
WINDOW=265 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:14 net-fw DROP IN=eth0 OUT= SRC=64.233.186.132 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=117 ID=11845 PROTO=TCP SPT=443 DPT=61930
WINDOW=265 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:17 net-fw DROP IN=eth0 OUT= SRC=64.233.186.132 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=117 ID=13048 PROTO=TCP SPT=443 DPT=61930
WINDOW=265 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:20 net-fw DROP IN=eth0 OUT= SRC=59.15.91.189 DST=190.234.20.93
LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=25128 PROTO=TCP SPT=45831 DPT=23
WINDOW=38695 RES=0x00 SYN URGP=0
Dec 25 21:36:23 net-fw DROP IN=eth0 OUT= SRC=89.113.228.76 DST=190.234.20.93
LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=4187 PROTO=TCP SPT=61629 DPT=37215
WINDOW=53125 RES=0x00 SYN URGP=0
Dec 25 21:36:31 net-fw DROP IN=eth0 OUT= SRC=172.217.192.155 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=116 ID=35828 PROTO=TCP SPT=443 DPT=61900
WINDOW=343 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:31 net-fw DROP IN=eth0 OUT= SRC=172.217.192.155 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=116 ID=36089 PROTO=TCP SPT=443 DPT=61900
WINDOW=343 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:31 net-fw DROP IN=eth0 OUT= SRC=172.217.192.155 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=116 ID=36322 PROTO=TCP SPT=443 DPT=61900
WINDOW=343 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:32 net-fw DROP IN=eth0 OUT= SRC=172.217.192.155 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=116 ID=36672 PROTO=TCP SPT=443 DPT=61900
WINDOW=343 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:33 net-fw DROP IN=eth0 OUT= SRC=172.217.192.155 DST=190.234.20.93
LEN=125 TOS=0x00 PREC=0x00 TTL=116 ID=37195 PROTO=TCP SPT=443 DPT=61900
WINDOW=343 RES=0x00 ACK PSH URGP=0
Dec 25 21:36:40 net-fw DROP IN=eth0 OUT= SRC=195.54.160.228 DST=190.234.20.93
LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=3842 PROTO=TCP SPT=41649 DPT=2717
WINDOW=1024 RES=0x00 SYN URGP=0
Dec 25 21:36:47 net-fw DROP IN=eth0 OUT= SRC=178.150.175.196 DST=190.234.20.93
LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=54213 PROTO=TCP SPT=45517 DPT=37215
WINDOW=22840 RES=0x00 SYN URGP=0
Dec 25 21:36:49 net-fw DROP IN=eth0 OUT= SRC=162.142.125.86 DST=190.234.20.93
LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32038 PROTO=TCP SPT=39270 DPT=9844
WINDOW=1024 RES=0x00 SYN URGP=0
Dec 25 21:36:58 net-fw DROP IN=eth0 OUT= SRC=192.241.220.151 DST=190.234.20.93
LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37690 DPT=8200
WINDOW=65535 RES=0x00 SYN URGP=0
Dec 25 21:36:58 net-fw DROP IN=eth0 OUT= SRC=104.36.115.111 DST=190.234.20.93
LEN=86 TOS=0x00 PREC=0x00 TTL=240 ID=37494 DF PROTO=TCP SPT=443 DPT=61909
WINDOW=4413 RES=0x00 ACK PSH URGP=0
Dec 25 21:37:05 net-fw DROP IN=eth0 OUT= SRC=88.214.24.74 DST=190.234.20.93
LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62409 PROTO=TCP SPT=59882 DPT=40100
WINDOW=1024 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 3794 packets, 424K bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8003 to:192.168.1.30
Chain INPUT (policy ACCEPT 558 packets, 85769 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 318 packets, 17854 bytes)
pkts bytes target prot opt in out source destination
2676 254K NET_IF_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 125 packets, 8060 bytes)
pkts bytes target prot opt in out source destination
Chain NET_IF_masq (1 references)
pkts bytes target prot opt in out source destination
751 51429 MASQUERADE all -- * * 10.0.0.0/8 0.0.0.0/0
0 0 MASQUERADE all -- * * 169.254.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.16.0.0/12 0.0.0.0/0
1819 196K MASQUERADE all -- * * 192.168.0.0/16 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 1273K packets, 1763M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1206K packets, 1733M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 66099 packets, 30M bytes)
pkts bytes target prot opt in out source destination
66099 30M MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
Chain OUTPUT (policy ACCEPT 489K packets, 35M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 556K packets, 65M bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 1273K packets, 1763M bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 flags:0x17/0x02 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 flags:0x17/0x02 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 flags:0x17/0x02 CT helper irc
385 30246 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
1 44 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 flags:0x17/0x02 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 flags:0x17/0x02 CT helper sane
3 1311 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
1 42 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 489K packets, 35M bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 flags:0x17/0x02 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1720 flags:0x17/0x02 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 flags:0x17/0x02 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 flags:0x17/0x02 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 flags:0x17/0x02 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (137 out of 65536)
ipv4 2 tcp 6 49 TIME_WAIT src=192.168.10.106 dst=142.250.82.27
sport=31632 dport=19305 src=142.250.82.27 dst=190.234.20.93 sport=19305
dport=31632 [ASSURED] mark=0 zone=0 use=2
ipv4 2 icmp 1 25 src=192.168.10.100 dst=192.168.10.1 type=8 code=0
id=570 src=192.168.10.1 dst=192.168.10.100 type=0 code=0 id=570 mark=0 zone=0
use=2
ipv4 2 udp 17 21 src=192.168.10.12 dst=107.178.214.9 sport=41225
dport=28678 [UNREPLIED] src=107.178.214.9 dst=190.234.20.93 sport=28678
dport=41225 mark=0 zone=0 use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=192.168.10.118 dst=157.240.197.17
sport=49932 dport=443 src=157.240.197.17 dst=190.234.20.93 sport=443
dport=49932 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 6 TIME_WAIT src=190.234.60.52 dst=190.234.20.93
sport=55676 dport=8765 src=190.234.20.93 dst=190.234.60.52 sport=8765
dport=55676 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431959 ESTABLISHED src=10.6.0.3 dst=157.240.197.17
sport=49824 dport=443 src=157.240.197.17 dst=190.234.20.93 sport=443
dport=49824 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431751 ESTABLISHED src=192.168.10.113 dst=17.57.144.36
sport=63918 dport=5223 src=17.57.144.36 dst=190.234.20.93 sport=5223
dport=63918 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.10.118 dst=157.240.197.17 sport=50637
dport=443 [UNREPLIED] src=157.240.197.17 dst=190.234.20.93 sport=443
dport=50637 mark=0 zone=0 use=2
ipv4 2 tcp 6 431980 ESTABLISHED src=192.168.10.106 dst=64.233.190.139
sport=31637 dport=443 src=64.233.190.139 dst=190.234.20.93 sport=443
dport=31637 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431973 ESTABLISHED src=192.168.10.106 dst=64.233.186.102
sport=31626 dport=443 src=64.233.186.102 dst=190.234.20.93 sport=443
dport=31626 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 9 TIME_WAIT src=51.15.204.155 dst=190.234.20.93
sport=58978 dport=2222 src=190.234.20.93 dst=51.15.204.155 sport=2222
dport=58978 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431990 ESTABLISHED src=192.168.10.113 dst=54.88.242.123
sport=56630 dport=443 src=54.88.242.123 dst=190.234.20.93 sport=443 dport=56630
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431856 ESTABLISHED src=192.168.10.118 dst=190.43.40.81
sport=49929 dport=443 src=190.43.40.81 dst=190.234.20.93 sport=443 dport=49929
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 14 TIME_WAIT src=10.6.0.3 dst=64.233.190.106 sport=39462
dport=443 src=64.233.190.106 dst=190.234.20.93 sport=443 dport=39462 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 14 TIME_WAIT src=190.234.60.52 dst=190.234.20.93
sport=55678 dport=8765 src=190.234.20.93 dst=190.234.60.52 sport=8765
dport=55678 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=190.234.60.52 dst=190.234.20.93
sport=54503 dport=2222 src=190.234.20.93 dst=190.234.60.52 sport=2222
dport=54503 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 14 src=10.6.0.3 dst=8.8.8.8 sport=13287 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=13287 mark=0 zone=0 use=2
ipv4 2 tcp 6 431977 ESTABLISHED src=192.168.10.106 dst=64.233.186.94
sport=31627 dport=443 src=64.233.186.94 dst=190.234.20.93 sport=443 dport=31627
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431976 ESTABLISHED src=192.168.10.106 dst=52.177.166.224
sport=31403 dport=443 src=52.177.166.224 dst=190.234.20.93 sport=443
dport=31403 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431998 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31577 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31577
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=192.168.10.100 dst=13.227.205.26
sport=32894 dport=80 src=13.227.205.26 dst=190.234.20.93 sport=80 dport=32894
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431856 ESTABLISHED src=192.168.10.118 dst=190.43.72.209
sport=49928 dport=443 src=190.43.72.209 dst=190.234.20.93 sport=443 dport=49928
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.10.100 dst=8.8.8.8 sport=29255 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=29255 mark=0 zone=0 use=2
ipv4 2 udp 17 24 src=192.168.10.1 dst=192.168.10.106 sport=67 dport=68
src=192.168.10.106 dst=192.168.10.1 sport=68 dport=67 [ASSURED] mark=0 zone=0
use=2
ipv4 2 tcp 6 425539 ESTABLISHED src=192.168.10.106 dst=52.177.166.224
sport=34311 dport=443 src=52.177.166.224 dst=190.234.20.93 sport=443
dport=34311 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 119 src=192.168.10.13 dst=190.234.20.93 sport=44026
dport=51820 src=190.234.20.93 dst=192.168.10.13 sport=51820 dport=44026
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431967 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31578 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31578
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 30 ESTABLISHED src=10.6.0.3 dst=161.117.183.182
sport=37178 dport=443 src=161.117.183.182 dst=190.234.20.93 sport=443
dport=37178 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431973 ESTABLISHED src=192.168.10.106 dst=64.233.186.94
sport=31625 dport=443 src=64.233.186.94 dst=190.234.20.93 sport=443 dport=31625
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.10.118 dst=8.8.8.8 sport=49703 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=49703 mark=0 zone=0 use=2
ipv4 2 udp 17 14 src=10.6.0.3 dst=8.8.8.8 sport=35478 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=35478 mark=0 zone=0 use=2
ipv4 2 tcp 6 118 TIME_WAIT src=192.168.10.118 dst=17.56.138.57
sport=62001 dport=443 src=17.56.138.57 dst=190.234.20.93 sport=443 dport=62001
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431994 ESTABLISHED src=192.168.10.118 dst=157.240.197.61
sport=49930 dport=5222 src=157.240.197.61 dst=190.234.20.93 sport=5222
dport=49930 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 77 TIME_WAIT src=10.6.0.3 dst=64.233.186.17 sport=48144
dport=443 src=64.233.186.17 dst=190.234.20.93 sport=443 dport=48144 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 0 src=10.6.0.3 dst=8.8.8.8 sport=11325 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=11325 mark=0 zone=0 use=2
ipv4 2 tcp 6 431580 ESTABLISHED src=192.168.10.113 dst=52.177.166.224
sport=31187 dport=443 src=52.177.166.224 dst=190.234.20.93 sport=443
dport=31187 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 27 src=192.168.10.118 dst=8.8.8.8 sport=58389 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=58389 mark=0 zone=0 use=2
ipv4 2 udp 17 28 src=10.6.0.3 dst=8.8.8.8 sport=44070 dport=53
[UNREPLIED] src=8.8.8.8 dst=190.234.20.93 sport=53 dport=44070 mark=0 zone=0
use=2
ipv4 2 tcp 6 16 TIME_WAIT src=190.234.60.52 dst=190.234.20.93
sport=55682 dport=8765 src=190.234.20.93 dst=190.234.60.52 sport=8765
dport=55682 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 78 TIME_WAIT src=10.6.0.3 dst=149.154.175.54 sport=40844
dport=5222 src=149.154.175.54 dst=190.234.20.93 sport=5222 dport=40844
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431781 ESTABLISHED src=10.6.0.3 dst=172.217.192.95
sport=47794 dport=443 src=172.217.192.95 dst=190.234.20.93 sport=443
dport=47794 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 28 src=192.168.10.106 dst=8.8.8.8 sport=57463 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=57463 mark=0 zone=0 use=2
ipv4 2 tcp 6 14 TIME_WAIT src=190.234.60.52 dst=190.234.20.93
sport=55679 dport=8765 src=190.234.20.93 dst=190.234.60.52 sport=8765
dport=55679 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431924 ESTABLISHED src=10.6.0.3 dst=157.240.197.17
sport=49800 dport=443 src=157.240.197.17 dst=190.234.20.93 sport=443
dport=49800 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 6 CLOSE src=192.168.10.118 dst=157.240.197.15 sport=49924
dport=443 src=157.240.197.15 dst=190.234.20.93 sport=443 dport=49924 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431965 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31566 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31566
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431967 ESTABLISHED src=192.168.10.106 dst=64.233.190.188
sport=31582 dport=5228 src=64.233.190.188 dst=190.234.20.93 sport=5228
dport=31582 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431957 ESTABLISHED src=192.168.10.106 dst=13.107.4.50
sport=31642 dport=80 src=13.107.4.50 dst=190.234.20.93 sport=80 dport=31642
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431986 ESTABLISHED src=192.168.10.12 dst=107.178.214.9
sport=60738 dport=28622 src=107.178.214.9 dst=190.234.20.93 sport=28622
dport=60738 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 6 TIME_WAIT src=190.234.60.52 dst=190.234.20.93
sport=55675 dport=8765 src=190.234.20.93 dst=190.234.60.52 sport=8765
dport=55675 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31580 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31580
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 0 src=10.6.0.3 dst=8.8.8.8 sport=42399 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=42399 mark=0 zone=0 use=2
ipv4 2 tcp 6 431910 ESTABLISHED src=10.6.0.3 dst=172.217.192.95
sport=47810 dport=443 src=172.217.192.95 dst=190.234.20.93 sport=443
dport=47810 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 6 CLOSE src=192.168.1.40 dst=40.91.76.238 sport=60934
dport=443 src=40.91.76.238 dst=190.234.20.93 sport=443 dport=60934 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 29 src=192.168.10.106 dst=64.233.190.94 sport=57464
dport=443 [UNREPLIED] src=64.233.190.94 dst=190.234.20.93 sport=443 dport=57464
mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.10.118 dst=8.8.8.8 sport=60694 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=60694 mark=0 zone=0 use=2
ipv4 2 tcp 6 431986 ESTABLISHED src=192.168.10.106 dst=216.239.32.116
sport=31643 dport=443 src=216.239.32.116 dst=190.234.20.93 sport=443
dport=31643 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 20 src=192.168.10.106 dst=216.239.32.116 sport=55068
dport=443 [UNREPLIED] src=216.239.32.116 dst=190.234.20.93 sport=443
dport=55068 mark=0 zone=0 use=2
ipv4 2 tcp 6 431965 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31563 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31563
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431970 ESTABLISHED src=192.168.10.110 dst=52.4.60.17
sport=65503 dport=443 src=52.4.60.17 dst=190.234.20.93 sport=443 dport=65503
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431992 ESTABLISHED src=192.168.10.106 dst=64.233.186.113
sport=31623 dport=443 src=64.233.186.113 dst=190.234.20.93 sport=443
dport=31623 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431961 ESTABLISHED src=192.168.10.106 dst=131.100.1.174
sport=31327 dport=5938 src=131.100.1.174 dst=190.234.20.93 sport=5938
dport=31327 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431985 ESTABLISHED src=192.168.10.106 dst=64.233.190.95
sport=31638 dport=443 src=64.233.190.95 dst=190.234.20.93 sport=443 dport=31638
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 424032 ESTABLISHED src=192.168.10.113 dst=52.177.165.30
sport=49439 dport=443 src=52.177.165.30 dst=190.234.20.93 sport=443 dport=49439
[ASSURED] mark=0 zone=0 use=2
ipv4 2 unknown 2 234 src=192.168.10.118 dst=224.0.0.251 [UNREPLIED]
src=224.0.0.251 dst=192.168.10.118 mark=0 zone=0 use=2
ipv4 2 tcp 6 431964 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31579 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31579
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31598 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31598
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431995 ESTABLISHED src=192.168.10.100 dst=35.190.245.125
sport=49296 dport=4070 src=35.190.245.125 dst=190.234.20.93 sport=4070
dport=49296 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 43 src=192.168.10.106 dst=142.250.82.27 sport=58578
dport=19305 src=142.250.82.27 dst=190.234.20.93 sport=19305 dport=58578
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 6 CLOSE src=192.168.10.118 dst=157.240.197.17 sport=49927
dport=443 src=157.240.197.17 dst=190.234.20.93 sport=443 dport=49927 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431998 ESTABLISHED src=192.168.10.118 dst=69.171.250.20
sport=49908 dport=443 src=69.171.250.20 dst=190.234.20.93 sport=443 dport=49908
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431948 ESTABLISHED src=192.168.1.40 dst=52.177.165.30
sport=60676 dport=443 src=52.177.165.30 dst=190.234.20.93 sport=443 dport=60676
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431598 ESTABLISHED src=192.168.10.106 dst=52.179.224.121
sport=49448 dport=443 src=52.179.224.121 dst=190.234.20.93 sport=443
dport=49448 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431577 ESTABLISHED src=192.168.10.113 dst=23.78.116.223
sport=31196 dport=443 src=23.78.116.223 dst=190.234.20.93 sport=443 dport=31196
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431897 ESTABLISHED src=192.168.10.106 dst=23.216.43.95
sport=31616 dport=443 src=23.216.43.95 dst=190.234.20.93 sport=443 dport=31616
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 8 CLOSE src=10.6.0.3 dst=161.117.71.89 sport=47510
dport=443 src=161.117.71.89 dst=190.234.20.93 sport=443 dport=47510 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431965 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31562 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31562
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=192.168.10.106 dst=64.233.186.95
sport=31583 dport=443 src=64.233.186.95 dst=190.234.20.93 sport=443 dport=31583
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 61 src=190.234.20.93 dst=162.159.200.123 sport=123
dport=123 src=162.159.200.123 dst=190.234.20.93 sport=123 dport=123 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 424080 ESTABLISHED src=192.168.10.113 dst=172.217.192.188
sport=34112 dport=5228 src=172.217.192.188 dst=190.234.20.93 sport=5228
dport=34112 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431656 ESTABLISHED src=10.6.0.3 dst=142.250.4.188
sport=39172 dport=5228 src=142.250.4.188 dst=190.234.20.93 sport=5228
dport=39172 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431735 ESTABLISHED src=192.168.10.118 dst=17.57.144.150
sport=61875 dport=5223 src=17.57.144.150 dst=190.234.20.93 sport=5223
dport=61875 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431992 ESTABLISHED src=192.168.10.106 dst=172.217.192.138
sport=31640 dport=443 src=172.217.192.138 dst=190.234.20.93 sport=443
dport=31640 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431579 ESTABLISHED src=192.168.10.113 dst=23.78.116.223
sport=31210 dport=443 src=23.78.116.223 dst=190.234.20.93 sport=443 dport=31210
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 430804 ESTABLISHED src=192.168.10.100 dst=52.119.197.246
sport=33302 dport=443 src=52.119.197.246 dst=190.234.20.93 sport=443
dport=33302 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 109 TIME_WAIT src=192.168.10.28 dst=52.209.5.60
sport=38187 dport=443 src=52.209.5.60 dst=190.234.20.93 sport=443 dport=38187
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.10.118 dst=190.43.72.209 sport=53643
dport=443 [UNREPLIED] src=190.43.72.209 dst=190.234.20.93 sport=443 dport=53643
mark=0 zone=0 use=2
ipv4 2 tcp 6 20 TIME_WAIT src=10.6.0.3 dst=172.217.192.83 sport=47660
dport=443 src=172.217.192.83 dst=190.234.20.93 sport=443 dport=47660 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 udp 17 111 src=192.168.10.12 dst=107.178.214.9 sport=47017
dport=28678 src=107.178.214.9 dst=190.234.20.93 sport=28678 dport=47017
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431660 ESTABLISHED src=10.6.0.3 dst=157.240.197.34
sport=40706 dport=443 src=157.240.197.34 dst=190.234.20.93 sport=443
dport=40706 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 299 ESTABLISHED src=10.6.0.3 dst=161.117.97.83
sport=42376 dport=443 src=161.117.97.83 dst=190.234.20.93 sport=443 dport=42376
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431718 ESTABLISHED src=10.6.0.3 dst=103.230.236.43
sport=41382 dport=7001 src=103.230.236.43 dst=190.234.20.93 sport=7001
dport=41382 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431874 ESTABLISHED src=192.168.10.106 dst=52.167.253.237
sport=31607 dport=443 src=52.167.253.237 dst=190.234.20.93 sport=443
dport=31607 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=192.168.10.118 dst=157.240.197.10
sport=49931 dport=443 src=157.240.197.10 dst=190.234.20.93 sport=443
dport=49931 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 6 CLOSE src=192.168.10.118 dst=190.43.72.145 sport=49926
dport=443 src=190.43.72.145 dst=190.234.20.93 sport=443 dport=49926 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 76 ESTABLISHED src=192.168.10.28 dst=3.20.209.231
sport=37818 dport=443 [UNREPLIED] src=3.20.209.231 dst=190.234.20.93 sport=443
dport=37818 mark=0 zone=0 use=2
ipv4 2 tcp 6 431978 ESTABLISHED src=192.168.10.106 dst=172.217.192.95
sport=31631 dport=443 src=172.217.192.95 dst=190.234.20.93 sport=443
dport=31631 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 16 TIME_WAIT src=190.234.60.52 dst=190.234.20.93
sport=55681 dport=8765 src=190.234.20.93 dst=190.234.60.52 sport=8765
dport=55681 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431986 ESTABLISHED src=192.168.10.106 dst=64.233.186.189
sport=31469 dport=443 src=64.233.186.189 dst=190.234.20.93 sport=443
dport=31469 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 7 TIME_WAIT src=119.45.123.92 dst=190.234.20.93
sport=52818 dport=2222 src=190.234.20.93 dst=119.45.123.92 sport=2222
dport=52818 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 11 src=192.168.10.104 dst=192.168.10.1 sport=54553
dport=137 [UNREPLIED] src=192.168.10.1 dst=192.168.10.104 sport=137 dport=54553
mark=0 zone=0 use=2
ipv4 2 udp 17 8 src=192.168.10.113 dst=8.8.4.4 sport=60154 dport=53
src=8.8.4.4 dst=190.234.20.93 sport=53 dport=60154 mark=0 zone=0 use=2
ipv4 2 tcp 6 431981 ESTABLISHED src=192.168.10.28 dst=52.14.173.154
sport=46828 dport=443 src=52.14.173.154 dst=190.234.20.93 sport=443 dport=46828
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.10.118 dst=190.43.40.81 sport=49767
dport=443 [UNREPLIED] src=190.43.40.81 dst=190.234.20.93 sport=443 dport=49767
mark=0 zone=0 use=2
ipv4 2 tcp 6 59 TIME_WAIT src=192.168.10.106 dst=142.250.82.27
sport=31635 dport=443 src=142.250.82.27 dst=190.234.20.93 sport=443 dport=31635
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 26 src=192.168.10.118 dst=8.8.8.8 sport=51820 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=51820 mark=0 zone=0 use=2
ipv4 2 udp 17 58 src=190.234.20.93 dst=162.159.200.1 sport=123
dport=123 src=162.159.200.1 dst=190.234.20.93 sport=123 dport=123 [ASSURED]
mark=0 zone=0 use=2
ipv4 2 tcp 6 431969 ESTABLISHED src=192.168.10.106 dst=52.177.165.30
sport=31366 dport=443 src=52.177.165.30 dst=190.234.20.93 sport=443 dport=31366
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 30 TIME_WAIT src=129.28.157.148 dst=190.234.20.93
sport=55274 dport=2222 src=190.234.20.93 dst=129.28.157.148 sport=2222
dport=55274 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431869 ESTABLISHED src=10.6.0.3 dst=47.74.170.158
sport=48252 dport=5222 src=47.74.170.158 dst=190.234.20.93 sport=5222
dport=48252 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 49 TIME_WAIT src=192.168.10.106 dst=142.250.82.27
sport=31633 dport=443 src=142.250.82.27 dst=190.234.20.93 sport=443 dport=31633
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=10.6.0.3 dst=103.230.236.30
sport=37872 dport=7007 src=103.230.236.30 dst=190.234.20.93 sport=7007
dport=37872 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431997 ESTABLISHED src=192.168.10.106 dst=64.233.186.113
sport=31584 dport=443 src=64.233.186.113 dst=190.234.20.93 sport=443
dport=31584 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431990 ESTABLISHED src=192.168.10.106 dst=64.233.186.189
sport=31611 dport=443 src=64.233.186.189 dst=190.234.20.93 sport=443
dport=31611 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431801 ESTABLISHED src=10.6.0.3 dst=64.233.190.104
sport=47516 dport=443 src=64.233.190.104 dst=190.234.20.93 sport=443
dport=47516 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431964 ESTABLISHED src=192.168.10.106 dst=8.8.8.8
sport=31576 dport=443 src=8.8.8.8 dst=190.234.20.93 sport=443 dport=31576
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431973 ESTABLISHED src=192.168.10.100 dst=52.119.197.96
sport=42374 dport=443 src=52.119.197.96 dst=190.234.20.93 sport=443 dport=42374
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 28 src=192.168.10.118 dst=157.240.197.17 sport=50607
dport=443 [UNREPLIED] src=157.240.197.17 dst=190.234.20.93 sport=443
dport=50607 mark=0 zone=0 use=2
ipv4 2 tcp 6 431779 ESTABLISHED src=10.6.0.3 dst=172.217.192.95
sport=47792 dport=443 src=172.217.192.95 dst=190.234.20.93 sport=443
dport=47792 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431713 ESTABLISHED src=192.168.10.118 dst=64.233.186.188
sport=49906 dport=5228 src=64.233.186.188 dst=190.234.20.93 sport=5228
dport=49906 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431975 ESTABLISHED src=192.168.10.106 dst=172.217.192.94
sport=31630 dport=443 src=172.217.192.94 dst=190.234.20.93 sport=443
dport=31630 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 28 src=192.168.10.118 dst=224.0.0.251 sport=5353
dport=5353 [UNREPLIED] src=224.0.0.251 dst=192.168.10.118 sport=5353 dport=5353
mark=0 zone=0 use=2
ipv4 2 tcp 6 431998 ESTABLISHED src=192.168.10.106 dst=64.233.190.94
sport=31585 dport=443 src=64.233.190.94 dst=190.234.20.93 sport=443 dport=31585
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 300 ESTABLISHED src=192.168.10.1 dst=192.168.10.12
sport=39856 dport=554 src=192.168.10.12 dst=192.168.10.1 sport=554 dport=39856
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 9 src=10.6.0.3 dst=8.8.8.8 sport=23598 dport=53
src=8.8.8.8 dst=190.234.20.93 sport=53 dport=23598 mark=0 zone=0 use=2
ipv4 2 udp 17 118 src=192.168.10.106 dst=142.250.82.27 sport=53598
dport=19305 src=142.250.82.27 dst=190.234.20.93 sport=19305 dport=53598
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431956 ESTABLISHED src=192.168.10.106 dst=64.233.190.132
sport=31636 dport=443 src=64.233.190.132 dst=190.234.20.93 sport=443
dport=31636 [ASSURED] mark=0 zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
inet 190.234.20.93/22 brd 255.255.255.255 scope global dynamic
noprefixroute eth0
valid_lft 376057sec preferred_lft 327841sec
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
inet 192.168.10.1/24 brd 192.168.10.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global noprefixroute eth2
valid_lft forever preferred_lft forever
7: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 496 qdisc noqueue state UNKNOWN
group default qlen 1000
inet 10.6.0.1/24 scope global wg0
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
12756559 50023 0 0 0 0
TX: bytes packets errors dropped carrier collsns
12756559 50023 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DEFAULT group default qlen 1000
link/ether dc:a6:32:21:de:11 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
705939758 731206 0 0 0 0
TX: bytes packets errors dropped carrier collsns
177624108 520138 0 0 0 0
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DORMANT
group default qlen 1000
link/ether dc:a6:32:21:de:12 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether 00:0e:c8:9e:5f:60 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
9645000739 7012519 0 0 0 0
TX: bytes packets errors dropped carrier collsns
891889113 3519767 0 0 0 0
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether 00:0e:c6:fc:ad:a7 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
10589854 15952 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2293438 12059 0 0 0 0
7: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 496 qdisc noqueue state UNKNOWN
mode DEFAULT group default qlen 1000
link/none
RX: bytes packets errors dropped overrun mcast
281624 1478 96 0 0 0
TX: bytes packets errors dropped carrier collsns
542536 2182 0 0 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.1.1 dev eth2 proto kernel scope host src 192.168.1.1
local 192.168.10.1 dev eth1 proto kernel scope host src 192.168.10.1
local 190.234.20.93 dev eth0 proto kernel scope host src 190.234.20.93
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.6.0.1 dev wg0 proto kernel scope host src 10.6.0.1
broadcast 192.168.1.255 dev eth2 proto kernel scope link src 192.168.1.1
broadcast 192.168.1.0 dev eth2 proto kernel scope link src 192.168.1.1
broadcast 192.168.10.255 dev eth1 proto kernel scope link src 192.168.10.1
broadcast 192.168.10.0 dev eth1 proto kernel scope link src 192.168.10.1
broadcast 190.234.23.255 dev eth0 proto kernel scope link src 190.234.20.93
broadcast 190.234.20.0 dev eth0 proto kernel scope link src 190.234.20.93
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.6.0.255 dev wg0 proto kernel scope link src 10.6.0.1
broadcast 10.6.0.0 dev wg0 proto kernel scope link src 10.6.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.1.0/24 dev eth2 proto dhcp scope link src 192.168.1.1 metric 205
192.168.10.0/24 dev eth1 proto dhcp scope link src 192.168.10.1 metric 204
10.6.0.0/24 dev wg0 proto kernel scope link src 10.6.0.1
190.234.20.0/22 dev eth0 proto dhcp scope link src 190.234.20.93 metric 202 mtu
576
default via 190.234.20.1 dev eth0 proto dhcp src 190.234.20.93 metric 202 mtu
576
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 5.4.79-v7l+ (dom@buildbot) (gcc version 8.4.0
(Ubuntu/Linaro 8.4.0-3ubuntu1)) #1373 SMP Mon Nov 23 13:27:40 GMT 2020
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth1/log_martians = 1
/proc/sys/net/ipv4/conf/eth2/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth2/arp_filter = 0
/proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth2/rp_filter = 1
/proc/sys/net/ipv4/conf/eth2/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/wg0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wg0/arp_filter = 0
/proc/sys/net/ipv4/conf/wg0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wg0/rp_filter = 1
/proc/sys/net/ipv4/conf/wg0/log_martians = 1
/proc/sys/net/ipv4/conf/wlan0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan0/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan0/rp_filter = 1
/proc/sys/net/ipv4/conf/wlan0/log_martians = 1
ARP
? (192.168.10.104) at 00:ad:24:50:e0:30 [ether] on eth1
? (192.168.10.12) at 00:2a:2a:12:e8:53 [ether] on eth1
? (192.168.10.118) at 82:5b:d1:c4:78:f4 [ether] on eth1
? (192.168.10.106) at 9c:b6:d0:93:7a:15 [ether] on eth1
? (192.168.1.30) at 70:85:c2:c6:29:ff [ether] on eth2
? (192.168.10.110) at 0c:80:63:1e:7d:cf [ether] on eth1
? (190.234.20.1) at 44:d3:ca:26:a2:d9 [ether] on eth0
? (192.168.10.113) at b0:95:75:cd:78:f5 [ether] on eth1
? (192.168.10.100) at 1c:12:b0:54:cd:61 [ether] on eth1
? (192.168.10.13) at a8:9c:ed:dd:ab:1e [ether] on eth1
? (192.168.10.120) at 68:ff:7b:8a:76:fc [ether] on eth1
? (192.168.10.28) at 5c:c1:d7:cb:9e:d0 [ether] on eth1
? (192.168.1.40) at 70:85:c2:c6:2b:5b [ether] on eth2
? (192.168.1.16) at <incomplete> on eth2
? (192.168.10.114) at da:50:66:f6:56:35 [ether] on eth1
Modules
ip_tables 28672 1
ipt_REJECT 16384 4
ipt_rpfilter 16384 0
nf_conncount 24576 1 xt_connlimit
nf_conntrack 135168 32
xt_state,nf_nat_pptp,nf_conntrack_sip,nf_conntrack_snmp,nf_conncount,nf_conntrack_irc,xt_nat,nf_nat_h323,nf_conntrack_ftp,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_tftp,xt_NETMAP,nf_nat_irc,xt_MASQUERADE,xt_connmark,nf_conntrack_pptp,nf_conntrack_amanda,xt_helper,nf_conntrack_broadcast,nf_nat_ftp,nf_conntrack_sane,nf_nat_amanda,xt_connlimit,nf_conntrack_netlink,nf_conntrack_netbios_ns,xt_CT,nf_conntrack_h323,xt_conntrack,xt_REDIRECT,nf_nat_tftp,nf_nat
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp 16384 3 nf_nat_ftp
nf_conntrack_h323 53248 5 nf_nat_h323
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 45056 0
nf_conntrack_pptp 16384 3 nf_nat_pptp
nf_conntrack_sane 16384 2
nf_conntrack_sip 36864 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 2 nf_conntrack,xt_TPROXY
nf_defrag_ipv6 20480 2 nf_conntrack,xt_TPROXY
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 12
nf_nat 49152 12
nf_nat_pptp,xt_nat,nf_nat_h323,nf_nat_sip,xt_NETMAP,nf_nat_irc,xt_MASQUERADE,nft_chain_nat,nf_nat_ftp,nf_nat_amanda,xt_REDIRECT,nf_nat_tftp
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_irc 16384 0
nf_nat_pptp 16384 0
nf_nat_sip 20480 0
nf_nat_snmp_basic 16384 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
nf_tables 139264 309 nft_compat,nft_chain_nat,nft_counter
nf_tproxy_ipv4 16384 1 xt_TPROXY
nf_tproxy_ipv6 16384 1 xt_TPROXY
xt_addrtype 16384 32
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 0
xt_connlimit 16384 0
xt_connmark 16384 0
xt_conntrack 16384 23
xt_CT 16384 22
xt_dscp 16384 0
xt_DSCP 16384 0
xt_hashlimit 24576 12
xt_helper 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_LOG 16384 12
xt_mark 16384 1
xt_MASQUERADE 16384 4
xt_multiport 16384 1
xt_nat 16384 1
xt_NETMAP 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 0
xt_policy 16384 0
xt_realm 16384 0
xt_recent 24576 1
xt_REDIRECT 16384 0
xt_state 16384 0
xt_statistic 16384 0
xt_tcpmss 16384 0
xt_TCPMSS 16384 0
xt_tcpudp 16384 34
xt_time 16384 0
xt_TPROXY 16384 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Not available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50200
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
INPUT chain in nat table (NAT_INPUT_CHAIN): Available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match (IPSET_MATCH): Not available
ipset V5 (IPSET_V5): Not available
iptables-restore --wait option (RESTORE_WAIT_OPTION): Available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 50479
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
NETMAP Target (NETMAP_TARGET): Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
--nflog-size support (NFLOG_SIZE): Available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE CPU Fanout (CPU_FANOUT): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:67 0.0.0.0:*
users:(("dhcpd",pid=1093,fd=8))
udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:*
users:(("dhcpcd",pid=584,fd=10))
udp UNCONN 0 0 0.0.0.0:51820 0.0.0.0:*
udp UNCONN 0 0 10.6.0.1:123 0.0.0.0:*
users:(("ntpd",pid=8589,fd=22))
udp UNCONN 0 0 192.168.1.1:123 0.0.0.0:*
users:(("ntpd",pid=8589,fd=21))
udp UNCONN 0 0 192.168.10.1:123 0.0.0.0:*
users:(("ntpd",pid=8589,fd=20))
udp UNCONN 0 0 190.234.20.93:123 0.0.0.0:*
users:(("ntpd",pid=8589,fd=19))
udp UNCONN 0 0 127.0.0.1:123 0.0.0.0:*
users:(("ntpd",pid=8589,fd=18))
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:*
users:(("ntpd",pid=8589,fd=17))
udp UNCONN 0 0 0.0.0.0:37014 0.0.0.0:*
users:(("avahi-daemon",pid=321,fd=14))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
users:(("avahi-daemon",pid=321,fd=12))
tcp LISTEN 0 128 0.0.0.0:8765 0.0.0.0:*
users:(("meyectl",pid=379,fd=12))
tcp LISTEN 0 128 127.0.0.1:7999 0.0.0.0:*
users:(("motion",pid=567,fd=7))
tcp LISTEN 0 128 0.0.0.0:2222 0.0.0.0:*
users:(("sshd",pid=631,fd=3))
tcp LISTEN 0 128 127.0.0.1:8081 0.0.0.0:*
users:(("motion",pid=567,fd=5))
tcp ESTAB 0 0 192.168.10.1:39856 192.168.10.12:554
users:(("motion",pid=567,fd=8))
tcp ESTAB 0 0 190.234.20.93:2222 190.234.60.52:54503
users:(("sshd",pid=8197,fd=3),("sshd",pid=8179,fd=3))
Traffic Control
Device lo:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device eth0:
qdisc mq 0: root
Sent 177633517 bytes 520168 pkt (dropped 0, overlimits 0 requeues 5522)
backlog 0b 0p requeues 5522
qdisc pfifo_fast 0: parent :5 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 26852221 bytes 80858 pkt (dropped 0, overlimits 0 requeues 597)
backlog 0b 0p requeues 597
qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 46792507 bytes 122390 pkt (dropped 0, overlimits 0 requeues 569)
backlog 0b 0p requeues 569
qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 38055354 bytes 101408 pkt (dropped 0, overlimits 0 requeues 2320)
backlog 0b 0p requeues 2320
qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 52370093 bytes 147219 pkt (dropped 0, overlimits 0 requeues 2036)
backlog 0b 0p requeues 2036
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 13563342 bytes 68293 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :1 root
Sent 13563342 bytes 68293 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 52370093 bytes 147219 pkt (dropped 0, overlimits 0 requeues 2036)
backlog 0b 0p requeues 2036
class mq :3 root
Sent 38055354 bytes 101408 pkt (dropped 0, overlimits 0 requeues 2320)
backlog 0b 0p requeues 2320
class mq :4 root
Sent 46792507 bytes 122390 pkt (dropped 0, overlimits 0 requeues 569)
backlog 0b 0p requeues 569
class mq :5 root
Sent 26852221 bytes 80858 pkt (dropped 0, overlimits 0 requeues 597)
backlog 0b 0p requeues 597
Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 863744957 bytes 3519960 pkt (dropped 996, overlimits 0 requeues 58056)
backlog 0b 0p requeues 58056
Device eth2:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 2245202 bytes 12059 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device wg0:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device lo:
Device eth0:
Device eth1:
Device eth2:
Device wg0:
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
