# iptables -L -vxn Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2075 739067 BASE_INPUT_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 68 7990 INPUT_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 68 7990 HOST_BLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 68 7990 SPOOF_CHK all -- * * 0.0.0.0/0 0.0.0.0/0 68 7990 MODEM_CHAIN_HOOK all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 VPN_INPUT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol ipsec 6 723 VALID_CHK all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 6 723 EXT_INPUT_CHAIN !icmp -- ppp+ * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 EXT_INPUT_CHAIN icmp -- ppp+ * 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 60/sec burst 100 0 0 EXT_ICMP_FLOOD_CHAIN icmp -- ppp+ * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 INT_INPUT_CHAIN all -- eth1 * 0.0.0.0/0 0.0.0.0/0 57 6592 INT_INPUT_CHAIN all -- br0 * 0.0.0.0/0 0.0.0.0/0 5 675 INT_INPUT_CHAIN all -- br1 * 0.0.0.0/0 0.0.0.0/0 0 0 POST_INPUT_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `AIF:Dropped INPUT packet: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 4 packets, 260 bytes) pkts bytes target prot opt in out source destination 384 54096 BASE_FORWARD_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 6 372 TCPMSS tcp -- * ppp+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 103 5865 FORWARD_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 103 5865 HOST_BLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 VPN_FORWARD all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol ipsec 0 0 EXT_FORWARD_IN_CHAIN all -- ppp+ * 0.0.0.0/0 0.0.0.0/0 96 5417 EXT_FORWARD_OUT_CHAIN all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 INT_FORWARD_IN_CHAIN all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 INT_FORWARD_OUT_CHAIN all -- * eth1 0.0.0.0/0 0.0.0.0/0 101 5717 INT_FORWARD_IN_CHAIN all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 INT_FORWARD_OUT_CHAIN all -- * br0 0.0.0.0/0 0.0.0.0/0 0 0 INT_FORWARD_IN_CHAIN all -- br1 * 0.0.0.0/0 0.0.0.0/0 0 0 INT_FORWARD_OUT_CHAIN all -- * br1 0.0.0.0/0 0.0.0.0/0 101 5717 SPOOF_CHK all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 br0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 br1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 c4svpn 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br0 eth1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br0 br1 0.0.0.0/0 0.0.0.0/0 5 300 ACCEPT all -- br0 c4svpn 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br1 eth1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br1 br0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br1 c4svpn 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- c4svpn eth1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- c4svpn br0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- c4svpn br1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 eth1 0.0.0.0/0 0.0.0.0/0 0 0 LAN_INET_FORWARD_CHAIN all -- eth1 ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0 96 5417 LAN_INET_FORWARD_CHAIN all -- br0 ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br1 br1 0.0.0.0/0 0.0.0.0/0 0 0 LAN_INET_FORWARD_CHAIN all -- br1 ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ppp+ !ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 POST_FORWARD_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min burst 3 LOG flags 0 level 6 prefix `AIF:Dropped FORWARD packet: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 24 packets, 3008 bytes) pkts bytes target prot opt in out source destination 2217 1271732 BASE_OUTPUT_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 2 120 TCPMSS tcp -- * ppp+ 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 108 9211 OUTPUT_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 108 9211 HOST_BLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Fragment packet: ' 0 0 DROP all -f * * 0.0.0.0/0 0.0.0.0/0 86 6341 EXT_OUTPUT_CHAIN all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 0 0 INT_OUTPUT_CHAIN all -- * eth1 0.0.0.0/0 0.0.0.0/0 7 1355 INT_OUTPUT_CHAIN all -- * br0 0.0.0.0/0 0.0.0.0/0 5 675 INT_OUTPUT_CHAIN all -- * br1 0.0.0.0/0 0.0.0.0/0 22 2870 POST_OUTPUT_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain BASE_FORWARD_CHAIN (1 references) pkts bytes target prot opt in out source destination 184943 125930694 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED tcp dpts:1024:65535 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED udp dpts:1024:65535 29756 2082920 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 Chain BASE_INPUT_CHAIN (1 references) pkts bytes target prot opt in out source destination 129544 28837331 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED tcp dpts:1024:65535 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED udp dpts:1024:65535 9 863 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 3850 298878 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 Chain BASE_OUTPUT_CHAIN (1 references) pkts bytes target prot opt in out source destination 107494 36643389 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 3855 299438 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 Chain DMZ_FORWARD_IN_CHAIN (0 references) pkts bytes target prot opt in out source destination Chain DMZ_FORWARD_OUT_CHAIN (0 references) pkts bytes target prot opt in out source destination Chain DMZ_INET_FORWARD_CHAIN (0 references) pkts bytes target prot opt in out source destination Chain DMZ_INPUT_CHAIN (0 references) pkts bytes target prot opt in out source destination Chain DMZ_LAN_FORWARD_CHAIN (0 references) pkts bytes target prot opt in out source destination Chain DMZ_OUTPUT_CHAIN (0 references) pkts bytes target prot opt in out source destination Chain EXT_FORWARD_IN_CHAIN (1 references) pkts bytes target prot opt in out source destination 0 0 VALID_CHK all -- * * 0.0.0.0/0 0.0.0.0/0 Chain EXT_FORWARD_OUT_CHAIN (1 references) pkts bytes target prot opt in out source destination Chain EXT_ICMP_FLOOD_CHAIN (1 references) pkts bytes target prot opt in out source destination 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-unreachable flood: ' 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-time-exceeded fld: ' 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-param-problem fld: ' 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-request(ping) fld: ' 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-reply(pong) flood: ' 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-source-quench fld: ' 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP(other) flood: ' 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain EXT_INPUT_CHAIN (2 references) pkts bytes target prot opt in out source destination 0 0 VPN_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol ipsec 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 SSH_CHK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:0 limit: avg 6/hour burst 1 LOG flags 0 level 6 prefix `AIF:Port 0 OS fingerprint: ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:0 limit: avg 6/hour burst 1 LOG flags 0 level 6 prefix `AIF:Port 0 OS fingerprint: ' 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:0 0 0 POST_INPUT_DROP_CHAIN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:0 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 limit: avg 6/hour burst 5 LOG flags 0 level 6 prefix `AIF:TCP source port 0: ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:0 limit: avg 6/hour burst 5 LOG flags 0 level 6 prefix `AIF:UDP source port 0: ' 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 0 0 POST_INPUT_DROP_CHAIN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:0 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 0 0 ACCEPT tcp -- + * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 1 48 ACCEPT tcp -- + * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- + * 0.0.0.0/0 0.0.0.0/0 tcp dpt:655 0 0 ACCEPT udp -- + * 0.0.0.0/0 0.0.0.0/0 udp dpt:655 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-request: ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-unreachable: ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-time-exceeded: ' 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-param.-problem: ' 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 flags:!0x17/0x02 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (UNPRIV)?: ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flags:!0x17/0x02 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (PRIV)?: ' 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level 6 prefix `AIF:PRIV connect attempt: ' 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level 6 prefix `AIF:UNPRIV connect attempt: ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG flags 0 level 6 prefix `AIF:UNPRIV connect attempt: ' 5 675 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 limit: avg 6/min burst 2 LOG flags 0 level 6 prefix `AIF:UNPRIV connect attempt: ' 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 5 675 POST_INPUT_DROP_CHAIN udp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 POST_INPUT_DROP_CHAIN icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min burst 5 LOG flags 0 level 6 prefix `AIF:Connect attempt: ' 0 0 POST_INPUT_DROP_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain EXT_OUTPUT_CHAIN (1 references) pkts bytes target prot opt in out source destination 86 6341 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_CHAIN (1 references) pkts bytes target prot opt in out source destination Chain HOST_BLOCK (3 references) pkts bytes target prot opt in out source destination Chain INET_DMZ_FORWARD_CHAIN (0 references) pkts bytes target prot opt in out source destination Chain INPUT_CHAIN (1 references) pkts bytes target prot opt in out source destination Chain INT_FORWARD_IN_CHAIN (3 references) pkts bytes target prot opt in out source destination Chain INT_FORWARD_OUT_CHAIN (3 references) pkts bytes target prot opt in out source destination Chain INT_INPUT_CHAIN (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-request: ' 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 62 7267 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INT_OUTPUT_CHAIN (3 references) pkts bytes target prot opt in out source destination Chain LAN_INET_FORWARD_CHAIN (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 6 prefix `AIF:ICMP-request: ' 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 6 372 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 90 5045 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain MODEM_CHAIN (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0 255.255.255.255 udp spt:68 dpt:67 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `AIF:Dropped MODEM packet: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain MODEM_CHAIN_HOOK (1 references) pkts bytes target prot opt in out source destination 0 0 MODEM_CHAIN all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT_CHAIN (1 references) pkts bytes target prot opt in out source destination Chain POST_FORWARD_CHAIN (1 references) pkts bytes target prot opt in out source destination Chain POST_INPUT_CHAIN (1 references) pkts bytes target prot opt in out source destination Chain POST_INPUT_DROP_CHAIN (37 references) pkts bytes target prot opt in out source destination 5 675 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POST_OUTPUT_CHAIN (1 references) pkts bytes target prot opt in out source destination Chain RESERVED_NET_CHK (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 10.0.0.0/8 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix `AIF:Class A address: ' 0 0 LOG all -- * * 172.16.0.0/12 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix `AIF:Class B address: ' 0 0 LOG all -- * * 192.168.0.0/16 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix `AIF:Class C address: ' 0 0 LOG all -- * * 169.254.0.0/16 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix `AIF:Class M$ address: ' 0 0 POST_INPUT_DROP_CHAIN all -- * * 10.0.0.0/8 0.0.0.0/0 0 0 POST_INPUT_DROP_CHAIN all -- * * 172.16.0.0/12 0.0.0.0/0 0 0 POST_INPUT_DROP_CHAIN all -- * * 192.168.0.0/16 0.0.0.0/0 0 0 POST_INPUT_DROP_CHAIN all -- * * 169.254.0.0/16 0.0.0.0/0 Chain SPOOF_CHK (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- ppp+ * 192.168.254.0/24 0.0.0.0/0 policy match dir in pol ipsec 0 0 RETURN all -- ppp+ * 10.57.137.0/24 0.0.0.0/0 policy match dir in pol ipsec 0 0 RETURN all -- eth1 * 192.168.254.0/24 0.0.0.0/0 156 11653 RETURN all -- br0 * 192.168.254.0/24 0.0.0.0/0 0 0 RETURN all -- br1 * 192.168.254.0/24 0.0.0.0/0 0 0 LOG all -- * * 192.168.254.0/24 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Spoofed packet: ' 0 0 POST_INPUT_DROP_CHAIN all -- * * 192.168.254.0/24 0.0.0.0/0 0 0 RETURN all -- eth1 * 10.57.137.0/24 0.0.0.0/0 0 0 RETURN all -- br0 * 10.57.137.0/24 0.0.0.0/0 5 675 RETURN all -- br1 * 10.57.137.0/24 0.0.0.0/0 0 0 LOG all -- * * 10.57.137.0/24 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Spoofed packet: ' 0 0 POST_INPUT_DROP_CHAIN all -- * * 10.57.137.0/24 0.0.0.0/0 8 1379 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain SSH_CHK (1 references) pkts bytes target prot opt in out source destination 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: sshchk side: source 0 0 SSH_LOG_DROP all -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 60 hit_count: 4 name: sshchk side: source 0 0 SSH_LOG_DROP all -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 1800 hit_count: 10 name: sshchk side: source Chain SSH_LOG_DROP (2 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix `AIF:SSH Brute force attack?: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain VALID_CHK (2 references) pkts bytes target prot opt in out source destination 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth XMAS scan: ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth XMAS-PSH scan: ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth XMAS-ALL scan: ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth FIN scan: ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth SYN/RST scan: ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth SYN/FIN scan?: ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth Null scan: ' 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp option=64 limit: avg 3/min burst 1 LOG flags 0 level 6 prefix `AIF:Bad TCP flag(64): ' 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp option=128 limit: avg 3/min burst 1 LOG flags 0 level 6 prefix `AIF:Bad TCP flag(128): ' 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp option=64 0 0 POST_INPUT_DROP_CHAIN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp option=128 0 0 POST_INPUT_DROP_CHAIN all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 LOG all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 1 LOG flags 0 level 4 prefix `AIF:Fragment packet: ' 0 0 DROP all -f * * 0.0.0.0/0 0.0.0.0/0 Chain VPN_FORWARD (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain VPN_INPUT (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0