Chain AllowICMPs (2 references)
target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed ACCEPT icmp -- anywhere anywhere icmp time-exceeded Chain Drop (1 references)
target prot opt source destination RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
AllowICMPs icmp -- anywhere anywhere
dropInvalid all -- anywhere anywhere
DropSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn tcp -- anywhere anywhere
DropDNSrep all -- anywhere anywhere
Chain DropDNSrep (2 references)
target prot opt source destination DROP udp -- anywhere anywhere udp spt:domain Chain DropSMB (1 references)
target prot opt source destination DROP udp -- anywhere anywhere udp dpt:135 DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn DROP udp -- anywhere anywhere udp dpt:microsoft-ds DROP tcp -- anywhere anywhere tcp dpt:135 DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds Chain DropUPnP (2 references)
target prot opt source destination DROP udp -- anywhere anywhere udp dpt:1900 Chain INPUT (policy DROP)
target prot opt source destination ACCEPT all -- anywhere anywhere
eth0_in all -- anywhere anywhere
eth1_in all -- anywhere anywhere
eth2_in all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination eth0_fwd all -- anywhere anywhere
eth1_fwd all -- anywhere anywhere
eth2_fwd all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:' reject all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination ACCEPT all -- anywhere anywhere
fw2net all -- anywhere anywhere
fw2loc all -- anywhere anywhere
fw2loc all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:' reject all -- anywhere anywhere
Chain Reject (4 references)
target prot opt source destination RejectAuth all -- anywhere anywhere
dropBcast all -- anywhere anywhere
AllowICMPs icmp -- anywhere anywhere
dropInvalid all -- anywhere anywhere
RejectSMB all -- anywhere anywhere
DropUPnP all -- anywhere anywhere
dropNotSyn tcp -- anywhere anywhere
DropDNSrep all -- anywhere anywhere
Chain RejectAuth (2 references)
target prot opt source destination reject tcp -- anywhere anywhere tcp dpt:auth Chain RejectSMB (1 references)
target prot opt source destination reject udp -- anywhere anywhere udp dpt:135 reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject udp -- anywhere anywhere udp dpt:microsoft-ds reject tcp -- anywhere anywhere tcp dpt:135 reject tcp -- anywhere anywhere tcp dpt:netbios-ssn reject tcp -- anywhere anywhere tcp dpt:microsoft-ds Chain all2all (0 references)
target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:' reject all -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast DROP all -- anywhere anywhere PKTTYPE = multicast Chain dropInvalid (2 references)
target prot opt source destination DROP all -- anywhere anywhere state INVALID Chain dropNotSyn (2 references)
target prot opt source destination DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN Chain dynamic (6 references)
target prot opt source destination Chain eth0_fwd (1 references)
target prot opt source destination dynamic all -- anywhere anywhere state INVALID,NEW net2all all -- anywhere anywhere
net2all all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination dynamic all -- anywhere anywhere state INVALID,NEW net2fw all -- anywhere anywhere
Chain eth1_fwd (1 references)
target prot opt source destination dynamic all -- anywhere anywhere state INVALID,NEW loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain eth1_in (1 references)
target prot opt source destination dynamic all -- anywhere anywhere state INVALID,NEW loc2fw all -- anywhere anywhere
Chain eth2_fwd (1 references)
target prot opt source destination dynamic all -- anywhere anywhere state INVALID,NEW loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain eth2_in (1 references)
target prot opt source destination dynamic all -- anywhere anywhere state INVALID,NEW loc2fw all -- anywhere anywhere
Chain fw2loc (2 references)
target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT all -- anywhere anywhere
Chain loc2fw (2 references)
target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere multiport dports 5901,5900,3333,radius,datametrics ACCEPT tcp -- anywhere anywhere multiport dports ssh,krb524 ACCEPT tcp -- anywhere anywhere tcp dpt:squid ACCEPT all -- anywhere anywhere
Chain loc2net (2 references)
target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere
Chain net2all (3 references)
target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:' DROP all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere multiport dports 5901,5900,3333,radius,datametrics ACCEPT tcp -- anywhere anywhere multiport dports ssh,krb524 net2all all -- anywhere anywhere
Chain reject (11 references)
target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast DROP all -- anywhere anywhere PKTTYPE = multicast DROP all -- 192.168.1.255 anywhere
DROP all -- 192.168.2.255 anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain shorewall (0 references)
target prot opt source destination Chain smurfs (0 references)
target prot opt source destination LOG all -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP all -- 192.168.1.255 anywhere
LOG all -- 192.168.2.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP all -- 192.168.2.255 anywhere
LOG all -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP all -- 255.255.255.255 anywhere
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
|