Respostas no Fórum

Visualizando 15 posts - 1 até 15 (de 25 do total)

1 2 →

Autor

Posts
junho 30, 2010 às 11:41 am em resposta a: Como barrar o tráfego entre redes? #4892

tnol2
Participante

Eduardo, não consegui fazer o teste ainda, vou tentar fazer de hoje para amanhã.

Wireguard_webadmin

Sistema gratuito (Open Source) para gestão de VPN's WireGuard com uma Web interface intuitiva e fácil de usar.

Principais funcionalidades:
- Sistema de Firewall completo e flexível.
- Encaminhamento de portas
- Suporte a multi usuário com níveis diferentes de acesso
- Múltiplas instâncias do Wireguard
- Crypto key routing para configuração de VPN site-to-site

O projeto é Open Source, fácil de instalar e está disponível em wireguard_webadmin

junho 22, 2010 às 1:22 pm em resposta a: Como barrar o tráfego entre redes? #4889

tnol2
Participante

Ok Eduardo, primeiro queria agradecer a sua atenção em me ajudar a resolver esse probleminha. E estarei fazendo o teste que você sugeriu, no dia do jogo do brasil, já que todo mundo estará na frente da tv. Depois posto aqui o resultado do teste.

junho 17, 2010 às 4:33 pm em resposta a: Quem já atualizou para a versão 2.4, vale a pena? #5187

tnol2
Participante

Já tinha dado uma olhada nos outros posts, só quis centralizar os relatos pós atualização, para começar a avaliar, depois de resolver o problema do tráfego entre zonas, se vale a pena partir para uma atualização.

junho 17, 2010 às 4:31 pm em resposta a: Como barrar o tráfego entre redes? #4887

tnol2
Participante

Desculpa Eduardo, não conhecia esse site. Estou postando lá agora. Segue os links:

Filter

http://pastebin.com/n64bXDst

Mangle

http://pastebin.com/TCd78qN1

Nat

http://pastebin.com/K9gL11iW

junho 17, 2010 às 12:42 pm em resposta a: VLans? #4588

tnol2
Participante

Miguel, qual foi a solução?

junho 17, 2010 às 11:49 am em resposta a: Como barrar o tráfego entre redes? #4885

tnol2
Participante

Tabela NAT

Chain PREROUTING (policy ACCEPT 7673K packets, 614M bytes)

pkts bytes target prot opt in out source destination

14M 932M CUSTOMPREROUTING all — * * 0.0.0.0/0 0.0.0.0/0

14M 932M PROXIES all — * * 0.0.0.0/0 0.0.0.0/0

9239K 703M PORTFW all — * * 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 23M packets, 1044M bytes)

pkts bytes target prot opt in out source destination

36M 1728M CUSTOMPOSTROUTING all — * * 0.0.0.0/0 0.0.0.0/0

36M 1728M OPENVPNCLIENT all — * * 0.0.0.0/0 0.0.0.0/0

36M 1728M SOURCENAT all — * * 0.0.0.0/0 0.0.0.0/0

23M 1044M POSTPORTFW all — * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 31M packets, 1371M bytes)

pkts bytes target prot opt in out source destination

31M 1371M PORTFW all — * * 0.0.0.0/0 0.0.0.0/0

Chain CUSTOMPOSTROUTING (1 references)

pkts bytes target prot opt in out source destination

Chain CUSTOMPREROUTING (1 references)

pkts bytes target prot opt in out source destination

Chain OPENVPNCLIENT (1 references)

pkts bytes target prot opt in out source destination

Chain PORTFW (2 references)

pkts bytes target prot opt in out source destination

151K 7881K DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:80 to:192.168.1.23

4 192 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:443 to:192.168.1.23

0 0 DNAT tcp — * * 189.22.x.y 200.133.x.y tcp dpt:80 to:192.168.1.23

0 0 DNAT tcp — * * 189.22.x.y 200.133.x.y tcp dpt:22 to:192.168.1.23

6034 362K DNAT tcp — * * 189.22.x.y 200.133.x.y tcp dpt:3306 to:192.168.1.23

154K 8018K DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:80 to:192.168.0.162

13 688 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:443 to:192.168.0.162

1590 73304 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:53 to:172.16.1.4

272K 19M DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:53 to:172.16.1.4

84869 4289K DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:25 to:172.16.1.4

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:25 to:172.16.1.4

75 7484 DNAT 47 — * * 0.0.0.0/0 200.133.x.y54 to:192.168.0.80

1757 108K DNAT tcp — * * 0.0.0.0/0 200.133.x.y54 tcp dpt:1723 to:192.168.0.80

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y54 udp dpt:1723 to:192.168.0.80

142 8244 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:80 to:192.168.0.2

84 4228 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:443 to:192.168.0.2

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:143 to:192.168.0.2

4019 208K DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:80 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:80 to:192.168.0.160

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:443 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:443 to:192.168.0.160

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:880 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:880 to:192.168.0.160

5 232 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:8000 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:8000 to:192.168.0.160

1 40 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:53 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:53 to:192.168.0.160

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:69 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:69 to:192.168.0.160

2524 148K DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:22 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:22 to:192.168.0.160

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:100 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:100 to:192.168.0.160

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:465 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:465 to:192.168.0.160

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y tcp dpt:993 to:192.168.0.160

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y udp dpt:993 to:192.168.0.160

5727 316K DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:80 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:80 to:192.168.0.18

13488 793K DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:22 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:22 to:192.168.0.18

13 616 DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:8080 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:8080 to:192.168.0.18

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:8181 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:8181 to:192.168.0.18

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:8686 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:8686 to:192.168.0.18

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:4848 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:4848 to:192.168.0.18

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:3920 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:3920 to:192.168.0.18

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:3820 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:3820 to:192.168.0.18

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:3700 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:3700 to:192.168.0.18

3 144 DNAT tcp — * * 0.0.0.0/0 200.133.x.y8 tcp dpt:5901 to:192.168.0.18

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y8 udp dpt:5901 to:192.168.0.18

60 3284 DNAT tcp — * * 0.0.0.0/0 200.133.x.y61 tcp dpt:22 to:192.168.0.161

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y61 udp dpt:22 to:192.168.0.161

1242 59636 DNAT tcp — * * 0.0.0.0/0 200.133.x.y61 tcp dpt:3389 to:192.168.0.161

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y61 udp dpt:3389 to:192.168.0.161

17 808 DNAT tcp — * * 0.0.0.0/0 200.133.x.y61 tcp dpt:80 to:192.168.0.161

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y61 udp dpt:80 to:192.168.0.161

12 552 DNAT tcp — * * 0.0.0.0/0 200.133.x.y61 tcp dpt:8080 to:192.168.0.161

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y61 udp dpt:8080 to:192.168.0.161

1 48 DNAT tcp — * * 0.0.0.0/0 200.133.x.y61 tcp dpt:3306 to:192.168.0.161

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y61 udp dpt:3306 to:192.168.0.161

52 2144 DNAT tcp — * * 0.0.0.0/0 200.133.x.y61 tcp dpt:1433 to:192.168.0.161

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y61 udp dpt:1433 to:192.168.0.161

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y61 tcp dpt:1434 to:192.168.0.161

28 11312 DNAT udp — * * 0.0.0.0/0 200.133.x.y61 udp dpt:1434 to:192.168.0.161

478K 25M DNAT tcp — * * 0.0.0.0/0 200.133.x.y1 tcp dpt:80 to:192.168.0.21

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y1 udp dpt:80 to:192.168.0.21

74 3536 DNAT tcp — * * 0.0.0.0/0 200.133.x.y1 tcp dpt:5900 to:192.168.0.21

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y1 udp dpt:5900 to:192.168.0.21

38 2248 DNAT tcp — * * 0.0.0.0/0 200.133.x.y1 tcp dpt:3306 to:192.168.0.21

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y1 udp dpt:3306 to:192.168.0.21

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y1 tcp dpt:443 to:192.168.0.21

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y1 udp dpt:443 to:192.168.0.21

1475 78352 DNAT tcp — * * 0.0.0.0/0 200.133.x.y1 tcp dpt:22 to:192.168.0.21

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y1 udp dpt:22 to:192.168.0.21

12937 765K DNAT tcp — * * 0.0.0.0/0 200.133.x.y02 tcp dpt:22 to:192.168.0.202

38 2168 DNAT tcp — * * 0.0.0.0/0 200.133.x.y02 tcp dpt:80 to:192.168.0.202

2 88 DNAT tcp — * * 0.0.0.0/0 200.133.x.y02 tcp dpt:3306 to:192.168.0.202

14618 774K DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:80 to:192.168.0.162

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:80 to:192.168.0.162

14289 838K DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:22 to:192.168.0.162

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:22 to:192.168.0.162

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:24 to:192.168.0.162

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:24 to:192.168.0.162

42 2128 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:8080 to:192.168.0.162

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:8080 to:192.168.0.162

238 14208 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:3306 to:192.168.0.162

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:3306 to:192.168.0.162

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:443 to:192.168.0.162

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:443 to:192.168.0.162

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:5060 to:192.168.0.162

6 2629 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:5060 to:192.168.0.162

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:4445 to:192.168.0.162

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:4445 to:192.168.0.162

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:4569 to:192.168.0.162

0 0 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpt:4569 to:192.168.0.162

5 224 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpts:10000:20000 to:192.168.0.162

5 364 DNAT udp — * * 0.0.0.0/0 200.133.x.y0 udp dpts:10000:20000 to:192.168.0.162

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:8383 to:192.168.0.167:80

6 291 DNAT udp — * * 0.0.0.0/0 200.133.x.y23 udp dpt:1194 to:192.168.0.171

80996 4431K DNAT tcp — * * 0.0.0.0/0 200.133.x.y1 tcp dpt:80 to:192.168.0.30

0 0 DNAT tcp — * * 0.0.0.0/0 200.133.x.y1 tcp dpt:443 to:192.168.0.30

2376 127K DNAT tcp — * * 0.0.0.0/0 200.133.x.y5 tcp dpt:80 to:192.168.0.25

1 40 DNAT tcp — eth1 * 0.0.0.0/0 200.133.x.y5 tcp dpt:1720 to:192.168.0.65

819 56304 DNAT all — * * 0.0.0.0/0 200.133.x.y5 to:192.168.0.65

10 600 DNAT tcp — * * 200.179.172.132 200.133.x.y0 tcp dpt:1433 to:192.168.0.4

0 0 DNAT udp — * * 200.179.172.132 200.133.x.y0 udp dpt:1433 to:192.168.0.4

0 0 DNAT tcp — * * 200.179.172.132 200.133.x.y0 tcp dpt:1434 to:192.168.0.4

0 0 DNAT udp — * * 200.179.172.132 200.133.x.y0 udp dpt:1434 to:192.168.0.4

19 912 DNAT tcp — * * 201.38.138.122 200.133.x.y0 tcp dpt:3389 to:192.168.0.4

0 0 DNAT tcp — * * 201.38.138.121 200.133.x.y0 tcp dpt:3389 to:192.168.0.4

0 0 DNAT tcp — * * 200.133.7.130 200.133.x.y0 tcp dpt:3389 to:192.168.0.4

0 0 DNAT tcp — * * 200.133.8.6 200.133.x.y0 tcp dpt:3389 to:192.168.0.4

0 0 DNAT tcp — * * 201.38.138.122 200.133.x.y1 tcp dpt:3389 to:192.168.0.30

0 0 DNAT tcp — * * 201.38.138.121 200.133.x.y1 tcp dpt:3389 to:192.168.0.30

0 0 DNAT tcp — * * 201.38.138.122 200.133.x.y2 tcp dpt:3389 to:192.168.0.33

0 0 DNAT tcp — * * 201.38.138.121 200.133.x.y2 tcp dpt:3389 to:192.168.0.33

12970 700K DNAT tcp — * * 0.0.0.0/0 200.133.x.y3 tcp dpt:80 to:192.168.0.163

16 760 DNAT tcp — * * 0.0.0.0/0 200.133.x.y3 tcp dpt:8080 to:192.168.0.163

2586 144K DNAT all — * * 0.0.0.0/0 200.133.x.y3 to:192.168.0.83

1846 105K DNAT all — * * 0.0.0.0/0 200.133.x.y23 to:192.168.0.23

989 59340 DNAT icmp — * * 200.133.0.62 200.133.x.y to:192.168.0.31

0 0 DNAT icmp — * * 200.133.0.62 200.133.x.y to:192.168.0.31

53 2544 DNAT tcp — * * 200.179.172.132 200.133.x.y6 tcp dpt:3389 to:192.168.0.66

39 1920 DNAT tcp — * * 189.22.224.41 200.133.x.y8 tcp dpt:3389 to:192.168.0.68

61 3012 DNAT tcp — * * 200.133.8.6 200.133.x.y9 tcp dpt:3389 to:192.168.0.69

164 7872 DNAT tcp — * * 0.0.0.0/0 200.133.x.y0 tcp dpt:3389 to:192.168.0.70

105 5050 DNAT tcp — * * 200.133.7.130 200.133.x.y1 tcp dpt:3389 to:192.168.0.71

748 50981 DNAT all — * * 0.0.0.0/0 200.133.x.y18 to:192.168.6.218

Chain POSTPORTFW (1 references)

pkts bytes target prot opt in out source destination

Chain PROXIES (1 references)

pkts bytes target prot opt in out source destination

404 21832 RETURN tcp — * * 0.0.0.0/0 200.17.202.1 tcp dpt:80

204 12240 RETURN tcp — * * 0.0.0.0/0 208.100.4.53 tcp dpt:80

5 300 RETURN tcp — * * 0.0.0.0/0 163.178.174.25 tcp dpt:80

42 2172 RETURN tcp — * * 0.0.0.0/0 69.174.57.101 tcp dpt:80

0 0 RETURN tcp — * * 192.168.0.164 0.0.0.0/0 tcp dpt:80

7021 337K RETURN tcp — * * 192.168.0.32 0.0.0.0/0 tcp dpt:80

2129K 106M DNAT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.3.254:3128

0 0 DNAT tcp — ipsec+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.3.254:3128

0 0 DNAT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 PHYSDEV match –physdev-in tap0 to:192.168.3.254:3128

79 4740 DNAT tcp — br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.16.1.1:3128

49 2352 DNAT tcp — br2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.10.0.254:3128

Chain SOURCENAT (1 references)

pkts bytes target prot opt in out source destination

3898K 172M SNAT tcp — * eth1 200.133.x.y 0.0.0.0/0 to:200.133.x.y

2 96 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:53861 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:53861 to:200.133.x.y

7110 346K SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:80 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:80 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:8080 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:8080 to:200.133.x.y

272K 13M SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:443 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:443 to:200.133.x.y

264 15348 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:53 to:200.133.x.y

756K 54M SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:53 to:200.133.x.y

109 5236 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:110 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:110 to:200.133.x.y

1 48 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:993 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:993 to:200.133.x.y

134 7956 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:465 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:465 to:200.133.x.y

6 308 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:3456 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:3456 to:200.133.x.y

5 240 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:587 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:587 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:8999 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:8999 to:200.133.x.y

189 9072 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:23000 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:23000 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:3270 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:3270 to:200.133.x.y

7 336 SNAT tcp — * eth1 192.168.0.0/16 0.0.0.0/0 tcp dpt:3001 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.0.0/16 0.0.0.0/0 udp dpt:3001 to:200.133.x.y

450K 22M SNAT tcp — * eth1 192.168.0.2 0.0.0.0/0 tcp dpt:25 to:200.133.x.y

127 7620 SNAT tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:53 to:200.133.x.y

307K 24M SNAT udp — * eth1 172.16.1.4 0.0.0.0/0 udp dpt:53 to:200.133.x.y

0 0 SNAT tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:25 to:200.133.x.y

0 0 SNAT udp — * eth1 172.16.1.4 0.0.0.0/0 udp dpt:25 to:200.133.x.y

0 0 SNAT tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:80 to:200.133.x.y

0 0 SNAT tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:443 to:200.133.x.y

0 0 SNAT tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

217 10476 SNAT tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

5 300 SNAT tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:22 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:22 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:22 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:24 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:24 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:24 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:2222 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:2222 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:2222 to:200.133.x.y

7 556 SNAT tcp — * eth1 192.168.0.162 0.0.0.0/0 tcp dpt:22 to:200.133.x.y0

0 0 SNAT udp — * eth1 192.168.0.162 0.0.0.0/0 udp dpt:22 to:200.133.x.y0

248 14880 SNAT tcp — * eth1 192.168.0.162 0.0.0.0/0 tcp dpt:3306 to:200.133.x.y0

0 0 SNAT udp — * eth1 192.168.0.162 0.0.0.0/0 udp dpt:3306 to:200.133.x.y0

6 360 SNAT tcp — * eth1 192.168.0.26 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.65 0.0.0.0/0 tcp dpt:1720 to:200.133.x.y5

0 0 SNAT all — * eth1 192.168.0.65 0.0.0.0/0 to:200.133.x.y5

4 192 SNAT all — * eth1 192.168.0.23 0.0.0.0/0 to:200.133.x.y9

0 0 SNAT tcp — * eth1 192.168.0.62 0.0.0.0/0 tcp dpt:25 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.18 0.0.0.0/0 tcp dpt:8080 to:200.133.x.y8

20 960 SNAT tcp — * eth1 192.168.0.16 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.1.118 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.2.73 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.31 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.1.3 0.0.0.0/0 tcp dpt:21 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.2.84 0.0.0.0/0 tcp dpt:3007 to:200.133.x.y

0 0 SNAT all — * eth1 192.168.1.177 0.0.0.0/0 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.21 0.0.0.0/0 tcp dpt:25 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.0.21 0.0.0.0/0 tcp dpt:22 to:200.133.x.y

0 0 SNAT all — * eth1 192.168.8.1 0.0.0.0/0 to:200.133.x.y

0 0 SNAT all — * eth1 192.168.8.2 0.0.0.0/0 to:200.133.x.y

0 0 SNAT all — * eth1 192.168.8.3 0.0.0.0/0 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.1.23 0.0.0.0/0 tcp dpt:22 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.1.23 0.0.0.0/0 udp dpt:22 to:200.133.x.y

0 0 SNAT tcp — * eth1 192.168.1.23 0.0.0.0/0 tcp dpt:3306 to:200.133.x.y

0 0 SNAT udp — * eth1 192.168.1.23 0.0.0.0/0 udp dpt:3306 to:200.133.x.y

0 0 SNAT tcp — * eth1 10.10.0.0/16 0.0.0.0/0 tcp dpt:80 to:200.133.x.y

0 0 SNAT all — * eth1 192.168.5.6 0.0.0.0/0 to:200.133.x.y

50572 3770K SNAT all — * eth1 0.0.0.0/0 0.0.0.0/0 to:200.133.x.y

junho 17, 2010 às 11:48 am em resposta a: Como barrar o tráfego entre redes? #4884

tnol2
Participante

Tabela MANGLE

Chain PREROUTING (policy ACCEPT 572M packets, 410G bytes)

pkts bytes target prot opt in out source destination

888M 650G ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0

572M 410G ROUTING all — * * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 415M packets, 327G bytes)

pkts bytes target prot opt in out source destination

888M 650G ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 155M packets, 83G bytes)

pkts bytes target prot opt in out source destination

6775K 341M TCPMSS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU

8501K 1250M ZONETRAFFIC all — * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match 0x0/0xfff80000

147M 82G MARK all — * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED MARK and 0xfffbffff

Chain OUTPUT (policy ACCEPT 428M packets, 336G bytes)

pkts bytes target prot opt in out source destination

888M 650G ACCEPT all — * lo 0.0.0.0/0 0.0.0.0/0

428M 336G LOCALROUTING all — * * 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 1475M packets, 1071G bytes)

pkts bytes target prot opt in out source destination

1475M 1071G QOS all — * * 0.0.0.0/0 0.0.0.0/0

Chain CHECKIIF (2 references)

pkts bytes target prot opt in out source destination

0 0 MARK all — !eth2 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x800/0x3f800 MARK and 0xfffff807

0 0 MARK all — !eth3 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x1000/0x3f800 MARK and 0xfffff807

0 0 MARK all — !eth0 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x1800/0x3f800 MARK and 0xfffff807

44M 41G MARK all — !eth1 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x2000/0x3f800 MARK and 0xfffff807

44M 41G MARK all — !eth1 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x2000/0x3f800 MARK or 0x7e0

0 0 MARK all — !eth0.4 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x2800/0x3f800 MARK and 0xfffff807

260M 343G MARK all — !br0 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x3000/0x3f800 MARK and 0xfffff807

2206K 437M MARK all — !br1 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x3800/0x3f800 MARK and 0xfffff807

175K 173M MARK all — !br2 * 0.0.0.0/0 0.0.0.0/0 CONNMARK match 0x4000/0x3f800 MARK and 0xfffff807

Chain INCOMINGMARK (1 references)

pkts bytes target prot opt in out source destination

16M 1752M POLICYROUTING all — * * 0.0.0.0/0 0.0.0.0/0

16M 1752M CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore

Chain LOCALMARK (1 references)

pkts bytes target prot opt in out source destination

11M 501M LOCALPOLICYROUTING all — * * 0.0.0.0/0 0.0.0.0/0

11M 501M CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore

Chain LOCALPOLICYROUTING (1 references)

pkts bytes target prot opt in out source destination

311K 20M CONNMARK udp — * * 0.0.0.0/0 192.168.0.1 udp dpt:53 CONNMARK set 0x7e0/0x7f8

311K 20M RETURN udp — * * 0.0.0.0/0 192.168.0.1 udp dpt:53 CONNMARK match !0x0/0x7f8

52 2288 CONNMARK tcp — * * 0.0.0.0/0 192.168.0.1 tcp dpt:53 CONNMARK set 0x7e0/0x7f8

52 2288 RETURN tcp — * * 0.0.0.0/0 192.168.0.1 tcp dpt:53 CONNMARK match !0x0/0x7f8

396K 26M CONNMARK udp — * * 0.0.0.0/0 172.16.1.4 udp dpt:53 CONNMARK set 0x7e0/0x7f8

396K 26M RETURN udp — * * 0.0.0.0/0 172.16.1.4 udp dpt:53 CONNMARK match !0x0/0x7f8

75 3300 CONNMARK tcp — * * 0.0.0.0/0 172.16.1.4 tcp dpt:53 CONNMARK set 0x7e0/0x7f8

75 3300 RETURN tcp — * * 0.0.0.0/0 172.16.1.4 tcp dpt:53 CONNMARK match !0x0/0x7f8

Chain LOCALROUTING (1 references)

pkts bytes target prot opt in out source destination

0 0 RETURN all — lo * 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — * lo 0.0.0.0/0 0.0.0.0/0

223M 314G CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 state INVALID,RELATED,ESTABLISHED,UNTRACKED CONNMARK match !0x0 CONNMARK restore

223M 314G CHECKIIF all — * * 0.0.0.0/0 0.0.0.0/0 state INVALID,RELATED,ESTABLISHED,UNTRACKED CONNMARK match !0x0

11M 501M MARKIIF all — * * 0.0.0.0/0 0.0.0.0/0 state NEW

11M 501M LOCALMARK all — * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain MARKIIF (2 references)

pkts bytes target prot opt in out source destination

0 0 CONNMARK all — eth2 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x800/0x3f800

0 0 CONNMARK all — eth3 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x1000/0x3f800

0 0 CONNMARK all — eth0 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x1800/0x3f800

2299K 144M CONNMARK all — eth1 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x2000/0x3f800

0 0 CONNMARK all — eth0.4 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x2800/0x3f800

12M 1519M CONNMARK all — br0 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x3000/0x3f800

1027K 84M CONNMARK all — br1 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x3800/0x3f800

14029 4359K CONNMARK all — br2 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x4000/0x3f800

Chain POLICYROUTING (1 references)

pkts bytes target prot opt in out source destination

31332 2262K CONNMARK udp — * * 0.0.0.0/0 192.168.0.1 udp dpt:53 CONNMARK set 0x7e0/0x7f8

31332 2262K RETURN udp — * * 0.0.0.0/0 192.168.0.1 udp dpt:53 CONNMARK match !0x0/0x7f8

0 0 CONNMARK tcp — * * 0.0.0.0/0 192.168.0.1 tcp dpt:53 CONNMARK set 0x7e0/0x7f8

0 0 RETURN tcp — * * 0.0.0.0/0 192.168.0.1 tcp dpt:53 CONNMARK match !0x0/0x7f8

76 5041 CONNMARK udp — * * 0.0.0.0/0 172.16.1.4 udp dpt:53 CONNMARK set 0x7e0/0x7f8

76 5041 RETURN udp — * * 0.0.0.0/0 172.16.1.4 udp dpt:53 CONNMARK match !0x0/0x7f8

0 0 CONNMARK tcp — * * 0.0.0.0/0 172.16.1.4 tcp dpt:53 CONNMARK set 0x7e0/0x7f8

0 0 RETURN tcp — * * 0.0.0.0/0 172.16.1.4 tcp dpt:53 CONNMARK match !0x0/0x7f8

Chain QOS (1 references)

pkts bytes target prot opt in out source destination

299M 351G QOS_BR0 all — * br0 0.0.0.0/0 0.0.0.0/0

Chain QOS_BR0 (1 references)

pkts bytes target prot opt in out source destination

12029 3461K CLASSIFY all — * br0 0.0.0.0/0 192.168.0.171 CLASSIFY set 2:3

Chain ROUTING (1 references)

pkts bytes target prot opt in out source destination

0 0 RETURN all — lo * 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — * lo 0.0.0.0/0 0.0.0.0/0

306M 106G CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 state INVALID,RELATED,ESTABLISHED,UNTRACKED CONNMARK match !0x0 CONNMARK restore

306M 106G CHECKIIF all — * * 0.0.0.0/0 0.0.0.0/0 state INVALID,RELATED,ESTABLISHED,UNTRACKED CONNMARK match !0x0

16M 1752M MARKIIF all — * * 0.0.0.0/0 0.0.0.0/0 state NEW

16M 1752M INCOMINGMARK all — * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain VPNFWDST (3 references)

pkts bytes target prot opt in out source destination

Chain ZONEFW (9 references)

pkts bytes target prot opt in out source destination

28598 35M ACCEPT all — br0 br0 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT tcp — br0 br1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

2 182 ACCEPT udp — br0 br1 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 ACCEPT all — br2 br2 0.0.0.0/0 0.0.0.0/0

481 28860 ACCEPT all — br1 br1 0.0.0.0/0 0.0.0.0/0

4061 244K ACCEPT tcp — * * 172.16.1.4 192.168.0.2 tcp dpt:25

0 0 ACCEPT icmp — * br0 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — * br0 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

0 0 ACCEPT icmp — * br2 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — * br2 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

2173 183K ACCEPT icmp — * br1 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — * br1 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

0 0 ACCEPT all — br0 * 0.0.0.0/0 172.16.1.3

0 0 ACCEPT tcp — br2 br0 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

0 0 ACCEPT udp — br2 br0 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 ACCEPT tcp — br0 br2 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

5 318 ACCEPT udp — br0 br2 0.0.0.0/0 0.0.0.0/0 udp dpt:53

Chain ZONETRAFFIC (1 references)

pkts bytes target prot opt in out source destination

971K 781M VPNFWDST all — br0 br0 0.0.0.0/0 0.0.0.0/0

134K 8799K VPNFWDST all — br1 br0 0.0.0.0/0 0.0.0.0/0

54 3324 VPNFWDST all — br2 br0 0.0.0.0/0 0.0.0.0/0

971K 781M ZONEFW all — br0 br0 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — br0 br0 0.0.0.0/0 0.0.0.0/0

104K 9622K ZONEFW all — br0 br2 0.0.0.0/0 0.0.0.0/0

104K 9620K RETURN all — br0 br2 0.0.0.0/0 0.0.0.0/0

32327 2714K ZONEFW all — br0 br1 0.0.0.0/0 0.0.0.0/0

2 96 RETURN all — br0 br1 0.0.0.0/0 0.0.0.0/0

54 3324 ZONEFW all — br2 br0 0.0.0.0/0 0.0.0.0/0

29 1836 RETURN all — br2 br0 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW all — br2 br2 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — br2 br2 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW all — br2 br1 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — br2 br1 0.0.0.0/0 0.0.0.0/0

134K 8799K ZONEFW all — br1 br0 0.0.0.0/0 0.0.0.0/0

62543 4516K RETURN all — br1 br0 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW all — br1 br2 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — br1 br2 0.0.0.0/0 0.0.0.0/0

7836 470K ZONEFW all — br1 br1 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — br1 br1 0.0.0.0/0 0.0.0.0/0

junho 17, 2010 às 11:44 am em resposta a: Como barrar o tráfego entre redes? #4883

tnol2
Participante

Tabela FILTER

Chain ALLOW (196 references)

pkts bytes target prot opt in out source destination

1449M 1059G ALLOW_HOOKS all — * * 0.0.0.0/0 0.0.0.0/0

888M 650G ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0

Chain ALLOW_HOOKS (1 references)

pkts bytes target prot opt in out source destination

2610K 1996M SNORT all — * * 0.0.0.0/0 0.0.0.0/0

Chain BADTCP (2 references)

pkts bytes target prot opt in out source destination

0 0 BADTCP_LOGDROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29

0 0 BADTCP_LOGDROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00

25 1048 BADTCP_LOGDROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01

17 18566 BADTCP_LOGDROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06

0 0 BADTCP_LOGDROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03

82 3688 BADTCP_LOGDROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0

3 1427 BADTCP_LOGDROP udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:0

20 920 BADTCP_LOGDROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:0

134 12615 BADTCP_LOGDROP udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:0

Chain BADTCP_LOGDROP (9 references)

pkts bytes target prot opt in out source destination

281 38264 DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain CUSTOMFORWARD (1 references)

pkts bytes target prot opt in out source destination

Chain CUSTOMINPUT (1 references)

pkts bytes target prot opt in out source destination

Chain CUSTOMOUTPUT (1 references)

pkts bytes target prot opt in out source destination

Chain HAFORWARD (1 references)

pkts bytes target prot opt in out source destination

Chain ICMP_LOGDROP (2 references)

pkts bytes target prot opt in out source destination

536K 38M RETURN icmp — * * 0.0.0.0/0 0.0.0.0/0 icmp type 8

0 0 RETURN icmp — * * 0.0.0.0/0 0.0.0.0/0 icmp type 30

7388 531K DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain INCOMINGFW (1 references)

pkts bytes target prot opt in out source destination

0 0 ALLOW icmp — eth1 * 200.133.x.y 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ALLOW icmp — eth1 * 200.133.x.y 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

Chain INPUT (policy DROP 1710K packets, 116M bytes)

pkts bytes target prot opt in out source destination

1303M 977G ipac~o all — * * 0.0.0.0/0 0.0.0.0/0

1303M 977G REDINPUT all — * * 0.0.0.0/0 0.0.0.0/0

1303M 977G BADTCP all — * * 0.0.0.0/0 0.0.0.0/0

42311 30M NEWNOTSYN_LOGDROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW

4392K 201M tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 10/sec burst 5

1303M 977G CUSTOMINPUT all — * * 0.0.0.0/0 0.0.0.0/0

1275M 975G ALLOW all — * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

277K 17M ICMP_LOGDROP icmp — * * 0.0.0.0/0 0.0.0.0/0

20M 885M ALLOW all — lo * 0.0.0.0/0 0.0.0.0/0 state NEW

0 0 DROP all — * * 127.0.0.0/8 0.0.0.0/0 state NEW

0 0 DROP all — * * 0.0.0.0/0 127.0.0.0/8 state NEW

6820K 457M INPUTTRAFFIC all — * * 0.0.0.0/0 0.0.0.0/0 state NEW

1710K 116M LOG_INPUT all — * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 1133K packets, 72M bytes)

pkts bytes target prot opt in out source destination

156M 84G ipac~fi all — * * 0.0.0.0/0 0.0.0.0/0

156M 84G ipac~fo all — * * 0.0.0.0/0 0.0.0.0/0

156M 84G OPENVPNCLIENTDHCP all — * * 0.0.0.0/0 0.0.0.0/0

156M 84G OPENVPNDHCP all — * * 0.0.0.0/0 0.0.0.0/0

156M 84G BADTCP all — * * 0.0.0.0/0 0.0.0.0/0

156M 84G CUSTOMFORWARD all — * * 0.0.0.0/0 0.0.0.0/0

147M 82G ALLOW all — * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

267K 21M ICMP_LOGDROP icmp — * * 0.0.0.0/0 0.0.0.0/0

0 0 ALLOW all — lo * 0.0.0.0/0 0.0.0.0/0 state NEW

0 0 DROP all — * * 127.0.0.0/8 0.0.0.0/0 state NEW

0 0 DROP all — * * 0.0.0.0/0 127.0.0.0/8 state NEW

9420K 1329M HAFORWARD all — * * 0.0.0.0/0 0.0.0.0/0

8500K 1250M PORTFWACCESS all — * * 0.0.0.0/0 0.0.0.0/0 state NEW

7746K 1233M VPNTRAFFIC all — * * 0.0.0.0/0 0.0.0.0/0

6826K 1154M OUTGOINGFW all — * * 0.0.0.0/0 0.0.0.0/0 state NEW

2040K 856M INCOMINGFW all — * * 0.0.0.0/0 0.0.0.0/0 state NEW

2960K 935M ZONETRAFFIC all — * * 0.0.0.0/0 0.0.0.0/0

1133K 72M LOG_FORWARD all — * * 0.0.0.0/0 0.0.0.0/0

Chain INPUTFW (7 references)

pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

0 0 ACCEPT tcp — br2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

0 0 ACCEPT tcp — br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

4628 222K ACCEPT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10443

0 0 ACCEPT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3001

0 0 ACCEPT tcp — br2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3001

0 0 ACCEPT tcp — br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3001

60480 3645K ACCEPT icmp — br0 * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — br0 * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

0 0 ACCEPT icmp — br2 * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — br2 * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

0 0 ACCEPT icmp — br1 * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — br1 * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

0 0 ACCEPT icmp — ipsec+ * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — ipsec+ * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

0 0 ACCEPT icmp — * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8 PHYSDEV match –physdev-in tap0

0 0 ACCEPT icmp — * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30 PHYSDEV match –physdev-in tap0

0 0 ACCEPT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

0 0 ACCEPT udp — br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 ACCEPT tcp — br2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

0 0 ACCEPT udp — br2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 ACCEPT tcp — br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

0 0 ACCEPT udp — br1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 ACCEPT tcp — ipsec+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

0 0 ACCEPT udp — ipsec+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 PHYSDEV match –physdev-in tap0

0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 PHYSDEV match –physdev-in tap0

2 96 ACCEPT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

0 0 ACCEPT udp — br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123

0 0 ACCEPT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123

0 0 ACCEPT udp — br2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123

0 0 ACCEPT tcp — br2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123

0 0 ACCEPT udp — br1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123

0 0 ACCEPT tcp — br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123

0 0 ACCEPT udp — ipsec+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:123

0 0 ACCEPT tcp — ipsec+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123

0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 PHYSDEV match –physdev-in tap0

0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123 PHYSDEV match –physdev-in tap0

152 8532 ACCEPT tcp — br2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128

244 14640 ACCEPT tcp — br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128

4637K 229M ACCEPT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128

0 0 ACCEPT tcp — ipsec+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128

0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128 PHYSDEV match –physdev-in tap0

Chain INPUTFW_LOGDROP (6 references)

pkts bytes target prot opt in out source destination

1427K 177M DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain INPUTTRAFFIC (1 references)

pkts bytes target prot opt in out source destination

0 0 INPUTFW all — ipsec+ * 0.0.0.0/0 0.0.0.0/0

0 0 INPUTFW_LOGDROP all — ipsec+ * 0.0.0.0/0 0.0.0.0/0

0 0 INPUTFW all — tap+ * 0.0.0.0/0 0.0.0.0/0

0 0 INPUTFW_LOGDROP all — tap+ * 0.0.0.0/0 0.0.0.0/0

0 0 INPUTFW all — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in tap+

0 0 INPUTFW_LOGDROP all — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in tap+

0 0 REJECT tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable

6114K 406M INPUTFW all — br0 * 0.0.0.0/0 0.0.0.0/0

1411K 172M INPUTFW_LOGDROP all — br0 * 0.0.0.0/0 0.0.0.0/0

0 0 REJECT tcp — br2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable

13720 4339K INPUTFW all — br2 * 0.0.0.0/0 0.0.0.0/0

13568 4330K INPUTFW_LOGDROP all — br2 * 0.0.0.0/0 0.0.0.0/0

0 0 REJECT tcp — br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable

2685 560K INPUTFW all — br1 * 0.0.0.0/0 0.0.0.0/0

2441 545K INPUTFW_LOGDROP all — br1 * 0.0.0.0/0 0.0.0.0/0

690K 46M INPUTFW all — * * 0.0.0.0/0 0.0.0.0/0

Chain LOG_FORWARD (1 references)

pkts bytes target prot opt in out source destination

Chain LOG_INPUT (1 references)

pkts bytes target prot opt in out source destination

Chain NEWNOTSYN (0 references)

pkts bytes target prot opt in out source destination

0 0 RETURN all — br0 br0 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — br2 br2 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — br1 br1 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — tap+ * 0.0.0.0/0 0.0.0.0/0

0 0 RETURN all — * tap+ 0.0.0.0/0 0.0.0.0/0

0 0 NEWNOTSYN_LOGDROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain NEWNOTSYN_LOGDROP (2 references)

pkts bytes target prot opt in out source destination

42311 30M DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain OPENVPNCLIENTDHCP (1 references)

pkts bytes target prot opt in out source destination

Chain OPENVPNDHCP (1 references)

pkts bytes target prot opt in out source destination

Chain OUTGOINGFW (1 references)

pkts bytes target prot opt in out source destination

57 3240 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 nflog-prefix “OUTGOINGFW:ALLOW:1”

57 3240 ALLOW tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

27932 1357K NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 nflog-prefix “OUTGOINGFW:ALLOW:2”

27932 1357K ALLOW tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

90318 4341K NFLOG tcp — * eth1 192.168.0.2 0.0.0.0/0 tcp dpt:25 nflog-prefix “OUTGOINGFW:ALLOW:4”

90318 4341K ALLOW tcp — * eth1 192.168.0.2 0.0.0.0/0 tcp dpt:25

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 nflog-prefix “OUTGOINGFW:ALLOW:6”

0 0 ALLOW tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:110

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 nflog-prefix “OUTGOINGFW:ALLOW:8”

0 0 ALLOW tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:995

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 nflog-prefix “OUTGOINGFW:ALLOW:8”

0 0 ALLOW tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:587

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 nflog-prefix “OUTGOINGFW:ALLOW:9”

0 0 ALLOW tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:993

28 1680 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 nflog-prefix “OUTGOINGFW:ALLOW:9”

28 1680 ALLOW tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:465

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:8999 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:8999

0 0 NFLOG udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:8999 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:8999

14 672 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:23000 nflog-prefix “OUTGOINGFW:ACCEPT:10”

14 672 ACCEPT tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:23000

0 0 NFLOG udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:23000 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:23000

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:3270 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:3270

0 0 NFLOG udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:3270 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:3270

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:3001 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:3001

0 0 NFLOG udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:3001 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:3001

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:3456 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:3456

0 0 NFLOG udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:3456 nflog-prefix “OUTGOINGFW:ACCEPT:10”

0 0 ACCEPT udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:3456

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53861 nflog-prefix “OUTGOINGFW:ACCEPT:11”

0 0 ACCEPT tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53861

0 0 NFLOG udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:53861 nflog-prefix “OUTGOINGFW:ACCEPT:11”

0 0 ACCEPT udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:53861

10789 902K NFLOG icmp — br0 eth1 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8 nflog-prefix “OUTGOINGFW:ALLOW:12”

10692 894K ALLOW icmp — br0 eth1 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 NFLOG icmp — br0 eth1 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30 nflog-prefix “OUTGOINGFW:ALLOW:12”

0 0 ALLOW icmp — br0 eth1 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

47 2748 NFLOG tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 nflog-prefix “OUTGOINGFW:ALLOW:13”

47 2748 ALLOW tcp — br0 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

98782 7052K NFLOG udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:53 nflog-prefix “OUTGOINGFW:ALLOW:13”

98782 7052K ALLOW udp — br0 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:53

10 600 NFLOG tcp — br1 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 nflog-prefix “OUTGOINGFW:ALLOW:13”

10 600 ALLOW tcp — br1 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

45247 3527K NFLOG udp — br1 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:53 nflog-prefix “OUTGOINGFW:ALLOW:13”

45247 3527K ALLOW udp — br1 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 NFLOG tcp — br2 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 nflog-prefix “OUTGOINGFW:ALLOW:13”

0 0 ALLOW tcp — br2 eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

0 0 NFLOG udp — br2 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:53 nflog-prefix “OUTGOINGFW:ALLOW:13”

0 0 ALLOW udp — br2 eth1 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 NFLOG tcp — * eth1 192.168.1.164 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.1.164 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:21

24 1152 NFLOG tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:14”

24 1152 ALLOW tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.1.164 0.0.0.0/0 tcp dpt:22 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.1.164 0.0.0.0/0 tcp dpt:22

0 0 NFLOG tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:22 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:22

0 0 NFLOG tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:22 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:22

0 0 NFLOG tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:22 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:22

0 0 NFLOG tcp — * eth1 192.168.1.164 0.0.0.0/0 tcp dpt:24 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.1.164 0.0.0.0/0 tcp dpt:24

0 0 NFLOG tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:24 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:24

0 0 NFLOG tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:24 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:24

0 0 NFLOG tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:24 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:24

0 0 NFLOG tcp — * eth1 192.168.1.164 0.0.0.0/0 tcp dpt:222 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.1.164 0.0.0.0/0 tcp dpt:222

0 0 NFLOG tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:222 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.1.158 0.0.0.0/0 tcp dpt:222

0 0 NFLOG tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:222 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.0.160 0.0.0.0/0 tcp dpt:222

0 0 NFLOG tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:222 nflog-prefix “OUTGOINGFW:ALLOW:14”

0 0 ALLOW tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:222

0 0 NFLOG tcp — * eth1 192.168.0.162 189.22.224.36 tcp dpt:22 nflog-prefix “OUTGOINGFW:ACCEPT:15”

0 0 ACCEPT tcp — * eth1 192.168.0.162 189.22.224.36 tcp dpt:22

0 0 NFLOG udp — * eth1 192.168.0.162 189.22.224.36 udp dpt:22 nflog-prefix “OUTGOINGFW:ACCEPT:15”

0 0 ACCEPT udp — * eth1 192.168.0.162 189.22.224.36 udp dpt:22

0 0 NFLOG tcp — * eth1 192.168.0.83 189.22.224.36 tcp dpt:22 nflog-prefix “OUTGOINGFW:ACCEPT:15”

0 0 ACCEPT tcp — * eth1 192.168.0.83 189.22.224.36 tcp dpt:22

0 0 NFLOG udp — * eth1 192.168.0.83 189.22.224.36 udp dpt:22 nflog-prefix “OUTGOINGFW:ACCEPT:15”

0 0 ACCEPT udp — * eth1 192.168.0.83 189.22.224.36 udp dpt:22

33 1980 NFLOG tcp — * eth1 192.168.0.162 189.22.224.36 tcp dpt:3306 nflog-prefix “OUTGOINGFW:ACCEPT:15”

33 1980 ACCEPT tcp — * eth1 192.168.0.162 189.22.224.36 tcp dpt:3306

0 0 NFLOG udp — * eth1 192.168.0.162 189.22.224.36 udp dpt:3306 nflog-prefix “OUTGOINGFW:ACCEPT:15”

0 0 ACCEPT udp — * eth1 192.168.0.162 189.22.224.36 udp dpt:3306

0 0 NFLOG tcp — * eth1 192.168.0.83 189.22.224.36 tcp dpt:3306 nflog-prefix “OUTGOINGFW:ACCEPT:15”

0 0 ACCEPT tcp — * eth1 192.168.0.83 189.22.224.36 tcp dpt:3306

0 0 NFLOG udp — * eth1 192.168.0.83 189.22.224.36 udp dpt:3306 nflog-prefix “OUTGOINGFW:ACCEPT:15”

0 0 ACCEPT udp — * eth1 192.168.0.83 189.22.224.36 udp dpt:3306

0 0 NFLOG tcp — * eth1 192.168.0.65 0.0.0.0/0 tcp dpt:1720 nflog-prefix “OUTGOINGFW:ACCEPT:16”

0 0 ACCEPT tcp — * eth1 192.168.0.65 0.0.0.0/0 tcp dpt:1720

0 0 NFLOG all — * eth1 192.168.0.23 0.0.0.0/0 nflog-prefix “OUTGOINGFW:ALLOW:17”

0 0 ALLOW all — * eth1 192.168.0.23 0.0.0.0/0

0 0 NFLOG all — * eth1 192.168.0.65 0.0.0.0/0 nflog-prefix “OUTGOINGFW:ACCEPT:18”

0 0 ACCEPT all — * eth1 192.168.0.65 0.0.0.0/0

0 0 NFLOG tcp — * eth1 192.168.0.62 0.0.0.0/0 tcp dpt:25 nflog-prefix “OUTGOINGFW:ALLOW:19”

0 0 ALLOW tcp — * eth1 192.168.0.62 0.0.0.0/0 tcp dpt:25

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 200.20.215.194 tcp dpt:8080 nflog-prefix “OUTGOINGFW:ALLOW:20”

0 0 ALLOW tcp — br0 eth1 0.0.0.0/0 200.20.215.194 tcp dpt:8080

0 0 NFLOG tcp — * eth1 192.168.0.18 200.129.168.18 tcp dpt:8080 nflog-prefix “OUTGOINGFW:ALLOW:21”

0 0 ALLOW tcp — * eth1 192.168.0.18 200.129.168.18 tcp dpt:8080

0 0 NFLOG tcp — * eth1 192.168.0.18 200.249.188.55 tcp dpt:8080 nflog-prefix “OUTGOINGFW:ALLOW:21”

0 0 ALLOW tcp — * eth1 192.168.0.18 200.249.188.55 tcp dpt:8080

0 0 NFLOG tcp — * eth1 192.168.0.18 200.137.128.16 tcp dpt:8080 nflog-prefix “OUTGOINGFW:ALLOW:21”

0 0 ALLOW tcp — * eth1 192.168.0.18 200.137.128.16 tcp dpt:8080

0 0 NFLOG tcp — * eth1 192.168.0.18 200.137.2.123 tcp dpt:8080 nflog-prefix “OUTGOINGFW:ALLOW:21”

0 0 ALLOW tcp — * eth1 192.168.0.18 200.137.2.123 tcp dpt:8080

0 0 NFLOG tcp — * eth1 192.168.0.16 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:22”

0 0 ALLOW tcp — * eth1 192.168.0.16 0.0.0.0/0 tcp dpt:21

1 60 NFLOG tcp — * eth1 192.168.0.26 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ACCEPT:23”

1 60 ACCEPT tcp — * eth1 192.168.0.26 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:5223 nflog-prefix “OUTGOINGFW:ACCEPT:24”

0 0 ACCEPT tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:5223

0 0 NFLOG udp — * eth1 192.168.0.83 0.0.0.0/0 udp dpt:5223 nflog-prefix “OUTGOINGFW:ACCEPT:24”

0 0 ACCEPT udp — * eth1 192.168.0.83 0.0.0.0/0 udp dpt:5223

0 0 NFLOG tcp — * eth1 192.168.1.118 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:25”

0 0 ALLOW tcp — * eth1 192.168.1.118 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.2.73 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:25”

0 0 ALLOW tcp — * eth1 192.168.2.73 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.0.31 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:25”

0 0 ALLOW tcp — * eth1 192.168.0.31 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:25”

0 0 ALLOW tcp — * eth1 192.168.0.83 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.1.3 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ALLOW:25”

0 0 ALLOW tcp — * eth1 192.168.1.3 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:80 nflog-prefix “OUTGOINGFW:ACCEPT:26”

0 0 ACCEPT tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:80

0 0 NFLOG tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:443 nflog-prefix “OUTGOINGFW:ACCEPT:26”

0 0 ACCEPT tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:443

0 0 NFLOG tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:21 nflog-prefix “OUTGOINGFW:ACCEPT:26”

0 0 ACCEPT tcp — * eth1 172.16.1.4 0.0.0.0/0 tcp dpt:21

0 0 NFLOG tcp — * eth1 192.168.0.180 0.0.0.0/0 tcp dpt:8000 nflog-prefix “OUTGOINGFW:ALLOW:27”

0 0 ALLOW tcp — * eth1 192.168.0.180 0.0.0.0/0 tcp dpt:8000

0 0 NFLOG tcp — * eth1 192.168.2.84 0.0.0.0/0 tcp dpt:3007 nflog-prefix “OUTGOINGFW:ALLOW:28”

0 0 ALLOW tcp — * eth1 192.168.2.84 0.0.0.0/0 tcp dpt:3007

0 0 NFLOG all — * eth1 192.168.1.177 0.0.0.0/0 nflog-prefix “OUTGOINGFW:ALLOW:30”

0 0 ALLOW all — * eth1 192.168.1.177 0.0.0.0/0

0 0 NFLOG tcp — * eth1 192.168.0.21 0.0.0.0/0 tcp dpt:25 nflog-prefix “OUTGOINGFW:ALLOW:31”

0 0 ALLOW tcp — * eth1 192.168.0.21 0.0.0.0/0 tcp dpt:25

0 0 NFLOG tcp — * eth1 192.168.0.21 0.0.0.0/0 tcp dpt:22 nflog-prefix “OUTGOINGFW:ALLOW:31”

0 0 ALLOW tcp — * eth1 192.168.0.21 0.0.0.0/0 tcp dpt:22

0 0 NFLOG tcp — br0 eth1 0.0.0.0/0 200.129.244.14 tcp dpt:8080 nflog-prefix “OUTGOINGFW:ALLOW:32”

0 0 ALLOW tcp — br0 eth1 0.0.0.0/0 200.129.244.14 tcp dpt:8080

0 0 NFLOG all — * eth1 192.168.8.1 200.179.172.186 nflog-prefix “OUTGOINGFW:ALLOW:33”

0 0 ALLOW all — * eth1 192.168.8.1 200.179.172.186

0 0 NFLOG all — * eth1 192.168.8.2 200.179.172.186 nflog-prefix “OUTGOINGFW:ALLOW:33”

0 0 ALLOW all — * eth1 192.168.8.2 200.179.172.186

0 0 NFLOG all — * eth1 192.168.8.3 200.179.172.186 nflog-prefix “OUTGOINGFW:ALLOW:33”

0 0 ALLOW all — * eth1 192.168.8.3 200.179.172.186

0 0 NFLOG all — br0 eth1 0.0.0.0/0 200.17.137.40 nflog-prefix “OUTGOINGFW:ACCEPT:34”

0 0 ACCEPT all — br0 eth1 0.0.0.0/0 200.17.137.40

0 0 NFLOG tcp — * eth1 192.168.1.23 0.0.0.0/0 tcp dpt:22 nflog-prefix “OUTGOINGFW:ACCEPT:35”

0 0 ACCEPT tcp — * eth1 192.168.1.23 0.0.0.0/0 tcp dpt:22

0 0 NFLOG udp — * eth1 192.168.1.23 0.0.0.0/0 udp dpt:22 nflog-prefix “OUTGOINGFW:ACCEPT:35”

0 0 ACCEPT udp — * eth1 192.168.1.23 0.0.0.0/0 udp dpt:22

0 0 NFLOG tcp — * eth1 192.168.1.23 0.0.0.0/0 tcp dpt:3306 nflog-prefix “OUTGOINGFW:ACCEPT:35”

0 0 ACCEPT tcp — * eth1 192.168.1.23 0.0.0.0/0 tcp dpt:3306

0 0 NFLOG udp — * eth1 192.168.1.23 0.0.0.0/0 udp dpt:3306 nflog-prefix “OUTGOINGFW:ACCEPT:35”

0 0 ACCEPT udp — * eth1 192.168.1.23 0.0.0.0/0 udp dpt:3306

0 0 NFLOG all — * eth1 192.168.5.6 0.0.0.0/0 nflog-prefix “OUTGOINGFW:ALLOW:36”

0 0 ALLOW all — * eth1 192.168.5.6 0.0.0.0/0

41 2528 NFLOG icmp — * eth1 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8 nflog-prefix “OUTGOINGFW:ACCEPT:37”

41 2528 ACCEPT icmp — * eth1 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 NFLOG icmp — * eth1 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30 nflog-prefix “OUTGOINGFW:ACCEPT:37”

0 0 ACCEPT icmp — * eth1 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

Chain OUTPUT (policy ACCEPT 1316M packets, 986G bytes)

pkts bytes target prot opt in out source destination

1316M 986G ipac~i all — * * 0.0.0.0/0 0.0.0.0/0

1316M 986G CUSTOMOUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

Chain PORTFWACCESS (1 references)

pkts bytes target prot opt in out source destination

169K 8964K ALLOW tcp — * * 0.0.0.0/0 192.168.1.23

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.1.23

0 0 ALLOW tcp — * * 189.22.x.y 192.168.1.23

0 0 ALLOW tcp — * * 189.22.x.y 192.168.1.23

0 0 ALLOW tcp — * * 189.22.x.y 192.168.1.23

180K 9526K ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

95941 4888K ALLOW tcp — * * 0.0.0.0/0 172.16.1.4

280K 20M ALLOW udp — * * 0.0.0.0/0 172.16.1.4

0 0 ALLOW tcp — * * 0.0.0.0/0 172.16.1.4

0 0 ALLOW udp — * * 0.0.0.0/0 172.16.1.4

467 38239 ACCEPT 47 — * * 0.0.0.0/0 192.168.0.80

1757 108K ACCEPT tcp — * * 0.0.0.0/0 192.168.0.80

0 0 ACCEPT udp — * * 0.0.0.0/0 192.168.0.80

61720 3702K ALLOW tcp — * * 0.0.0.0/0 192.168.0.2

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.2

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.2

6505 355K ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.160

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.160

19231 1109K ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.18

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.18

1432 69260 ALLOW tcp — * * 0.0.0.0/0 192.168.0.161

28 11312 ALLOW udp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.161

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.161

480K 25M ALLOW tcp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.21

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.21

12984 768K ALLOW tcp — * * 0.0.0.0/0 192.168.0.202

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.202

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.202

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

12 3085 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW udp — * * 0.0.0.0/0 192.168.0.162

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.167 tcp dpt:80

17 2062 ACCEPT udp — * * 0.0.0.0/0 192.168.0.171

80927 4429K ALLOW tcp — * * 0.0.0.0/0 192.168.0.30

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.30

2374 127K ALLOW tcp — * * 0.0.0.0/0 192.168.0.25

764 37784 ACCEPT tcp — eth1 * 0.0.0.0/0 192.168.0.65

373 35566 ACCEPT all — * * 0.0.0.0/0 192.168.0.65

10 600 ALLOW tcp — * * 200.179.x.y 192.168.0.4

0 0 ALLOW udp — * * 200.179.x.y 192.168.0.4

0 0 ALLOW tcp — * * 200.179.x.y 192.168.0.4

0 0 ALLOW udp — * * 200.179.x.y 192.168.0.4

19 912 ALLOW tcp — * * 201.38.x.y 192.168.0.4

0 0 ALLOW tcp — * * 201.38.x.y 192.168.0.4

0 0 ALLOW tcp — * * 200.133.x.y 192.168.0.4

0 0 ALLOW tcp — * * 200.133.x.y 192.168.0.4

0 0 ALLOW tcp — * * 201.38.x.y 192.168.0.30

0 0 ALLOW tcp — * * 201.38.x.y 192.168.0.30

0 0 ALLOW tcp — * * 201.38.x.y 192.168.0.33

0 0 ALLOW tcp — * * 201.38.x.y 192.168.0.33

12985 701K ALLOW tcp — * * 0.0.0.0/0 192.168.0.163

0 0 ALLOW tcp — * * 0.0.0.0/0 192.168.0.163

2662 148K ALLOW all — * * 0.0.0.0/0 192.168.0.83

2099 119K ALLOW all — * * 0.0.0.0/0 192.168.0.23

989 59340 ALLOW icmp — * * 200.133.x.y 192.168.0.31

0 0 ALLOW icmp — * * 200.133.x.y 192.168.0.31

53 2544 ALLOW tcp — * * 200.179.x.y 192.168.0.66

39 1920 ALLOW tcp — * * 189.22.x.y 192.168.0.68

61 3012 ALLOW tcp — * * 200.133.x.y 192.168.0.69

164 7876 ALLOW tcp — * * 0.0.0.0/0 192.168.0.70

107 5146 ALLOW tcp — * * 200.133.x.y 192.168.0.71

1072 68208 ACCEPT all — * * 0.0.0.0/0 192.168.6.218

Chain REDINPUT (1 references)

pkts bytes target prot opt in out source destination

Chain SNORT (1 references)

pkts bytes target prot opt in out source destination

258 16600 RETURN tcp — br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

0 0 RETURN tcp — * * 80.190.199.132 0.0.0.0/0 tcp spt:8991

0 0 RETURN tcp — * * 80.190.199.132 0.0.0.0/0 tcp spt:443

0 0 RETURN tcp — * * 80.190.199.132 0.0.0.0/0 tcp spt:22

0 0 RETURN tcp — * * 80.190.199.131 0.0.0.0/0 tcp spt:8991

0 0 RETURN tcp — * * 80.190.199.131 0.0.0.0/0 tcp spt:443

0 0 RETURN tcp — * * 80.190.199.131 0.0.0.0/0 tcp spt:22

0 0 RETURN tcp — * * 80.190.199.133 0.0.0.0/0 tcp spt:8991

0 0 RETURN tcp — * * 80.190.199.133 0.0.0.0/0 tcp spt:443

0 0 RETURN tcp — * * 80.190.199.133 0.0.0.0/0 tcp spt:22

1713K 1291M RETURN all — lo * 0.0.0.0/0 0.0.0.0/0

897K 705M QUEUE all — * * 0.0.0.0/0 0.0.0.0/0

Chain VPNFW (6 references)

pkts bytes target prot opt in out source destination

0 0 ALLOW all — * * 0.0.0.0/0 0.0.0.0/0

Chain VPNFWDST (2 references)

pkts bytes target prot opt in out source destination

Chain VPNFW_LOGDROP (6 references)

pkts bytes target prot opt in out source destination

0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain VPNTRAFFIC (1 references)

pkts bytes target prot opt in out source destination

0 0 VPNFW all — * ipsec+ 0.0.0.0/0 0.0.0.0/0

0 0 VPNFW_LOGDROP all — * ipsec+ 0.0.0.0/0 0.0.0.0/0

0 0 VPNFW all — ipsec+ * 0.0.0.0/0 0.0.0.0/0

0 0 VPNFW_LOGDROP all — ipsec+ * 0.0.0.0/0 0.0.0.0/0

0 0 VPNFW all — * tap+ 0.0.0.0/0 0.0.0.0/0

0 0 VPNFW_LOGDROP all — * tap+ 0.0.0.0/0 0.0.0.0/0

0 0 VPNFW all — tap+ * 0.0.0.0/0 0.0.0.0/0

0 0 VPNFW_LOGDROP all — tap+ * 0.0.0.0/0 0.0.0.0/0

0 0 VPNFW all — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-out tap+ –physdev-is-bridged

0 0 VPNFW_LOGDROP all — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-out tap+ –physdev-is-bridged

0 0 VPNFW all — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in tap+

0 0 VPNFW_LOGDROP all — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in tap+

32 1944 VPNFWDST all — br2 br0 0.0.0.0/0 0.0.0.0/0

62543 4516K VPNFWDST all — br1 br0 0.0.0.0/0 0.0.0.0/0

Chain ZONEFW (9 references)

pkts bytes target prot opt in out source destination

34930 35M ACCEPT all — br0 br0 0.0.0.0/0 0.0.0.0/0

0 0 ALLOW tcp — br0 br1 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

0 0 ALLOW udp — br0 br1 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 ACCEPT all — br2 br2 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT all — br1 br1 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT tcp — * * 172.16.1.4 192.168.0.2 tcp dpt:25

0 0 ACCEPT icmp — * br0 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — * br0 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

0 0 ACCEPT icmp — * br2 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — * br2 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

2075 174K ACCEPT icmp — * br1 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8

0 0 ACCEPT icmp — * br1 192.168.0.31 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30

0 0 ACCEPT all — br0 * 0.0.0.0/0 172.16.1.3

0 0 ALLOW tcp — br2 br0 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

0 0 ALLOW udp — br2 br0 0.0.0.0/0 0.0.0.0/0 udp dpt:53

0 0 ALLOW tcp — br0 br2 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

5 318 ALLOW udp — br0 br2 0.0.0.0/0 0.0.0.0/0 udp dpt:53

Chain ZONEFW_LOGDROP (9 references)

pkts bytes target prot opt in out source destination

168K 14M DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain ZONETRAFFIC (1 references)

pkts bytes target prot opt in out source destination

1628K 846M ZONEFW all — br0 br0 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW_LOGDROP all — br0 br0 0.0.0.0/0 0.0.0.0/0

104K 9629K ZONEFW all — br0 br2 0.0.0.0/0 0.0.0.0/0

104K 9627K ZONEFW_LOGDROP all — br0 br2 0.0.0.0/0 0.0.0.0/0

32384 2714K ZONEFW all — br0 br1 0.0.0.0/0 0.0.0.0/0

1261 106K ZONEFW_LOGDROP all — br0 br1 0.0.0.0/0 0.0.0.0/0

32 1944 ZONEFW all — br2 br0 0.0.0.0/0 0.0.0.0/0

24 1464 ZONEFW_LOGDROP all — br2 br0 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW all — br2 br2 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW_LOGDROP all — br2 br2 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW all — br2 br1 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW_LOGDROP all — br2 br1 0.0.0.0/0 0.0.0.0/0

62543 4516K ZONEFW all — br1 br0 0.0.0.0/0 0.0.0.0/0

62543 4516K ZONEFW_LOGDROP all — br1 br0 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW all — br1 br2 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW_LOGDROP all — br1 br2 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW all — br1 br1 0.0.0.0/0 0.0.0.0/0

0 0 ZONEFW_LOGDROP all — br1 br1 0.0.0.0/0 0.0.0.0/0

Chain ipac~fi (1 references)

pkts bytes target prot opt in out source destination

10335 5436K all — br0 * 0.0.0.0/0 0.0.0.0/0

0 0 all — br2 * 0.0.0.0/0 0.0.0.0/0

1647 792K all — br1 * 0.0.0.0/0 0.0.0.0/0

10279 4629K all — eth1 * 0.0.0.0/0 0.0.0.0/0

Chain ipac~fo (1 references)

pkts bytes target prot opt in out source destination

10387 5038K all — * br0 0.0.0.0/0 0.0.0.0/0

15 1440 all — * br2 0.0.0.0/0 0.0.0.0/0

1440 414K all — * br1 0.0.0.0/0 0.0.0.0/0

10419 5403K all — * eth1 0.0.0.0/0 0.0.0.0/0

Chain ipac~i (1 references)

pkts bytes target prot opt in out source destination

50737 66M all — * br0 0.0.0.0/0 0.0.0.0/0

0 0 all — * br2 0.0.0.0/0 0.0.0.0/0

0 0 all — * br1 0.0.0.0/0 0.0.0.0/0

40124 4362K all — * eth1 0.0.0.0/0 0.0.0.0/0

Chain ipac~o (1 references)

pkts bytes target prot opt in out source destination

36442 4406K all — br0 * 0.0.0.0/0 0.0.0.0/0

1 320 all — br2 * 0.0.0.0/0 0.0.0.0/0

0 0 all — br1 * 0.0.0.0/0 0.0.0.0/0

50347 58M all — eth1 * 0.0.0.0/0 0.0.0.0/0

junho 16, 2010 às 6:55 pm em resposta a: Como barrar o tráfego entre redes? #4881

tnol2
Participante

Eduardo e Albaney, fiz o teste que vocês pediram, criei uma regra na primeira posição no insterzone, e no outgoing, barrando o tráfego da rede 10.10.0.0/16 para a rede 192.168.0.0/16, e o tráfego continuou passando normalmente. :S

junho 11, 2010 às 12:21 pm em resposta a: Como barrar o tráfego entre redes? #4879

tnol2
Participante

Segue abaixo um print screen do outgoing, e não coloquei do VPNFW porque não está nem habilitado.

http://img218.imageshack.us/img218/8531/outgoing.jpg

junho 10, 2010 às 5:05 pm em resposta a: Como barrar o tráfego entre redes? #4877

tnol2
Participante

Eduardo, realmente eu não lembro se cheguei a inserir alguma por linha de comando nessa instalação. Lembro que antes da versão 2.3, eu tinha outra instalação rodando, e estava com problema para habilitar o proxy, e lembro de ter testado algumas linhas de comando. Mas já estou até achando que nessa versão eu deva ter colocado tambem essa linha em algum arquivo. Qual o comando eu pode rodar para verificar isso, ou algum arquivo onde as regras ficam armazenadas?

junho 9, 2010 às 2:40 pm em resposta a: Como barrar o tráfego entre redes? #4874

tnol2
Participante

E depois mudei o comando para -D e voltei a fazer o telnet, conseguindo a conexão.

junho 9, 2010 às 2:39 pm em resposta a: Como barrar o tráfego entre redes? #4873

tnol2
Participante

Eduardo, após rodar comando: iptables -I FORWARD -d 192.168.0.83 -p tcp –dport 3389 -j DROP, não consegui mais fazer a conexão via telnet.

junho 8, 2010 às 5:47 pm em resposta a: Como barrar o tráfego entre redes? #4871

tnol2
Participante

Eduardo, fiz o seguinte teste:

Numa máquina da rede blue, 10.10.0.7, fiz um telnet para minha máquina na rede green, 192.168.0.83, e foi feita a conexão:

Trying 192.168.0.83…

Connected to 192.168.0.83

Escape character is ‘^]’.

Depois, criei uma regra na interzone assim:

source: blue destination:green service:tcp/3389 policy:deny

E mesmo depois dessa regra, consegui fazer a conexão.

Trying 192.168.0.83…

Connected to 192.168.0.83

Escape character is ‘^]’.

Alguma idéia?

junho 8, 2010 às 3:28 pm em resposta a: Como barrar o tráfego entre redes? #4870

tnol2
Participante

Mas vou fazer o teste com o remote desktop, e coloco resultado aqui.
Autor

Posts

Visualizando 15 posts - 1 até 15 (de 25 do total)

1 2 →

tnol2

Respostas no Fórum

Wireguard_webadmin