XyMon

iota - iptables

Wed May 01 2024, 23:04:37


 

Mi 1. Mai 23:04:37 CEST 2024





filter




Chain INPUT (policy DROP)
target     prot opt source               destination         
loc-fw     0    --  0.0.0.0/0            0.0.0.0/0           
dmz-fw     0    --  0.0.0.0/0            0.0.0.0/0           
net-fw     0    --  0.0.0.0/0            0.0.0.0/0           
~comb13    0    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            -m iface --dev-in --loopback 
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall INPUT DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP)
target     prot opt source               destination         
loc_frwd   0    --  0.0.0.0/0            0.0.0.0/0           
dmz_frwd   0    --  0.0.0.0/0            0.0.0.0/0           
net_frwd   0    --  0.0.0.0/0            0.0.0.0/0           
road_frwd  0    --  0.0.0.0/0            0.0.0.0/0           
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall FORWARD DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain dmz-fw (1 references)
target     prot opt source               destination         
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
~log1      6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp dpt:1984
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall dmz-fw DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain dmz-loc (1 references)
target     prot opt source               destination         
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
~log3      6    --  0.0.0.0/0            10.0.0.1            [goto]  multiport dports 3100,1984
~log3      6    --  0.0.0.0/0            10.0.0.200          [goto]  tcp dpt:389
~log3      6    --  0.0.0.0/0            10.0.0.201          [goto]  tcp dpt:389
~log3      6    --  0.0.0.0/0            10.0.0.200          [goto]  tcp dpt:636
~log3      6    --  0.0.0.0/0            10.0.0.201          [goto]  tcp dpt:636
~log3      6    --  192.168.9.9          0.0.0.0/0           [goto]  tcp dpt:22
~log3      17   --  192.168.9.2          10.0.0.1            [goto]  udp dpt:53
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall dmz-loc DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain dmz-net (1 references)
target     prot opt source               destination         
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall dmz-net ACCEPT "
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           

Chain dmz-road (1 references)
target     prot opt source               destination         
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall dmz-road DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain dmz_frwd (1 references)
target     prot opt source               destination         
dmz-loc    0    --  0.0.0.0/0            0.0.0.0/0           
~comb13    0    --  0.0.0.0/0            0.0.0.0/0           
dmz-net    0    --  0.0.0.0/0            0.0.0.0/0           
dmz-road   0    --  0.0.0.0/0            0.0.0.0/0           

Chain dynamic (11 references)
target     prot opt source               destination         

Chain loc-fw (1 references)
target     prot opt source               destination         
~blacklist1  0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
ACCEPT     17   --  0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
~log2      6    --  10.0.0.1             0.0.0.0/0           [goto]  multiport dports 3100,9100
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           

Chain loc_frwd (1 references)
target     prot opt source               destination         
~comb13    0    --  0.0.0.0/0            0.0.0.0/0           
~comb14    0    --  0.0.0.0/0            0.0.0.0/0           
~comb14    0    --  0.0.0.0/0            0.0.0.0/0           
~comb14    0    --  0.0.0.0/0            0.0.0.0/0           

Chain logdrop (0 references)
target     prot opt source               destination         
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain logflags (7 references)
target     prot opt source               destination         
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix "Shorewall logflags DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
target     prot opt source               destination         
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type BROADCAST
DROP       0    --  224.0.0.0/4          0.0.0.0/0           
DROP       2    --  0.0.0.0/0            0.0.0.0/0           
REJECT     6    --  0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
REJECT     17   --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     1    --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-unreachable
REJECT     0    --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain net-dmz (1 references)
target     prot opt source               destination         
~blacklist1  0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
~log4      0    --  192.168.10.0/24      192.168.9.2         [goto] 
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall net-dmz DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain net-fw (1 references)
target     prot opt source               destination         
~blacklist1  0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:1194
~log0      6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp dpt:1194
~log0      17   --  0.0.0.0/0            0.0.0.0/0           [goto]  udp dpt:1194
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall net-fw DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain net-loc (1 references)
target     prot opt source               destination         
~blacklist1  0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall net-loc DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain net-road (1 references)
target     prot opt source               destination         
~blacklist1  0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall net-road DROP "
DROP       0    --  0.0.0.0/0            0.0.0.0/0           

Chain net_frwd (1 references)
target     prot opt source               destination         
net-loc    0    --  0.0.0.0/0            0.0.0.0/0           
net-dmz    0    --  0.0.0.0/0            0.0.0.0/0           
~comb13    0    --  0.0.0.0/0            0.0.0.0/0           
net-road   0    --  0.0.0.0/0            0.0.0.0/0           

Chain road_frwd (1 references)
target     prot opt source               destination         
~comb13    0    --  0.0.0.0/0            0.0.0.0/0           
~comb13    0    --  0.0.0.0/0            0.0.0.0/0           
~comb13    0    --  0.0.0.0/0            0.0.0.0/0           
~comb13    0    --  0.0.0.0/0            0.0.0.0/0           

Chain sha-lh-bf68ebcc8b0394af45ed (0 references)
target     prot opt source               destination         

Chain sha-rh-f3c809a2fa9e9b60a397 (0 references)
target     prot opt source               destination         

Chain shorewall (0 references)
target     prot opt source               destination         
           0    --  0.0.0.0/0            0.0.0.0/0            recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

Chain tcpflags (11 references)
target     prot opt source               destination         
logflags   6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x29
logflags   6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x00
logflags   6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x06/0x06
logflags   6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x05/0x05
logflags   6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x03/0x03
logflags   6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x19/0x09
logflags   6    --  0.0.0.0/0            0.0.0.0/0           [goto]  tcp spt:0 flags:0x17/0x02

Chain ~blacklist1 (6 references)
target     prot opt source               destination         
DROP       0    --  163.172.31.102       0.0.0.0/0           
DROP       0    --  146.88.240.4         0.0.0.0/0           
DROP       0    --  185.200.118.0/24     0.0.0.0/0           

Chain ~comb13 (8 references)
target     prot opt source               destination         
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           

Chain ~comb14 (3 references)
target     prot opt source               destination         
~blacklist1  0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
dynamic    0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
tcpflags   6    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           

Chain ~log0 (2 references)
target     prot opt source               destination         
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall net-fw ACCEPT "
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           

Chain ~log1 (1 references)
target     prot opt source               destination         
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall dmz-fw ACCEPT "
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           

Chain ~log2 (1 references)
target     prot opt source               destination         
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall loc-fw ACCEPT "
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           

Chain ~log3 (7 references)
target     prot opt source               destination         
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall dmz-loc ACCEPT "
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           

Chain ~log4 (1 references)
target     prot opt source               destination         
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "Shorewall net-dmz ACCEPT "
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           





 






nat




Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
enp0s31f6_masq  0    --  0.0.0.0/0            0.0.0.0/0           
enp2s0f1_masq  0    --  0.0.0.0/0            0.0.0.0/0           
MASQUERADE  0    --  10.0.0.0/24          0.0.0.0/0           

Chain enp0s31f6_masq (1 references)
target     prot opt source               destination         
MASQUERADE  0    --  10.0.0.0/24          0.0.0.0/0           
MASQUERADE  0    --  10.10.10.0/24        0.0.0.0/0           
MASQUERADE  0    --  192.168.9.0/24       0.0.0.0/0           

Chain enp2s0f1_masq (1 references)
target     prot opt source               destination         
MASQUERADE  0    --  10.0.0.0/24          0.0.0.0/0           
MASQUERADE  0    --  10.10.10.0/24        0.0.0.0/0           





 






mangle




Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
MARK       0    --  0.0.0.0/0            0.0.0.0/0            MARK and 0xffffff00

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         





 













Status unchanged in 77 days, 1 hour, 5 minutes

Status message received from 127.0.0.1

Client data available







    

      

        powered by XyMon 4.3.30