Shorewall 5.2.3.4 Dump at edge - Mon 02 Jan 2023 12:53:38 AM PST Shorewall is running State:Started Sun Jan 1 22:13:06 PST 2023 from /etc/shorewall/ (/var/lib/shorewall/firewall compiled Sun Jan 1 22:13:05 PST 2023 by Shorewall version 5.2.3.4) Counters reset Sun Jan 1 22:13:06 PST 2023 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 15260 1386K ixp-fw all -- enp9s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 13627 2965K enp1s0_in all -- enp1s0 * 0.0.0.0/0 0.0.0.0/0 2280 143K int-fw all -- enp2s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ip6-fw all -- enp10s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ip4-fw all -- enp11s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ha-fw all -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 hom-fw all -- wanjet1 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 1 29 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 3268 353K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5 380 enp1s0_fwd all -- enp1s0 * 0.0.0.0/0 0.0.0.0/0 0 0 ixp_frwd all -- enp9s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 9339 784K int_frwd all -- enp2s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ip6_frwd all -- enp10s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ip4_frwd all -- enp11s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ha_frwd all -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 hom_frwd all -- wanjet1 * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 15427 800K fw-ixp all -- * enp9s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 27992 9539K enp1s0_out all -- * enp1s0 0.0.0.0/0 0.0.0.0/0 11292 1482K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt-fw (1 references) pkts bytes target prot opt in out source destination 7704 2180K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT esp -- * * 50.251.197.121 0.0.0.0/0 0 0 ACCEPT udp -- * * 50.251.197.121 0.0.0.0/0 udp dpt:500 ctstate NEW,UNTRACKED 0 0 ACCEPT udp -- * * 50.251.197.121 0.0.0.0/0 udp spt:500 dpt:500 /* IPsec */ 0 0 ACCEPT esp -- * * 50.251.197.121 0.0.0.0/0 /* IPsec */ 0 0 ACCEPT udp -- * * 50.251.197.121 0.0.0.0/0 udp dpt:4500 0 0 ACCEPT icmp -- * * 50.251.197.121 0.0.0.0/0 icmptype 8 /* Ping */ 25 1171 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 /* Web */ 1234 50630 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 1396 380K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt-ha (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "drt-ha DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt-hom (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "drt-hom DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt-int (1 references) pkts bytes target prot opt in out source destination 5 380 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "drt-int DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt-ip4 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "drt-ip4 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt-ip6 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "drt-ip6 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt-ixp (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ~log1 all -- * * 0.0.0.0/0 206.81.80.0/22 [goto] 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "drt-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt-vpn0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "drt-vpn0 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain drt_frwd (1 references) pkts bytes target prot opt in out source destination 0 0 drt-ixp all -- * enp9s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 5 380 drt-int all -- * enp2s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 drt-ip6 all -- * enp10s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 drt-ip4 all -- * enp11s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 drt-ha all -- * enp3s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 drt-vpn0 all -- * enp1s0 0.0.0.0/0 100.65.12.0/24 policy match dir out pol ipsec 0 0 drt-hom all -- * wanjet1 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none Chain dynamic (14 references) pkts bytes target prot opt in out source destination Chain enp1s0_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 vpn0_frwd all -- * * 100.65.12.0/24 0.0.0.0/0 [goto] policy match dir in pol ipsec 5 380 drt_frwd all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none Chain enp1s0_in (1 references) pkts bytes target prot opt in out source destination 2703 437K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 797 303K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 10359 2612K drt-fw all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ACCEPT all -- * * 100.65.12.0/24 0.0.0.0/0 policy match dir in pol ipsec Chain enp1s0_out (1 references) pkts bytes target prot opt in out source destination 18649 8530K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ACCEPT all -- * * 0.0.0.0/0 100.65.12.0/24 policy match dir out pol ipsec Chain fw-ixp (1 references) pkts bytes target prot opt in out source destination 15257 790K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 170 10140 ACCEPT all -- * * 0.0.0.0/0 206.81.80.0/22 0 0 ~log0 all -- * * 0.0.0.0/0 206.81.80.0/22 [goto] 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha-drt (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ha-drt DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha-fw (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ha-fw DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha-hom (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ha-hom DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha-int (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ha-int DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha-ip4 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ha-ip4 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha-ip6 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ha-ip6 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha-ixp (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ~log5 all -- * * 0.0.0.0/0 206.81.80.0/22 [goto] 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ha-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha-vpn0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ha-vpn0 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ha_frwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ha-ixp all -- * enp9s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ha-drt all -- * enp1s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ha-int all -- * enp2s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ha-ip6 all -- * enp10s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ha-ip4 all -- * enp11s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ha-vpn0 all -- * enp1s0 0.0.0.0/0 100.65.12.0/24 policy match dir out pol ipsec 0 0 ha-hom all -- * wanjet1 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none Chain hom-fw (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain hom-ixp (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ~log7 all -- * * 0.0.0.0/0 206.81.80.0/22 [goto] 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain hom_frwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 hom-ixp all -- * enp9s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp1s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ACCEPT all -- * enp2s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp10s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp11s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp3s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp1s0 0.0.0.0/0 100.65.12.0/24 policy match dir out pol ipsec Chain int-fw (1 references) pkts bytes target prot opt in out source destination 27 6300 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 2254 137K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 2253 136K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* SSH */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 26 6240 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "int-fw DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain int-ha (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "int-ha DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain int-ip4 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "int-ip4 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain int-ip6 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "int-ip6 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain int-ixp (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ~log2 all -- * * 0.0.0.0/0 206.81.80.0/22 [goto] 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "int-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain int-vpn0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "int-vpn0 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain int_frwd (1 references) pkts bytes target prot opt in out source destination 9339 784K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 int-ixp all -- * enp9s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 5 380 ACCEPT all -- * enp1s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 int-ip6 all -- * enp10s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 int-ip4 all -- * enp11s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 int-ha all -- * enp3s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 int-vpn0 all -- * enp1s0 0.0.0.0/0 100.65.12.0/24 policy match dir out pol ipsec 9334 784K ACCEPT all -- * wanjet1 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none Chain ip4-drt (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip4-drt DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip4-fw (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* SSH */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip4-fw DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip4-ha (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip4-ha DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip4-hom (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip4-hom DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip4-int (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip4-int DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip4-ip6 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip4-ip6 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip4-ixp (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ~log4 all -- * * 0.0.0.0/0 206.81.80.0/22 [goto] 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip4-vpn0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip4-vpn0 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip4_frwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ip4-ixp all -- * enp9s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip4-drt all -- * enp1s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip4-int all -- * enp2s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip4-ip6 all -- * enp10s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip4-ha all -- * enp3s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip4-vpn0 all -- * enp1s0 0.0.0.0/0 100.65.12.0/24 policy match dir out pol ipsec 0 0 ip4-hom all -- * wanjet1 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none Chain ip6-drt (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip6-drt DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip6-fw (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip6-fw DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip6-ha (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip6-ha DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip6-hom (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip6-hom DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip6-int (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip6-int DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip6-ip4 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip6-ip4 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip6-ixp (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ~log3 all -- * * 0.0.0.0/0 206.81.80.0/22 [goto] 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip6-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip6-vpn0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ip6-vpn0 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ip6_frwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ip6-ixp all -- * enp9s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip6-drt all -- * enp1s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip6-int all -- * enp2s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip6-ip4 all -- * enp11s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip6-ha all -- * enp3s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ip6-vpn0 all -- * enp1s0 0.0.0.0/0 100.65.12.0/24 policy match dir out pol ipsec 0 0 ip6-hom all -- * wanjet1 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none Chain ixp-drt (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ixp-drt DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ixp-fw (1 references) pkts bytes target prot opt in out source destination 4 176 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 15260 1386K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 15256 1386K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 /* Web */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 4 176 ACCEPT all -- * * 206.81.80.0/22 0.0.0.0/0 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT icmp -- * * 100.64.79.1 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ixp-fw DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ixp-ha (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ixp-ha DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ixp-hom (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ixp-hom DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ixp-int (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ixp-int DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ixp-ip4 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ixp-ip4 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ixp-ip6 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 /* DNS */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 /* DNS */ 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ixp-ip6 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ixp-vpn0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "ixp-vpn0 DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ixp_frwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none 0 0 ixp-drt all -- * enp1s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ixp-int all -- * enp2s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ixp-ip6 all -- * enp10s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ixp-ip4 all -- * enp11s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ixp-ha all -- * enp3s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ixp-vpn0 all -- * enp1s0 0.0.0.0/0 100.65.12.0/24 policy match dir out pol ipsec 0 0 ixp-hom all -- * wanjet1 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none Chain logdrop (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logflags (7 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix "logflags DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain sha-lh-f1bb80deb00c31cf1a27 (0 references) pkts bytes target prot opt in out source destination Chain sha-rh-3cb1b951e068bd78da1e (0 references) pkts bytes target prot opt in out source destination Chain shorewall (0 references) pkts bytes target prot opt in out source destination 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255 Chain tcpflags (14 references) pkts bytes target prot opt in out source destination 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x29 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x00 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x06/0x06 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x05/0x05 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x03/0x03 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x19/0x09 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02 Chain vpn0-ixp (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ~log6 all -- * * 0.0.0.0/0 206.81.80.0/22 [goto] 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain vpn0_frwd (1 references) pkts bytes target prot opt in out source destination 0 0 vpn0-ixp all -- * enp9s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp1s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp2s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp10s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp11s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * enp3s0 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none 0 0 ~comb8 all -- * wanjet1 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none Chain ~comb8 (11 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ~log0 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 4 prefix "fw-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ~log1 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 4 prefix "drt-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ~log2 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 4 prefix "int-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ~log3 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 4 prefix "ip6-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ~log4 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 4 prefix "ip4-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ~log5 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 4 prefix "ha-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ~log6 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 4 prefix "vpn0-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ~log7 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 4 prefix "hom-ixp DROP " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ARP rules Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) Log (/var/log/messages) NAT Table Chain PREROUTING (policy ACCEPT 175K packets, 8656K bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 1256 packets, 51701 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 539 packets, 38001 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 541 packets, 38169 bytes) pkts bytes target prot opt in out source destination 5 380 MASQUERADE all -- * enp1s0 100.65.12.0/24 0.0.0.0/0 policy match dir out pol none Mangle Table Chain PREROUTING (policy ACCEPT 213K packets, 14M bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 31168 packets, 4494K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 9344 packets, 785K bytes) pkts bytes target prot opt in out source destination 9344 785K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK and 0xffffff00 Chain OUTPUT (policy ACCEPT 45368 packets, 11M bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 54711 packets, 12M bytes) pkts bytes target prot opt in out source destination Raw Table Chain PREROUTING (policy ACCEPT 213K packets, 14M bytes) pkts bytes target prot opt in out source destination 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10080 CT helper amanda 130 5324 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 CT helper ftp 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1719 CT helper RAS 5 200 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720 flags:0x17/0x02 CT helper Q.931 53 2128 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 flags:0x17/0x02 CT helper irc 3 234 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 CT helper netbios-ns 43 1760 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 flags:0x17/0x02 CT helper pptp 27 1080 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6566 flags:0x17/0x02 CT helper sane 328 51324 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 CT helper sip 16 1209 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 CT helper snmp 513 24632 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 CT helper tftp Chain OUTPUT (policy ACCEPT 45368 packets, 11M bytes) pkts bytes target prot opt in out source destination 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10080 CT helper amanda 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 CT helper ftp 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1719 CT helper RAS 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720 flags:0x17/0x02 CT helper Q.931 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 flags:0x17/0x02 CT helper irc 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 CT helper netbios-ns 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 flags:0x17/0x02 CT helper pptp 0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6566 flags:0x17/0x02 CT helper sane 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 CT helper sip 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 CT helper snmp 0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 CT helper tftp Conntrack Table (251 out of 65536) ipv4 2 unknown 50 509 src=74.120.12.135 dst=97.126.43.23 src=97.126.43.23 dst=74.120.12.135 mark=0 zone=0 use=2 ipv4 2 tcp 6 431994 ESTABLISHED src=206.81.80.184 dst=206.81.81.28 sport=43635 dport=179 src=206.81.81.28 dst=206.81.80.184 sport=179 dport=43635 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 431997 ESTABLISHED src=206.81.80.184 dst=206.81.80.40 sport=37831 dport=179 src=206.81.80.40 dst=206.81.80.184 sport=179 dport=37831 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 430848 ESTABLISHED src=100.65.12.1 dst=100.65.12.70 sport=51222 dport=22 src=100.65.12.70 dst=100.65.12.1 sport=22 dport=51222 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 431993 ESTABLISHED src=206.81.80.184 dst=206.81.81.41 sport=59491 dport=179 src=206.81.81.41 dst=206.81.80.184 sport=179 dport=59491 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 431987 ESTABLISHED src=206.81.81.123 dst=206.81.80.184 sport=38189 dport=179 src=206.81.80.184 dst=206.81.81.123 sport=179 dport=38189 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 431680 ESTABLISHED src=100.65.12.70 dst=100.65.12.1 sport=57122 dport=22 src=100.65.12.1 dst=100.65.12.70 sport=22 dport=57122 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 431999 ESTABLISHED src=100.65.12.70 dst=100.65.12.1 sport=59084 dport=22 src=100.65.12.1 dst=100.65.12.70 sport=22 dport=59084 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 430504 ESTABLISHED src=100.65.12.70 dst=100.65.12.1 sport=38202 dport=22 src=100.65.12.1 dst=100.65.12.70 sport=22 dport=38202 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 431975 ESTABLISHED src=206.81.80.184 dst=206.81.80.152 sport=48129 dport=179 src=206.81.80.152 dst=206.81.80.184 sport=179 dport=48129 [ASSURED] mark=0 zone=0 use=2 ipv4 2 unknown 50 599 src=74.120.12.135 dst=97.113.149.238 src=97.113.149.238 dst=74.120.12.135 mark=0 zone=0 use=2 ipv4 2 udp 17 82 src=74.120.12.135 dst=97.113.149.238 sport=500 dport=500 src=97.113.149.238 dst=74.120.12.135 sport=500 dport=500 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 425081 ESTABLISHED src=100.65.12.70 dst=100.65.12.1 sport=41896 dport=22 src=100.65.12.1 dst=100.65.12.70 sport=22 dport=41896 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 431111 ESTABLISHED src=100.65.12.1 dst=100.65.12.70 sport=42574 dport=22 src=100.65.12.70 dst=100.65.12.1 sport=22 dport=42574 [ASSURED] mark=0 zone=0 use=2 ipv4 2 icmp 1 0 src=3.28.120.137 dst=74.120.12.135 type=8 code=0 id=26 src=74.120.12.135 dst=3.28.120.137 type=0 code=0 id=26 mark=0 zone=0 use=2 ipv4 2 tcp 6 431999 ESTABLISHED src=206.81.80.184 dst=206.81.80.204 sport=43669 dport=179 src=206.81.80.204 dst=206.81.80.184 sport=179 dport=43669 [ASSURED] mark=0 zone=0 use=2 ipv4 2 tcp 6 431987 ESTABLISHED src=206.81.80.212 dst=206.81.80.184 sport=8042 dport=179 src=206.81.80.184 dst=206.81.80.212 sport=179 dport=8042 [ASSURED] mark=0 zone=0 use=2 IP Configuration 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp1s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 74.120.12.135/28 scope global enp1s0 valid_lft forever preferred_lft forever 3: enp2s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 100.65.12.1/24 scope global enp2s0 valid_lft forever preferred_lft forever 5: enp9s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 206.81.80.184/22 scope global enp9s0 valid_lft forever preferred_lft forever 7: enp11s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 23.181.112.1/24 scope global enp11s0 valid_lft forever preferred_lft forever 15: wanjet1@NONE: mtu 1449 qdisc noqueue state UNKNOWN group default qlen 1000 inet 100.66.79.1 peer 100.66.79.2/30 brd 100.66.79.3 scope global wanjet1 valid_lft forever preferred_lft forever IP Stats 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped missed mcast 65458 1097 0 0 0 0 TX: bytes packets errors dropped carrier collsns 65458 1097 0 0 0 0 2: enp1s0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:80:88:d6 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped missed mcast 41759788500 112015973 0 19612839 0 0 TX: bytes packets errors dropped carrier collsns 6484357101 11952395 0 0 0 0 3: enp2s0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:f1:39:ea brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped missed mcast 111742952 661245 0 0 0 0 TX: bytes packets errors dropped carrier collsns 271175274 396599 0 0 0 0 4: enp3s0: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 52:54:00:fb:d6:9a brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 5: enp9s0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:32:3c:08 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped missed mcast 137777330226 1483722685 0 38 0 0 TX: bytes packets errors dropped carrier collsns 38331205203 314381630 0 0 0 0 6: enp10s0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:33:5d:38 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped missed mcast 15301529501 8449174 0 0 0 0 TX: bytes packets errors dropped carrier collsns 3915493582 10590750 0 0 0 0 7: enp11s0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:15:ae:76 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped missed mcast 3691599 52563 0 0 0 0 TX: bytes packets errors dropped carrier collsns 170465 2173 0 0 0 0 8: gre0@NONE: mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/gre 0.0.0.0 brd 0.0.0.0 RX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 9: gretap0@NONE: mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 10: erspan0@NONE: mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 15: wanjet1@NONE: mtu 1449 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/gre 100.65.12.1 peer 100.64.79.1 RX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 784896 9344 3 0 0 3 Routing Rules 0: from all lookup local 220: from all lookup 220 32766: from all lookup main 32767: from all lookup default Table 220: 100.64.79.1 via 74.120.12.129 dev enp1s0 proto static src 100.65.12.1 Table default: Table local: local 74.120.12.135 dev enp1s0 proto kernel scope host src 74.120.12.135 local 23.181.112.1 dev enp11s0 proto kernel scope host src 23.181.112.1 local 206.81.80.184 dev enp9s0 proto kernel scope host src 206.81.80.184 local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 local 100.66.79.1 dev wanjet1 proto kernel scope host src 100.66.79.1 local 100.65.12.1 dev enp2s0 proto kernel scope host src 100.65.12.1 broadcast 74.120.12.143 dev enp1s0 proto kernel scope link src 74.120.12.135 broadcast 74.120.12.128 dev enp1s0 proto kernel scope link src 74.120.12.135 broadcast 23.181.112.255 dev enp11s0 proto kernel scope link src 23.181.112.1 broadcast 23.181.112.0 dev enp11s0 proto kernel scope link src 23.181.112.1 broadcast 206.81.83.255 dev enp9s0 proto kernel scope link src 206.81.80.184 broadcast 206.81.80.0 dev enp9s0 proto kernel scope link src 206.81.80.184 broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 broadcast 100.66.79.3 dev wanjet1 proto kernel scope link src 100.66.79.1 broadcast 100.66.79.0 dev wanjet1 proto kernel scope link src 100.66.79.1 broadcast 100.65.12.255 dev enp2s0 proto kernel scope link src 100.65.12.1 broadcast 100.65.12.0 dev enp2s0 proto kernel scope link src 100.65.12.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 Table main: 8.8.4.4 via 206.81.80.17 dev enp9s0 69.174.129.117 via 206.81.80.40 dev enp9s0 100.66.79.0/30 dev wanjet1 proto kernel scope link src 100.66.79.1 74.120.12.128/28 dev enp1s0 proto kernel scope link src 74.120.12.135 23.181.112.0/24 dev enp11s0 proto kernel scope link src 23.181.112.1 192.168.79.0/24 dev wanjet1 scope link 172.16.79.0/24 dev wanjet1 scope link 100.65.12.0/24 dev enp2s0 proto kernel scope link src 100.65.12.1 100.64.79.0/24 dev wanjet1 scope link 206.81.80.0/22 dev enp9s0 proto kernel scope link src 206.81.80.184 default via 74.120.12.129 dev enp1s0 Per-IP Counters iptaccount is not installed NF Accounting No NF Accounting defined (nfacct not found) Events PFKEY SPD src 100.65.12.1/32 dst 100.64.79.1/32 uid 0 dir out action allow index 585 priority 367231 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2023-01-02 00:52:24 use 2023-01-02 00:52:24 tmpl src 74.120.12.135 dst 97.113.149.238 proto esp spi 0xcb334827(3409135655) reqid 1(0x00000001) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff src 100.64.79.1/32 dst 100.65.12.1/32 uid 0 dir fwd action allow index 578 priority 367231 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2023-01-02 00:52:24 use - tmpl src 97.113.149.238 dst 74.120.12.135 proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff src 100.64.79.1/32 dst 100.65.12.1/32 uid 0 dir in action allow index 568 priority 367231 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2023-01-02 00:52:24 use - tmpl src 97.113.149.238 dst 74.120.12.135 proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff PFKEY SAD src 74.120.12.135 dst 97.113.149.238 proto esp spi 0xcb334827(3409135655) reqid 1(0x00000001) mode tunnel replay-window 0 seq 0x00000000 flag af-unspec (0x00100000) aead rfc4106(gcm(aes)) 0x09d5330b12a0e4cec4443015c5514dc09935abaf (160 bits) 128 anti-replay context: seq 0x0, oseq 0x49, bitmap 0x00000000 lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 85651(sec), hard 95040(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 7884(bytes), 73(packets) add 2023-01-02 00:52:24 use 2023-01-02 00:52:24 stats: replay-window 0 replay 0 failed 0 src 97.113.149.238 dst 74.120.12.135 proto esp spi 0xc50d1ac9(3305970377) reqid 1(0x00000001) mode tunnel replay-window 32 seq 0x00000000 flag af-unspec (0x00100000) aead rfc4106(gcm(aes)) 0xf6a931ccd2ceeec0ba1e992e0ec8274413080222 (160 bits) 128 anti-replay context: seq 0x49, oseq 0x0, bitmap 0xffffffff lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 80796(sec), hard 95040(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 7884(bytes), 73(packets) add 2023-01-02 00:52:24 use 2023-01-02 00:52:24 stats: replay-window 0 replay 0 failed 0 src 74.120.12.135 dst 97.113.149.238 proto esp spi 0xc2a87850(3265820752) reqid 1(0x00000001) mode tunnel replay-window 0 seq 0x00000000 flag af-unspec (0x00100000) aead rfc4106(gcm(aes)) 0x694545ad989cf95ac034d8f141fda9139e3b8b03 (160 bits) 128 anti-replay context: seq 0x0, oseq 0x5, bitmap 0x00000000 lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 81033(sec), hard 95040(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 540(bytes), 5(packets) add 2023-01-02 00:52:19 use 2023-01-02 00:52:19 stats: replay-window 0 replay 0 failed 0 src 97.113.149.238 dst 74.120.12.135 proto esp spi 0xc89e9ac8(3365837512) reqid 1(0x00000001) mode tunnel replay-window 32 seq 0x00000000 flag af-unspec (0x00100000) aead rfc4106(gcm(aes)) 0x7b01134d34e4fc5bf7961ac6787c0cf443eddb30 (160 bits) 128 anti-replay context: seq 0x5, oseq 0x0, bitmap 0x0000001f lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 82302(sec), hard 95040(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 540(bytes), 5(packets) add 2023-01-02 00:52:19 use 2023-01-02 00:52:19 stats: replay-window 0 replay 0 failed 0 src 74.120.12.135 dst 97.113.149.238 proto esp spi 0xc7d7a1bc(3352797628) reqid 1(0x00000001) mode tunnel replay-window 0 seq 0x00000000 flag af-unspec (0x00100000) aead rfc4106(gcm(aes)) 0xacd9c55d8ce1357821fa09d603bbad940640129d (160 bits) 128 anti-replay context: seq 0x0, oseq 0x6, bitmap 0x00000000 lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 80747(sec), hard 95040(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 648(bytes), 6(packets) add 2023-01-02 00:52:12 use 2023-01-02 00:52:13 stats: replay-window 0 replay 0 failed 0 src 97.113.149.238 dst 74.120.12.135 proto esp spi 0xc2deed20(3269389600) reqid 1(0x00000001) mode tunnel replay-window 32 seq 0x00000000 flag af-unspec (0x00100000) aead rfc4106(gcm(aes)) 0xf22d3d877ae245c6e58968b7305f2e7b47559175 (160 bits) 128 anti-replay context: seq 0x6, oseq 0x0, bitmap 0x0000003f lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 86371(sec), hard 95040(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 648(bytes), 6(packets) add 2023-01-02 00:52:12 use 2023-01-02 00:52:13 stats: replay-window 0 replay 0 failed 0 /proc /proc/version = Linux version 5.10.0-9-amd64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 5.10.70-1 (2021-09-30) /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/arp_ignore = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 1 /proc/sys/net/ipv4/conf/all/log_martians = 0 /proc/sys/net/ipv4/conf/default/proxy_arp = 0 /proc/sys/net/ipv4/conf/default/arp_filter = 0 /proc/sys/net/ipv4/conf/default/arp_ignore = 0 /proc/sys/net/ipv4/conf/default/rp_filter = 1 /proc/sys/net/ipv4/conf/default/log_martians = 1 /proc/sys/net/ipv4/conf/enp10s0/proxy_arp = 0 /proc/sys/net/ipv4/conf/enp10s0/arp_filter = 0 /proc/sys/net/ipv4/conf/enp10s0/arp_ignore = 0 /proc/sys/net/ipv4/conf/enp10s0/rp_filter = 1 /proc/sys/net/ipv4/conf/enp10s0/log_martians = 1 /proc/sys/net/ipv4/conf/enp11s0/proxy_arp = 0 /proc/sys/net/ipv4/conf/enp11s0/arp_filter = 0 /proc/sys/net/ipv4/conf/enp11s0/arp_ignore = 0 /proc/sys/net/ipv4/conf/enp11s0/rp_filter = 1 /proc/sys/net/ipv4/conf/enp11s0/log_martians = 1 /proc/sys/net/ipv4/conf/enp1s0/proxy_arp = 0 /proc/sys/net/ipv4/conf/enp1s0/arp_filter = 0 /proc/sys/net/ipv4/conf/enp1s0/arp_ignore = 0 /proc/sys/net/ipv4/conf/enp1s0/rp_filter = 1 /proc/sys/net/ipv4/conf/enp1s0/log_martians = 1 /proc/sys/net/ipv4/conf/enp2s0/proxy_arp = 0 /proc/sys/net/ipv4/conf/enp2s0/arp_filter = 0 /proc/sys/net/ipv4/conf/enp2s0/arp_ignore = 0 /proc/sys/net/ipv4/conf/enp2s0/rp_filter = 1 /proc/sys/net/ipv4/conf/enp2s0/log_martians = 1 /proc/sys/net/ipv4/conf/enp3s0/proxy_arp = 0 /proc/sys/net/ipv4/conf/enp3s0/arp_filter = 0 /proc/sys/net/ipv4/conf/enp3s0/arp_ignore = 0 /proc/sys/net/ipv4/conf/enp3s0/rp_filter = 1 /proc/sys/net/ipv4/conf/enp3s0/log_martians = 1 /proc/sys/net/ipv4/conf/enp9s0/proxy_arp = 0 /proc/sys/net/ipv4/conf/enp9s0/arp_filter = 1 /proc/sys/net/ipv4/conf/enp9s0/arp_ignore = 0 /proc/sys/net/ipv4/conf/enp9s0/rp_filter = 1 /proc/sys/net/ipv4/conf/enp9s0/log_martians = 0 /proc/sys/net/ipv4/conf/erspan0/proxy_arp = 0 /proc/sys/net/ipv4/conf/erspan0/arp_filter = 0 /proc/sys/net/ipv4/conf/erspan0/arp_ignore = 0 /proc/sys/net/ipv4/conf/erspan0/rp_filter = 1 /proc/sys/net/ipv4/conf/erspan0/log_martians = 1 /proc/sys/net/ipv4/conf/gre0/proxy_arp = 0 /proc/sys/net/ipv4/conf/gre0/arp_filter = 0 /proc/sys/net/ipv4/conf/gre0/arp_ignore = 0 /proc/sys/net/ipv4/conf/gre0/rp_filter = 1 /proc/sys/net/ipv4/conf/gre0/log_martians = 1 /proc/sys/net/ipv4/conf/gretap0/proxy_arp = 0 /proc/sys/net/ipv4/conf/gretap0/arp_filter = 0 /proc/sys/net/ipv4/conf/gretap0/arp_ignore = 0 /proc/sys/net/ipv4/conf/gretap0/rp_filter = 1 /proc/sys/net/ipv4/conf/gretap0/log_martians = 1 /proc/sys/net/ipv4/conf/lo/proxy_arp = 0 /proc/sys/net/ipv4/conf/lo/arp_filter = 0 /proc/sys/net/ipv4/conf/lo/arp_ignore = 0 /proc/sys/net/ipv4/conf/lo/rp_filter = 1 /proc/sys/net/ipv4/conf/lo/log_martians = 1 /proc/sys/net/ipv4/conf/wanjet1/proxy_arp = 0 /proc/sys/net/ipv4/conf/wanjet1/arp_filter = 0 /proc/sys/net/ipv4/conf/wanjet1/arp_ignore = 0 /proc/sys/net/ipv4/conf/wanjet1/rp_filter = 1 /proc/sys/net/ipv4/conf/wanjet1/log_martians = 1 ARP 206.81.81.28 dev enp9s0 lladdr 9c:cc:83:72:7b:52 REACHABLE 206.81.80.2 dev enp9s0 lladdr 00:12:c0:88:27:18 REACHABLE 206.81.81.10 dev enp9s0 lladdr cc:e1:7f:92:eb:ce STALE 206.81.81.247 dev enp9s0 lladdr 40:01:7a:eb:56:c9 STALE 206.81.81.241 dev enp9s0 lladdr 80:71:1f:c3:4b:c0 STALE 206.81.80.235 dev enp9s0 lladdr 00:22:83:32:bf:f0 STALE 206.81.80.217 dev enp9s0 lladdr 2c:6b:f5:d6:c6:75 STALE 100.65.12.4 dev enp2s0 lladdr 52:54:00:32:f1:67 STALE 206.81.80.64 dev enp9s0 lladdr 00:be:75:3a:1c:04 STALE 206.81.80.205 dev enp9s0 lladdr 44:f4:77:2c:08:39 REACHABLE 206.81.81.27 dev enp9s0 lladdr 94:8e:d3:0a:51:bf STALE 206.81.81.15 dev enp9s0 lladdr 2c:21:72:d9:14:83 STALE 100.65.12.70 dev enp2s0 lladdr aa:c2:b3:6f:30:54 REACHABLE 206.81.80.11 dev enp9s0 lladdr 00:0b:45:a8:1f:c0 STALE 206.81.81.232 dev enp9s0 lladdr 20:d8:0b:b3:70:53 STALE 206.81.80.212 dev enp9s0 lladdr 60:9c:9f:ae:3b:41 REACHABLE 206.81.81.198 dev enp9s0 lladdr 74:8e:f8:a9:48:81 STALE 206.81.80.204 dev enp9s0 lladdr 44:f4:77:2e:a8:39 REACHABLE 206.81.81.52 dev enp9s0 lladdr 94:04:9c:e0:a1:49 STALE 206.81.80.48 dev enp9s0 lladdr 80:7f:f8:6a:29:86 STALE 206.81.80.36 dev enp9s0 lladdr fc:0a:81:fe:48:34 STALE 206.81.80.171 dev enp9s0 lladdr 9c:8a:cb:4f:68:19 STALE 206.81.80.40 dev enp9s0 lladdr 40:88:2f:bc:54:0b REACHABLE 206.81.81.135 dev enp9s0 lladdr 00:62:ec:17:ae:07 STALE 206.81.81.139 dev enp9s0 lladdr 00:b0:4a:d4:08:54 STALE 206.81.80.10 dev enp9s0 lladdr 66:00:00:64:56:01 REACHABLE 206.81.80.108 dev enp9s0 lladdr 40:01:7a:eb:3c:80 STALE 206.81.80.233 dev enp9s0 lladdr 00:1b:21:d1:cc:11 REACHABLE 206.81.81.197 dev enp9s0 lladdr 44:f4:77:2e:68:c7 STALE 206.81.80.199 dev enp9s0 lladdr 00:0b:45:a8:e8:c0 STALE 206.81.81.66 dev enp9s0 lladdr 02:04:73:16:31:08 STALE 206.81.80.68 dev enp9s0 lladdr 5c:5e:ab:b4:47:c1 STALE 206.81.81.201 dev enp9s0 lladdr 02:09:00:29:52:c6 STALE 206.81.80.53 dev enp9s0 lladdr f4:b5:2f:a9:00:d4 STALE 74.120.12.129 dev enp1s0 lladdr 00:00:0c:07:ac:28 REACHABLE 206.81.80.166 dev enp9s0 lladdr 5c:5e:ab:0d:12:0a STALE 206.81.81.33 dev enp9s0 lladdr e8:a2:45:b2:41:b1 STALE 206.81.80.148 dev enp9s0 lladdr 84:03:28:ca:e5:d2 STALE 206.81.81.31 dev enp9s0 lladdr 4e:96:14:90:ba:e5 STALE 206.81.80.152 dev enp9s0 lladdr 30:b6:4f:82:9d:2f REACHABLE 206.81.80.140 dev enp9s0 lladdr 78:19:f7:29:2f:cc STALE 206.81.80.240 dev enp9s0 lladdr 00:33:00:50:01:01 STALE 206.81.81.123 dev enp9s0 lladdr c4:ca:2b:ae:f3:1f REACHABLE 206.81.81.93 dev enp9s0 lladdr 74:8e:f8:a9:43:81 STALE 206.81.80.95 dev enp9s0 lladdr 00:21:a0:51:18:40 STALE 206.81.80.177 dev enp9s0 lladdr 00:3a:7d:34:b8:50 STALE 206.81.80.22 dev enp9s0 lladdr 28:99:3a:42:64:d5 STALE 206.81.81.143 dev enp9s0 lladdr ac:78:d1:45:4c:2f STALE 206.81.81.12 dev enp9s0 lladdr 00:1b:ed:b1:19:00 STALE 206.81.81.231 dev enp9s0 lladdr 88:90:09:65:08:1b STALE 206.81.81.64 dev enp9s0 lladdr 9c:8a:cb:9c:aa:1f STALE 206.81.80.201 dev enp9s0 lladdr 3c:8a:b0:8f:ea:03 STALE 206.81.81.180 dev enp9s0 lladdr c0:d6:82:22:68:f9 STALE 206.81.80.164 dev enp9s0 lladdr 08:b2:58:bf:78:8c STALE 206.81.81.41 dev enp9s0 lladdr 66:00:00:64:56:02 REACHABLE 206.81.80.43 dev enp9s0 lladdr 7c:ad:74:d9:16:60 STALE 206.81.80.168 dev enp9s0 lladdr e8:a2:45:8b:71:83 STALE 206.81.81.29 dev enp9s0 lladdr 2c:21:72:72:cb:c7 STALE 206.81.81.154 dev enp9s0 lladdr 60:9c:9f:59:b2:03 STALE 206.81.80.3 dev enp9s0 lladdr 00:0f:53:0c:fc:2c REACHABLE 206.81.81.242 dev enp9s0 lladdr 44:ec:ce:40:14:0f STALE 206.81.80.113 dev enp9s0 lladdr 04:f8:f8:6f:4d:b2 STALE 206.81.81.99 dev enp9s0 lladdr 30:7c:5e:29:23:03 STALE 206.81.80.214 dev enp9s0 lladdr 64:3a:ea:34:c8:e0 STALE 206.81.81.91 dev enp9s0 lladdr cc:90:70:24:bd:14 STALE 206.81.80.71 dev enp9s0 lladdr 18:2a:d3:d6:ff:00 STALE 206.81.80.65 dev enp9s0 lladdr 02:06:0a:0e:ff:f4 STALE 206.81.80.181 dev enp9s0 lladdr 80:71:1f:80:cf:ca STALE 206.81.81.48 dev enp9s0 lladdr 00:21:59:ae:75:2b STALE 74.120.12.136 dev enp1s0 lladdr 52:54:00:f0:eb:26 STALE Modules ip_gre 32768 0 ip_tables 32768 12 ipt_REJECT 16384 4 ipt_rpfilter 16384 0 ip_tunnel 32768 1 ip_gre nf_conncount 24576 1 xt_connlimit nf_conntrack 176128 32 xt_conntrack,nf_nat_irc,nf_nat,nf_conntrack_tftp,nf_nat_ftp,xt_state,nf_conntrack_pptp,nf_conntrack_netbios_ns,nf_conntrack_sane,xt_nat,nf_nat_tftp,nf_nat_amanda,nf_conntrack_sip,xt_helper,nf_conntrack_h323,nf_nat_pptp,xt_NETMAP,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_amanda,nf_conntrack_netlink,xt_connmark,nf_conntrack_ftp,xt_CT,nf_nat_h323,nf_conncount,nf_conntrack_snmp,nf_nat_snmp_basic,xt_MASQUERADE,xt_connlimit,nf_nat_sip,xt_REDIRECT nf_conntrack_amanda 16384 5 nf_nat_amanda nf_conntrack_broadcast 16384 2 nf_conntrack_netbios_ns,nf_conntrack_snmp nf_conntrack_ftp 24576 5 nf_nat_ftp nf_conntrack_h323 86016 9 nf_nat_h323 nf_conntrack_irc 20480 3 nf_nat_irc nf_conntrack_netbios_ns 16384 2 nf_conntrack_netlink 57344 0 nf_conntrack_pptp 20480 3 nf_nat_pptp nf_conntrack_sane 20480 4 nf_conntrack_sip 40960 5 nf_nat_sip nf_conntrack_snmp 16384 3 nf_nat_snmp_basic nf_conntrack_tftp 20480 5 nf_nat_tftp nf_defrag_ipv4 16384 2 nf_conntrack,xt_TPROXY nf_defrag_ipv6 24576 2 nf_conntrack,xt_TPROXY nf_log_common 16384 2 nf_log_ipv4,nf_log_ipv6 nf_log_ipv4 16384 53 nf_log_ipv6 16384 41 nf_nat 53248 12 nf_nat_irc,nf_nat_ftp,xt_nat,nf_nat_tftp,nf_nat_amanda,nf_nat_pptp,xt_NETMAP,nf_nat_h323,nft_chain_nat,xt_MASQUERADE,nf_nat_sip,xt_REDIRECT nf_nat_amanda 16384 0 nf_nat_ftp 20480 0 nf_nat_h323 24576 0 nf_nat_irc 20480 0 nf_nat_pptp 20480 0 nf_nat_sip 20480 0 nf_nat_snmp_basic 20480 0 nf_nat_tftp 16384 0 nf_reject_ipv4 16384 1 ipt_REJECT nf_reject_ipv6 20480 1 ip6t_REJECT nf_tables 245760 1631 nft_compat,nft_counter,nft_chain_nat nf_tproxy_ipv4 20480 1 xt_TPROXY nf_tproxy_ipv6 20480 1 xt_TPROXY xt_addrtype 16384 133 xt_AUDIT 16384 0 xt_CHECKSUM 16384 0 xt_CLASSIFY 16384 0 xt_comment 16384 53 xt_connlimit 16384 0 xt_connmark 16384 0 xt_conntrack 16384 116 xt_CT 16384 36 xt_dscp 16384 0 xt_DSCP 16384 0 xt_hashlimit 20480 94 xt_helper 16384 0 xt_iprange 20480 0 xt_length 16384 0 xt_LOG 20480 94 xt_mark 16384 2 xt_MASQUERADE 20480 1 xt_multiport 20480 3 xt_nat 16384 0 xt_NETMAP 20480 0 xt_NFLOG 16384 0 xt_NFQUEUE 16384 0 xt_owner 16384 0 xt_physdev 16384 0 xt_policy 16384 90 xt_realm 16384 0 xt_recent 24576 2 xt_REDIRECT 20480 0 xt_state 16384 0 xt_statistic 16384 0 xt_tcpmss 16384 0 xt_TCPMSS 16384 0 xt_tcpudp 20480 63 xt_time 16384 0 xt_TPROXY 20480 0 Shorewall has detected the following iptables/netfilter capabilities: ACCOUNT Target (ACCOUNT_TARGET): Not available Address Type Match (ADDRTYPE): Available Amanda Helper: Available Arptables JF (ARPTABLESJF): Not available AUDIT Target (AUDIT_TARGET): Available Basic Ematch (BASIC_EMATCH): Available Basic Filter (BASIC_FILTER): Available Capabilities Version (CAPVERSION): 50200 Checksum Target (CHECKSUM_TARGET): Available CLASSIFY Target (CLASSIFY_TARGET): Available Comments (COMMENTS): Available Condition Match (CONDITION_MATCH): Not available Connection Tracking Match (CONNTRACK_MATCH): Available Connlimit Match (CONNLIMIT_MATCH): Available Connmark Match (CONNMARK_MATCH): Available CONNMARK Target (CONNMARK): Available CT Target (CT_TARGET): Available DSCP Match (DSCP_MATCH): Available DSCP Target (DSCP_TARGET): Available Enhanced Multi-port Match (EMULIPORT): Available Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available Extended Connmark Match (XCONNMARK_MATCH): Available Extended CONNMARK Target (XCONNMARK): Available Extended MARK Target 2 (EXMARK): Available Extended MARK Target (XMARK): Available Extended Multi-port Match (XMULIPORT): Available Extended REJECT (ENHANCED_REJECT): Available FLOW Classifier (FLOW_FILTER): Available FTP-0 Helper: Not available FTP Helper: Available fwmark route mask (FWMARK_RT_MASK): Available Geo IP Match (GEOIP_MATCH): Not available Goto Support (GOTO_TARGET): Available H323 Helper: Available Hashlimit Match (HASHLIMIT_MATCH): Available Header Match (HEADER_MATCH): Not available Helper Match (HELPER_MATCH): Available Iface Match (IFACE_MATCH): Not available IMQ Target (IMQ_TARGET): Not available INPUT chain in nat table (NAT_INPUT_CHAIN): Available IPMARK Target (IPMARK_TARGET): Not available IPP2P Match (IPP2P_MATCH): Not available IP range Match(IPRANGE_MATCH): Available Ipset Match (IPSET_MATCH): Not available ipset V5 (IPSET_V5): Not available iptables-restore --wait option (RESTORE_WAIT_OPTION): Available iptables -S (IPTABLES_S): Available iptables --wait option (WAIT_OPTION): Available IRC-0 Helper: Not available IRC Helper: Available Kernel Version (KERNELVERSION): 51000 LOGMARK Target (LOGMARK_TARGET): Not available LOG Target (LOG_TARGET): Available Mangle FORWARD Chain (MANGLE_FORWARD): Available Mark in the filter table (MARK_ANYWHERE): Available MARK Target (MARK): Available MASQUERADE Target (MASQUERADE_TGT): Available Multi-port Match (MULTIPORT): Available NAT (NAT_ENABLED): Available Netbios_ns Helper: Available NETMAP Target (NETMAP_TARGET): Available New tos Match (NEW_TOS_MATCH): Available NFAcct Match: Not available --nflog-size support (NFLOG_SIZE): Available NFLOG Target (NFLOG_TARGET): Available NFQUEUE CPU Fanout (CPU_FANOUT): Available NFQUEUE Target (NFQUEUE_TARGET): Available Owner Match (OWNER_MATCH): Available Owner Name Match (OWNER_NAME_MATCH): Available Packet length Match (LENGTH_MATCH): Available Packet Mangling (MANGLE_ENABLED): Available Persistent SNAT (PERSISTENT_SNAT): Available Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available Physdev Match (PHYSDEV_MATCH): Available Policy Match (POLICY_MATCH): Available PPTP Helper: Available Raw Table (RAW_TABLE): Available Realm Match (REALM_MATCH): Available Recent Match "--reap" option (REAP_OPTION): Available Recent Match (RECENT_MATCH): Available Repeat match (KLUDGEFREE): Available RPFilter Match (RPFILTER_MATCH): Available SANE-0 Helper: Not available SANE Helper: Available SIP-0 Helper: Not available SIP Helper: Available SNMP Helper: Available Statistic Match (STATISTIC_MATCH): Available TARPIT Target (TARPIT_TARGET): Not available TCPMSS Match (TCPMSS_MATCH): Available TCPMSS Target (TCPMSS_TARGET): Available TFTP-0 Helper: Not available TFTP Helper: Available Time Match (TIME_MATCH): Available TPROXY Target (TPROXY_TARGET): Available UDPLITE Port Redirection (UDPLITEREDIRECT): Not available ULOG Target (ULOG_TARGET): Not available Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp UNCONN 0 0 0.0.0.0:4500 0.0.0.0:* users:(("charon-systemd",pid=3927006,fd=12)) udp UNCONN 0 0 0.0.0.0:4500 0.0.0.0:* users:(("charon",pid=3766769,fd=13)) udp UNCONN 0 0 0.0.0.0:500 0.0.0.0:* users:(("charon-systemd",pid=3927006,fd=11)) udp UNCONN 0 0 0.0.0.0:500 0.0.0.0:* users:(("charon",pid=3766769,fd=12)) tcp LISTEN 0 128 100.65.12.1:22 0.0.0.0:* users:(("sshd",pid=3142535,fd=3)) tcp LISTEN 0 20 127.0.0.1:25 0.0.0.0:* users:(("exim4",pid=3152625,fd=4)) tcp LISTEN 0 8 0.0.0.0:179 0.0.0.0:* users:(("bird",pid=3766560,fd=8)) tcp ESTAB 0 0 206.81.80.184:179 206.81.80.212:8042 users:(("bird",pid=3766560,fd=21)) tcp ESTAB 0 0 206.81.80.184:179 206.81.81.123:38189 users:(("bird",pid=3766560,fd=10)) tcp ESTAB 0 0 100.65.12.1:51222 100.65.12.70:22 users:(("ssh",pid=194965,fd=3)) tcp ESTAB 0 0 100.65.12.1:22 100.65.12.70:59084 users:(("sshd",pid=3926496,fd=4),("sshd",pid=3926489,fd=4)) tcp ESTAB 0 0 206.81.80.184%enp9s0:58237 206.81.80.3:179 users:(("bird",pid=3766560,fd=18)) tcp ESTAB 0 0 206.81.80.184%enp9s0:36225 206.81.80.205:179 users:(("bird",pid=3766560,fd=17)) tcp ESTAB 0 0 206.81.80.184%enp9s0:59491 206.81.81.41:179 users:(("bird",pid=3766560,fd=14)) tcp ESTAB 0 0 100.65.12.1:22 100.65.12.70:41896 users:(("sshd",pid=2682,fd=4),("sshd",pid=2676,fd=4)) tcp ESTAB 0 0 206.81.80.184%enp9s0:46237 206.81.80.2:179 users:(("bird",pid=3766560,fd=20)) tcp ESTAB 0 0 206.81.80.184%enp9s0:43635 206.81.81.28:179 users:(("bird",pid=3766560,fd=11)) tcp ESTAB 0 0 206.81.80.184%enp9s0:48129 206.81.80.152:179 users:(("bird",pid=3766560,fd=12)) tcp ESTAB 0 0 206.81.80.184%enp9s0:43669 206.81.80.204:179 users:(("bird",pid=3766560,fd=16)) tcp ESTAB 0 0 206.81.80.184%enp9s0:33745 206.81.80.233:179 users:(("bird",pid=3766560,fd=13)) tcp ESTAB 0 0 206.81.80.184%enp9s0:35929 206.81.80.10:179 users:(("bird",pid=3766560,fd=19)) tcp ESTAB 0 0 206.81.80.184%enp9s0:37831 206.81.80.40:179 users:(("bird",pid=3766560,fd=15)) tcp ESTAB 0 0 100.65.12.1:22 100.65.12.70:38202 users:(("sshd",pid=3884106,fd=4),("sshd",pid=3884099,fd=4)) tcp ESTAB 0 0 100.65.12.1:22 100.65.12.70:57122 users:(("sshd",pid=1157,fd=4),("sshd",pid=1144,fd=4)) tcp ESTAB 0 0 100.65.12.1:42574 100.65.12.70:22 users:(("ssh",pid=3574330,fd=3)) Traffic Control Device lo: qdisc noqueue 0: root refcnt 2 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Device enp1s0: qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 6688927605 bytes 10880802 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Device enp2s0: qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 279347012 bytes 407487 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Device enp9s0: qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 38759211943 bytes 313353556 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Device enp10s0: qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 4045501148 bytes 10302152 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Device enp11s0: qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 170465 bytes 2173 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Device wanjet1: qdisc noqueue 0: root refcnt 2 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 TC Filters Device lo: Device enp1s0: Device enp2s0: Device enp9s0: Device enp10s0: Device enp11s0: Device wanjet1: