Shorewall 5.0.15.6 Dump at debian - fr. 11. aug. 01:16:10 +0200 2017
Shorewall is running
State:Started fr. 11. aug. 00:58:36 +0200 2017 from /etc/shorewall/ (/var/lib/shorewall/firewall compiled fr. 11. aug. 00:58:35 +0200 2017 by Shorewall version 5.0.15.6)
Counters reset fr. 11. aug. 00:58:36 +0200 2017
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
575 59677 net-fw all -- enp0s10 * 0.0.0.0/0 0.0.0.0/0
147 17545 enp1s6_in all -- enp1s6 * 0.0.0.0/0 0.0.0.0/0
1163 247K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 net_frwd all -- enp0s10 * 0.0.0.0/0 0.0.0.0/0
0 0 loc_frwd all -- enp1s6 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1462 404K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
80 12739 ACCEPT all -- * enp0s10 0.0.0.0/0 0.0.0.0/0
177 21560 fw-loc all -- * enp1s6 0.0.0.0/0 0.0.0.0/0
15 435 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
108 8910 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
208 32023 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
205 23504 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 /* Needed ICMP types */
205 23504 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
2 370 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
9 982 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */
Chain Reject (4 references)
pkts bytes target prot opt in out source destination
177 21560 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 /* Needed ICMP types */
177 21560 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain enp1s6_in (1 references)
pkts bytes target prot opt in out source destination
147 17545 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
17 5834 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
130 11711 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
177 21560 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
52 2643 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * enp0s10 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-fw (1 references)
pkts bytes target prot opt in out source destination
254 30581 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
321 29096 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
15 5069 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
47 3448 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
28 1648 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,80,443 /* SSH, Web */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 /* Needed ICMP types */
6 360 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1025
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 35555,51127,10702,21935,51128
205 23504 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
3 136 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net-loc all -- * enp1s6 0.0.0.0/0 0.0.0.0/0
Chain reject (9 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
49 2499 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
3 144 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain sha-lh-05bf45e68b2758b1ef7a (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-fe15c12fe43d29f8e463 (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 13 packets, 640 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 8 packets, 480 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1 40 MASQUERADE all -- * enp0s10 172.30.30.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 281 packets, 46698 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 277 packets, 46570 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK and 0xffffff00
Chain OUTPUT (policy ACCEPT 266 packets, 88900 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 266 packets, 88900 bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 281 packets, 46698 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 CT helper irc
321 26172 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6566 CT helper sane
1 435 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 266 packets, 88900 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720 CT helper Q.931
26 1569 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 CT helper tftp
Conntrack Table (27 out of 65536)
ipv4 2 unknown 2 525 src=192.168.0.1 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=192.168.0.1 mark=0 zone=0 use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=192.168.0.142 dst=192.168.0.140 sport=49553 dport=22 src=192.168.0.140 dst=192.168.0.142 sport=22 dport=49553 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431964 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37508 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37508 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 428450 ESTABLISHED src=192.168.0.135 dst=192.168.0.130 sport=60556 dport=22 src=192.168.0.130 dst=192.168.0.135 sport=22 dport=60556 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 429829 ESTABLISHED src=192.168.0.135 dst=192.168.0.130 sport=62306 dport=1025 src=192.168.0.130 dst=192.168.0.135 sport=1025 dport=62306 [ASSURED] mark=0 zone=0 use=2
ipv4 2 unknown 2 96 src=192.168.0.140 dst=224.0.0.22 [UNREPLIED] src=224.0.0.22 dst=192.168.0.140 mark=0 zone=0 use=2
ipv4 2 tcp 6 431964 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37514 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37514 [ASSURED] mark=0 zone=0 use=2
ipv4 2 unknown 2 77 src=81.167.123.208 dst=224.0.0.22 [UNREPLIED] src=224.0.0.22 dst=81.167.123.208 mark=0 zone=0 use=2
ipv4 2 tcp 6 431964 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37510 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37510 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 429879 ESTABLISHED src=192.168.0.1 dst=192.168.0.130 sport=55397 dport=51127 src=192.168.0.130 dst=192.168.0.1 sport=51127 dport=55397 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431930 ESTABLISHED src=192.168.0.140 dst=193.163.220.3 sport=47626 dport=6667 src=193.163.220.3 dst=192.168.0.140 sport=6667 dport=47626 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 50 TIME_WAIT src=185.17.73.141 dst=192.168.0.140 sport=50526 dport=80 src=192.168.0.140 dst=185.17.73.141 sport=80 dport=50526 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 429692 ESTABLISHED src=192.168.0.135 dst=192.168.0.130 sport=60555 dport=22 src=192.168.0.130 dst=192.168.0.135 sport=22 dport=60555 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431964 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37512 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37512 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 64 TIME_WAIT src=66.103.132.86 dst=192.168.0.140 sport=56901 dport=1025 src=192.168.0.140 dst=66.103.132.86 sport=1025 dport=56901 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 429886 ESTABLISHED src=192.168.0.1 dst=192.168.0.130 sport=61741 dport=51127 src=192.168.0.130 dst=192.168.0.1 sport=51127 dport=61741 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 429877 ESTABLISHED src=85.166.245.157 dst=192.168.0.130 sport=52578 dport=51127 src=192.168.0.130 dst=85.166.245.157 sport=51127 dport=52578 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 50 TIME_WAIT src=66.103.132.86 dst=192.168.0.140 sport=56812 dport=80 src=192.168.0.140 dst=66.103.132.86 sport=80 dport=56812 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 377535 ESTABLISHED src=45.79.223.204 dst=192.168.0.130 sport=57385 dport=10000 src=192.168.0.130 dst=45.79.223.204 sport=10000 dport=57385 [ASSURED] mark=0 zone=0 use=2
ipv4 2 unknown 2 533 src=192.168.0.1 dst=224.0.0.251 [UNREPLIED] src=224.0.0.251 dst=192.168.0.1 mark=0 zone=0 use=2
ipv4 2 tcp 6 430878 ESTABLISHED src=192.168.0.135 dst=192.168.0.142 sport=65318 dport=22 src=192.168.0.142 dst=192.168.0.135 sport=22 dport=65318 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 64 TIME_WAIT src=66.103.132.86 dst=192.168.0.140 sport=56900 dport=1025 src=192.168.0.140 dst=66.103.132.86 sport=1025 dport=56900 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 50 TIME_WAIT src=154.35.129.138 dst=192.168.0.140 sport=33892 dport=80 src=192.168.0.140 dst=154.35.129.138 sport=80 dport=33892 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 430327 ESTABLISHED src=85.166.245.157 dst=81.167.123.208 sport=53413 dport=51127 src=81.167.123.208 dst=85.166.245.157 sport=51127 dport=53413 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 430945 ESTABLISHED src=192.168.0.135 dst=192.168.0.142 sport=65235 dport=22 src=192.168.0.142 dst=192.168.0.135 sport=22 dport=65235 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431979 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37506 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37506 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 51 TIME_WAIT src=66.103.132.86 dst=192.168.0.140 sport=56821 dport=80 src=192.168.0.140 dst=66.103.132.86 sport=80 dport=56821 [ASSURED] mark=0 zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.0.140/24 brd 192.168.0.255 scope global dynamic enp0s10
valid_lft 85896sec preferred_lft 85896sec
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
28932294 125622 0 0 0 0
TX: bytes packets errors dropped carrier collsns
28932294 125622 0 0 0 0
2: enp1s6: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 00:10:a7:2a:89:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
4306255 8556 0 0 0 0
TX: bytes packets errors dropped carrier collsns
615298 4847 0 0 0 0
3: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:1e:8c:60:c7:d1 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
259400880 562712 0 2 0 11613
TX: bytes packets errors dropped carrier collsns
398626775 604068 0 0 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.0.140 dev enp0s10 proto kernel scope host src 192.168.0.140
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.0.255 dev enp0s10 proto kernel scope link src 192.168.0.140
broadcast 192.168.0.0 dev enp0s10 proto kernel scope link src 192.168.0.140
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.0.0/24 dev enp0s10 proto kernel scope link src 192.168.0.140 metric 100
192.168.0.0/24 dev enp0s10 proto kernel scope link src 192.168.0.140
default via 192.168.0.1 dev enp0s10 proto static metric 100
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 4.9.0-3-686-pae (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06)
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/enp0s10/proxy_arp = 0
/proc/sys/net/ipv4/conf/enp0s10/arp_filter = 0
/proc/sys/net/ipv4/conf/enp0s10/arp_ignore = 0
/proc/sys/net/ipv4/conf/enp0s10/rp_filter = 1
/proc/sys/net/ipv4/conf/enp0s10/log_martians = 1
/proc/sys/net/ipv4/conf/enp1s6/proxy_arp = 0
/proc/sys/net/ipv4/conf/enp1s6/arp_filter = 0
/proc/sys/net/ipv4/conf/enp1s6/arp_ignore = 0
/proc/sys/net/ipv4/conf/enp1s6/rp_filter = 1
/proc/sys/net/ipv4/conf/enp1s6/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
ARP
192.168.0.142 dev enp0s10 lladdr 04:7d:7b:6a:1f:15 DELAY
192.168.0.1 dev enp0s10 lladdr 58:6d:8f:d0:bc:e0 STALE
Modules
iptable_filter 16384 1
iptable_mangle 16384 1
iptable_nat 16384 1
iptable_raw 16384 1
ip_tables 20480 4 iptable_mangle,iptable_filter,iptable_raw,iptable_nat
ipt_MASQUERADE 16384 1
ipt_REJECT 16384 4
ipt_rpfilter 16384 0
nf_conntrack 81920 32 nf_nat_pptp,nf_conntrack_sip,nf_conntrack_snmp,nf_conntrack_proto_sctp,nf_conntrack_irc,nf_nat_h323,nf_conntrack_ftp,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_ipv4,nf_conntrack_tftp,nf_nat_irc,xt_connmark,nf_conntrack_pptp,nf_conntrack_amanda,xt_helper,nf_conntrack_broadcast,nf_nat_ftp,nf_conntrack_sane,nf_nat_amanda,xt_connlimit,nf_conntrack_netlink,nf_conntrack_proto_udplite,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_CT,nf_nat_masquerade_ipv4,nf_conntrack_h323,xt_conntrack,nf_nat_ipv4,nf_nat_tftp,nf_nat
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp 16384 3 nf_nat_ftp
nf_conntrack_h323 57344 5 nf_nat_h323
nf_conntrack_ipv4 16384 34
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 36864 0
nf_conntrack_pptp 16384 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 20480 0
nf_conntrack_proto_udplite 16384 0
nf_conntrack_sane 16384 2
nf_conntrack_sip 24576 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 2 nf_conntrack_ipv4,xt_TPROXY
nf_defrag_ipv6 24576 1 xt_TPROXY
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 1
nf_nat 24576 11 nf_nat_pptp,nf_nat_proto_gre,xt_nat,nf_nat_h323,nf_nat_sip,nf_nat_irc,nf_nat_ftp,nf_nat_amanda,nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat_tftp
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat_irc 16384 0
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
xt_addrtype 16384 4
xt_AUDIT 16384 0
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 19
xt_connlimit 16384 0
xt_connmark 16384 0
xt_conntrack 16384 11
xt_CT 16384 22
xt_DSCP 16384 0
xt_dscp 16384 0
xt_hashlimit 20480 0
xt_helper 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_LOG 16384 1
xt_mark 16384 1
xt_multiport 16384 6
xt_nat 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 0
xt_pkttype 16384 0
xt_policy 16384 0
xt_realm 16384 0
xt_recent 20480 1
xt_statistic 16384 0
xt_TCPMSS 16384 0
xt_tcpmss 16384 0
xt_tcpudp 16384 43
xt_time 16384 0
xt_TPROXY 20480 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 40900
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:49093 *:* users:(("avahi-daemon",pid=315,fd=14))
udp UNCONN 0 0 172.30.30.1:53 *:* users:(("pdns_recursor",pid=2521,fd=4))
udp UNCONN 0 0 *:17983 *:* users:(("dhcpd",pid=17657,fd=20))
udp UNCONN 0 0 *:67 *:* users:(("dhcpd",pid=17657,fd=7))
udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=22186,fd=6))
udp UNCONN 0 0 *:631 *:* users:(("cups-browsed",pid=19087,fd=7))
udp UNCONN 0 0 *:5353 *:* users:(("avahi-daemon",pid=315,fd=12))
udp UNCONN 0 0 *:10000 *:* users:(("miniserv.pl",pid=1296,fd=6))
udp UNCONN 0 0 *:1900 *:* users:(("minissdpd",pid=970,fd=4))
tcp LISTEN 0 128 172.30.30.1:53 *:* users:(("pdns_recursor",pid=2521,fd=5))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=382,fd=3))
tcp LISTEN 0 5 127.0.0.1:631 *:* users:(("cupsd",pid=19086,fd=10))
tcp LISTEN 0 50 *:51127 *:* users:(("java",pid=1410,fd=128))
tcp LISTEN 0 20 127.0.0.1:25 *:* users:(("exim4",pid=1331,fd=3))
tcp LISTEN 0 50 *:35555 *:* users:(("java",pid=1410,fd=132))
tcp LISTEN 0 50 127.0.0.1:10702 *:* users:(("java",pid=1410,fd=90))
tcp LISTEN 0 100 *:21935 *:* users:(("java",pid=1454,fd=98))
tcp LISTEN 0 128 *:10000 *:* users:(("miniserv.pl",pid=1296,fd=5))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37506 users:(("java",pid=1410,fd=112))
tcp ESTAB 0 0 192.168.0.140:47626 193.163.220.3:6667 users:(("znc",pid=4441,fd=7))
tcp ESTAB 0 0 192.168.0.142:22 192.168.0.135:65318 users:(("sshd",pid=21277,fd=3))
tcp ESTAB 0 0 127.0.0.1:37512 127.0.0.1:10702 users:(("java",pid=1410,fd=92))
tcp ESTAB 0 0 192.168.0.130:10000 45.79.223.204:57385 users:(("miniserv.pl",pid=10426,fd=9))
tcp ESTAB 0 0 127.0.0.1:37514 127.0.0.1:10702 users:(("java",pid=1410,fd=111))
tcp ESTAB 0 0 192.168.0.130:22 192.168.0.135:60556 users:(("sshd",pid=13568,fd=3))
tcp ESTAB 0 0 192.168.0.140:22 192.168.0.142:49553 users:(("sshd",pid=22299,fd=3),("sshd",pid=22292,fd=3))
tcp ESTAB 0 0 127.0.0.1:37508 127.0.0.1:10702 users:(("java",pid=1410,fd=89))
tcp ESTAB 0 0 127.0.0.1:49030 127.0.0.1:51127 users:(("java",pid=1454,fd=78))
tcp ESTAB 0 0 192.168.0.142:22 192.168.0.135:65235 users:(("sshd",pid=21267,fd=3),("sshd",pid=21260,fd=3))
tcp ESTAB 0 0 192.168.0.130:22 192.168.0.135:60555 users:(("sshd",pid=13558,fd=3),("sshd",pid=13551,fd=3))
tcp ESTAB 0 0 127.0.0.1:37510 127.0.0.1:10702 users:(("java",pid=1410,fd=114))
tcp ESTAB 0 0 127.0.0.1:37506 127.0.0.1:10702 users:(("java",pid=1410,fd=93))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37510 users:(("java",pid=1410,fd=91))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37512 users:(("java",pid=1410,fd=115))
tcp ESTAB 0 0 127.0.0.1:51127 127.0.0.1:49030 users:(("java",pid=1410,fd=143))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37508 users:(("java",pid=1410,fd=113))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37514 users:(("java",pid=1410,fd=94))
Traffic Control
Device lo:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device enp1s6:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 611772 bytes 4847 pkt (dropped 0, overlimits 0 requeues 9)
backlog 0b 0p requeues 9
Device enp0s10:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 398626775 bytes 604068 pkt (dropped 0, overlimits 0 requeues 26395)
backlog 0b 0p requeues 26395
TC Filters
Device lo:
Device enp1s6:
Device enp0s10: