Shorewall 5.0.15.6 Dump at debian - fr. 11. aug. 02:22:49 +0200 2017
Shorewall is running
State:Started fr. 11. aug. 02:12:36 +0200 2017 from /etc/shorewall/ (/var/lib/shorewall/firewall compiled fr. 11. aug. 02:12:36 +0200 2017 by Shorewall version 5.0.15.6)
Counters reset fr. 11. aug. 02:12:36 +0200 2017
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
507 40657 net-fw all -- enp0s10 * 0.0.0.0/0 0.0.0.0/0
117 14908 loc-fw all -- enp1s6 * 0.0.0.0/0 0.0.0.0/0
597 128K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 net_frwd all -- enp0s10 * 0.0.0.0/0 0.0.0.0/0
0 0 loc_frwd all -- enp1s6 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
862 200K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
9 587 fw-net all -- * enp0s10 0.0.0.0/0 0.0.0.0/0
54 7879 fw-loc all -- * enp1s6 0.0.0.0/0 0.0.0.0/0
6 174 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
237 18486 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
106 11336 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
290 21991 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 /* Needed ICMP types */
290 21991 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */
Chain Reject (4 references)
pkts bytes target prot opt in out source destination
54 7879 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 /* Needed ICMP types */
54 7879 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain fw-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
54 7879 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
1 48 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain fw-net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
9 587 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc-fw (1 references)
pkts bytes target prot opt in out source destination
117 14908 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
14 4872 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
103 10036 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc-net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 loc-net all -- * enp0s10 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-fw (1 references)
pkts bytes target prot opt in out source destination
292 22083 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
215 18574 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
2 92 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* SSH */
1 40 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* Web */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 /* Web */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 /* Needed ICMP types */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1025
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 35555,51127,10702,21935,51128
290 21991 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net-loc all -- * enp1s6 0.0.0.0/0 0.0.0.0/0
Chain reject (9 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
1 48 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain sha-lh-0bac3d847e40ee039287 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-544f26d6fe721fde2fee (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x05/0x05
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x19/0x09
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 56 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 56 bytes)
pkts bytes target prot opt in out source destination
9 587 enp0s10_masq all -- * enp0s10 0.0.0.0/0 0.0.0.0/0
Chain enp0s10_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 172.30.30.0/24 0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 92 packets, 16808 bytes)
pkts bytes target prot opt in out source destination
1927 250K tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 92 packets, 16808 bytes)
pkts bytes target prot opt in out source destination
1221 184K tcin all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK and 0xffffff00
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 105 packets, 28275 bytes)
pkts bytes target prot opt in out source destination
931 209K tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 105 packets, 28275 bytes)
pkts bytes target prot opt in out source destination
878 201K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 92 packets, 16808 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720 CT helper Q.931
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 CT helper irc
408 32616 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 105 packets, 28275 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1719 CT helper RAS
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720 CT helper Q.931
4 230 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 CT helper tftp
Conntrack Table (25 out of 65536)
ipv4 2 tcp 6 431996 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37532 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37532 [ASSURED] mark=0 zone=0 use=2
ipv4 2 unknown 2 535 src=192.168.0.1 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=192.168.0.1 mark=0 zone=0 use=2
ipv4 2 tcp 6 428770 ESTABLISHED src=192.168.0.142 dst=192.168.0.140 sport=49553 dport=22 src=192.168.0.140 dst=192.168.0.142 sport=22 dport=49553 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37534 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37534 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37530 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37530 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 424452 ESTABLISHED src=192.168.0.135 dst=192.168.0.130 sport=60556 dport=22 src=192.168.0.130 dst=192.168.0.135 sport=22 dport=60556 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 24 src=192.168.0.140 dst=192.58.128.30 sport=1238 dport=53 src=192.58.128.30 dst=192.168.0.140 sport=53 dport=1238 mark=0 zone=0 use=2
ipv4 2 tcp 6 425831 ESTABLISHED src=192.168.0.135 dst=192.168.0.130 sport=62306 dport=1025 src=192.168.0.130 dst=192.168.0.135 sport=1025 dport=62306 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 425881 ESTABLISHED src=192.168.0.1 dst=192.168.0.130 sport=55397 dport=51127 src=192.168.0.130 dst=192.168.0.1 sport=51127 dport=55397 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37528 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37528 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 428752 ESTABLISHED src=192.168.0.140 dst=193.163.220.3 sport=47626 dport=6667 src=193.163.220.3 dst=192.168.0.140 sport=6667 dport=47626 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 425694 ESTABLISHED src=192.168.0.135 dst=192.168.0.130 sport=60555 dport=22 src=192.168.0.130 dst=192.168.0.135 sport=22 dport=60555 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431226 ESTABLISHED src=192.168.0.143 dst=192.168.0.140 sport=50318 dport=22 src=192.168.0.140 dst=192.168.0.143 sport=22 dport=50318 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 425887 ESTABLISHED src=192.168.0.1 dst=192.168.0.130 sport=61741 dport=51127 src=192.168.0.130 dst=192.168.0.1 sport=51127 dport=61741 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 428172 ESTABLISHED src=192.168.0.142 dst=192.168.0.140 sport=49645 dport=22 src=192.168.0.140 dst=192.168.0.142 sport=22 dport=49645 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 425878 ESTABLISHED src=85.166.245.157 dst=192.168.0.130 sport=52578 dport=51127 src=192.168.0.130 dst=85.166.245.157 sport=51127 dport=52578 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 373536 ESTABLISHED src=45.79.223.204 dst=192.168.0.130 sport=57385 dport=10000 src=192.168.0.130 dst=45.79.223.204 sport=10000 dport=57385 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 426880 ESTABLISHED src=192.168.0.135 dst=192.168.0.142 sport=65318 dport=22 src=192.168.0.142 dst=192.168.0.135 sport=22 dport=65318 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 430452 ESTABLISHED src=192.168.0.142 dst=192.168.0.140 sport=50208 dport=22 src=192.168.0.140 dst=192.168.0.142 sport=22 dport=50208 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431726 ESTABLISHED src=192.168.0.140 dst=193.163.220.3 sport=47630 dport=6667 src=193.163.220.3 dst=192.168.0.140 sport=6667 dport=47630 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 426328 ESTABLISHED src=85.166.245.157 dst=81.167.123.208 sport=53413 dport=51127 src=81.167.123.208 dst=85.166.245.157 sport=51127 dport=53413 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431996 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37536 dport=10702 src=127.0.0.1 dst=127.0.0.1 sport=10702 dport=37536 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=192.168.0.143 dst=192.168.0.140 sport=50599 dport=22 src=192.168.0.140 dst=192.168.0.143 sport=22 dport=50599 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 426947 ESTABLISHED src=192.168.0.135 dst=192.168.0.142 sport=65235 dport=22 src=192.168.0.142 dst=192.168.0.135 sport=22 dport=65235 [ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 430458 ESTABLISHED src=192.168.0.142 dst=192.168.0.140 sport=50214 dport=22 src=192.168.0.140 dst=192.168.0.142 sport=22 dport=50214 [ASSURED] mark=0 zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp1s6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 172.30.30.11/24 brd 172.30.30.255 scope global dynamic enp1s6
valid_lft 37442sec preferred_lft 37442sec
3: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.0.140/24 brd 192.168.0.255 scope global dynamic enp0s10
valid_lft 83903sec preferred_lft 83903sec
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
29792329 129695 0 0 0 0
TX: bytes packets errors dropped carrier collsns
29792329 129695 0 0 0 0
2: enp1s6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:10:a7:2a:89:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
4512756 10336 0 0 0 0
TX: bytes packets errors dropped carrier collsns
661437 5094 0 0 0 0
3: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:1e:8c:60:c7:d1 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
260228300 568828 0 2 0 14596
TX: bytes packets errors dropped carrier collsns
399152234 605528 0 0 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 192.168.0.140 dev enp0s10 proto kernel scope host src 192.168.0.140
local 172.30.30.11 dev enp1s6 proto kernel scope host src 172.30.30.11
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.0.255 dev enp0s10 proto kernel scope link src 192.168.0.140
broadcast 192.168.0.0 dev enp0s10 proto kernel scope link src 192.168.0.140
broadcast 172.30.30.255 dev enp1s6 proto kernel scope link src 172.30.30.11
broadcast 172.30.30.0 dev enp1s6 proto kernel scope link src 172.30.30.11
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.0.0/24 dev enp0s10 proto kernel scope link src 192.168.0.140 metric 100
172.30.30.0/24 dev enp1s6 proto kernel scope link src 172.30.30.11 metric 100
default via 192.168.0.1 dev enp0s10 proto static metric 100
default via 172.30.30.1 dev enp1s6 proto static metric 101
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 4.9.0-3-686-pae (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06)
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/enp0s10/proxy_arp = 0
/proc/sys/net/ipv4/conf/enp0s10/arp_filter = 0
/proc/sys/net/ipv4/conf/enp0s10/arp_ignore = 0
/proc/sys/net/ipv4/conf/enp0s10/rp_filter = 1
/proc/sys/net/ipv4/conf/enp0s10/log_martians = 1
/proc/sys/net/ipv4/conf/enp1s6/proxy_arp = 0
/proc/sys/net/ipv4/conf/enp1s6/arp_filter = 0
/proc/sys/net/ipv4/conf/enp1s6/arp_ignore = 0
/proc/sys/net/ipv4/conf/enp1s6/rp_filter = 1
/proc/sys/net/ipv4/conf/enp1s6/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
ARP
192.168.0.143 dev enp0s10 lladdr e0:ca:94:df:50:ed DELAY
192.168.0.142 dev enp0s10 lladdr 04:7d:7b:6a:1f:15 STALE
192.168.0.1 dev enp0s10 lladdr 58:6d:8f:d0:bc:e0 REACHABLE
Modules
iptable_filter 16384 1
iptable_mangle 16384 1
iptable_nat 16384 1
iptable_raw 16384 1
ip_tables 20480 4 iptable_mangle,iptable_filter,iptable_raw,iptable_nat
ipt_MASQUERADE 16384 1
ipt_REJECT 16384 4
ipt_rpfilter 16384 0
nf_conntrack 81920 32 nf_nat_pptp,nf_conntrack_sip,nf_conntrack_snmp,nf_conntrack_proto_sctp,nf_conntrack_irc,nf_nat_h323,nf_conntrack_ftp,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_ipv4,nf_conntrack_tftp,nf_nat_irc,xt_connmark,nf_conntrack_pptp,nf_conntrack_amanda,xt_helper,nf_conntrack_broadcast,nf_nat_ftp,nf_conntrack_sane,nf_nat_amanda,xt_connlimit,nf_conntrack_netlink,nf_conntrack_proto_udplite,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_CT,nf_nat_masquerade_ipv4,nf_conntrack_h323,xt_conntrack,nf_nat_ipv4,nf_nat_tftp,nf_nat
nf_conntrack_amanda 16384 3 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp 16384 3 nf_nat_ftp
nf_conntrack_h323 57344 5 nf_nat_h323
nf_conntrack_ipv4 16384 34
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 36864 0
nf_conntrack_pptp 16384 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 20480 0
nf_conntrack_proto_udplite 16384 0
nf_conntrack_sane 16384 2
nf_conntrack_sip 24576 3 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 3 nf_nat_tftp
nf_defrag_ipv4 16384 2 nf_conntrack_ipv4,xt_TPROXY
nf_defrag_ipv6 24576 1 xt_TPROXY
nf_log_common 16384 1 nf_log_ipv4
nf_log_ipv4 16384 1
nf_nat 24576 11 nf_nat_pptp,nf_nat_proto_gre,xt_nat,nf_nat_h323,nf_nat_sip,nf_nat_irc,nf_nat_ftp,nf_nat_amanda,nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat_tftp
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat_irc 16384 0
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
xt_addrtype 16384 4
xt_AUDIT 16384 0
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 21
xt_connlimit 16384 0
xt_connmark 16384 0
xt_conntrack 16384 11
xt_CT 16384 22
xt_DSCP 16384 0
xt_dscp 16384 0
xt_hashlimit 20480 0
xt_helper 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_LOG 16384 1
xt_mark 16384 1
xt_multiport 16384 5
xt_nat 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 0
xt_pkttype 16384 0
xt_policy 16384 0
xt_realm 16384 0
xt_recent 20480 1
xt_statistic 16384 0
xt_TCPMSS 16384 0
xt_tcpmss 16384 0
xt_tcpudp 16384 47
xt_time 16384 0
xt_TPROXY 20480 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50004
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
iptables --wait option (WAIT_OPTION): Available
IRC-0 Helper: Not available
IRC Helper: Available
Kernel Version (KERNELVERSION): 40900
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Available
Rawpost Table (RAWPOST_TABLE): Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:49093 *:* users:(("avahi-daemon",pid=315,fd=14))
udp UNCONN 0 0 172.30.30.1:53 *:* users:(("pdns_recursor",pid=2521,fd=4))
udp UNCONN 0 0 *:17983 *:* users:(("dhcpd",pid=17657,fd=20))
udp UNCONN 0 0 *:67 *:* users:(("dhcpd",pid=17657,fd=7))
udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=24747,fd=6))
udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=23662,fd=6))
udp UNCONN 0 0 *:631 *:* users:(("cups-browsed",pid=19087,fd=7))
udp UNCONN 0 0 *:5353 *:* users:(("avahi-daemon",pid=315,fd=12))
udp UNCONN 0 0 *:10000 *:* users:(("miniserv.pl",pid=1296,fd=6))
udp UNCONN 0 0 *:1900 *:* users:(("minissdpd",pid=970,fd=4))
tcp LISTEN 0 128 172.30.30.1:53 *:* users:(("pdns_recursor",pid=2521,fd=5))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=382,fd=3))
tcp LISTEN 0 5 127.0.0.1:631 *:* users:(("cupsd",pid=19086,fd=10))
tcp LISTEN 0 50 *:51127 *:* users:(("java",pid=1410,fd=128))
tcp LISTEN 0 20 127.0.0.1:25 *:* users:(("exim4",pid=1331,fd=3))
tcp LISTEN 0 50 *:35555 *:* users:(("java",pid=1410,fd=132))
tcp LISTEN 0 50 127.0.0.1:10702 *:* users:(("java",pid=1410,fd=90))
tcp LISTEN 0 100 *:21935 *:* users:(("java",pid=1454,fd=98))
tcp LISTEN 0 128 *:10000 *:* users:(("miniserv.pl",pid=1296,fd=5))
tcp ESTAB 0 0 127.0.0.1:37528 127.0.0.1:10702 users:(("java",pid=1410,fd=93))
tcp ESTAB 0 0 192.168.0.142:22 192.168.0.135:65318 users:(("sshd",pid=21277,fd=3))
tcp ESTAB 0 0 127.0.0.1:37536 127.0.0.1:10702 users:(("java",pid=1410,fd=114))
tcp ESTAB 0 0 192.168.0.130:10000 45.79.223.204:57385 users:(("miniserv.pl",pid=10426,fd=9))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37532 users:(("java",pid=1410,fd=91))
tcp ESTAB 0 0 192.168.0.140:22 192.168.0.142:50214 users:(("sshd",pid=23761,fd=3))
tcp ESTAB 0 0 192.168.0.140:22 192.168.0.143:50318 users:(("sshd",pid=24266,fd=3))
tcp ESTAB 0 0 192.168.0.140:47630 193.163.220.3:6667 users:(("znc",pid=4441,fd=7))
tcp ESTAB 0 0 192.168.0.130:22 192.168.0.135:60556 users:(("sshd",pid=13568,fd=3))
tcp ESTAB 0 0 192.168.0.140:22 192.168.0.142:49553 users:(("sshd",pid=22299,fd=3),("sshd",pid=22292,fd=3))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37528 users:(("java",pid=1410,fd=116))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37536 users:(("java",pid=1410,fd=113))
tcp ESTAB 0 0 192.168.0.140:22 192.168.0.143:50599 users:(("sshd",pid=24834,fd=3),("sshd",pid=24827,fd=3))
tcp ESTAB 0 0 127.0.0.1:49030 127.0.0.1:51127 users:(("java",pid=1454,fd=78))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37530 users:(("java",pid=1410,fd=112))
tcp ESTAB 0 0 192.168.0.140:22 192.168.0.142:49645 users:(("sshd",pid=22972,fd=3))
tcp ESTAB 0 0 192.168.0.142:22 192.168.0.135:65235 users:(("sshd",pid=21267,fd=3),("sshd",pid=21260,fd=3))
tcp ESTAB 0 0 192.168.0.130:22 192.168.0.135:60555 users:(("sshd",pid=13558,fd=3),("sshd",pid=13551,fd=3))
tcp ESTAB 0 0 127.0.0.1:37534 127.0.0.1:10702 users:(("java",pid=1410,fd=111))
tcp ESTAB 0 0 127.0.0.1:10702 127.0.0.1:37534 users:(("java",pid=1410,fd=94))
tcp ESTAB 0 0 192.168.0.140:22 192.168.0.142:50208 users:(("sshd",pid=23741,fd=3),("sshd",pid=23728,fd=3))
tcp ESTAB 0 0 127.0.0.1:37532 127.0.0.1:10702 users:(("java",pid=1410,fd=92))
tcp ESTAB 0 0 127.0.0.1:37530 127.0.0.1:10702 users:(("java",pid=1410,fd=89))
tcp ESTAB 0 0 127.0.0.1:51127 127.0.0.1:49030 users:(("java",pid=1410,fd=143))
Traffic Control
Device lo:
qdisc noqueue 0: root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device enp1s6:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 657911 bytes 5094 pkt (dropped 0, overlimits 0 requeues 9)
backlog 0b 0p requeues 9
Device enp0s10:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 399152234 bytes 605528 pkt (dropped 0, overlimits 0 requeues 26417)
backlog 0b 0p requeues 26417
TC Filters
Device lo:
Device enp1s6:
Device enp0s10: