dump 2.3 MB
Newer Older
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
1 2 3 4 5 6 7 8 9 10
Dnat 1                 {"in":["_fw","A"]}
(zone)                 
  inet/nat/OUTPUT      -j REDIRECT
  inet/nat/PREROUTING  -i eth0 -j REDIRECT

Dnat 2                 {"in":"B"}
(zone)                 
  inet/nat/PREROUTING  -i eth1 -s 10.0.0.0/12 -j REDIRECT


Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
11
Filter 1                           {"conn-limit":1,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
12 13 14
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-0
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-0
15 16 17 18
  inet/filter/limit-0              -m recent --name limit-0 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-0
  inet/filter/limit-0              -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT
  inet/filter/logdrop-0            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-0            -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
19 20
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-0
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-0
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
21
  inet6/filter/limit-0             -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-0
22
  inet6/filter/limit-0             -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
23 24
  inet6/filter/logdrop-0           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-0           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
25

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
26
Filter 2                           {"action":"pass","conn-limit":1,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
27 28 29
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-1
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-1
30 31 32 33
  inet/filter/limit-1              -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-1
  inet/filter/limit-1              -m recent --name limit-1 --rsource --mask 255.255.255.255 --set 
  inet/filter/logdrop-1            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-1            -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
34 35
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-1
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-1
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
36
  inet6/filter/limit-1             -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-1
37
  inet6/filter/limit-1             -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
38 39
  inet6/filter/logdrop-1           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-1           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
40

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
41
Filter 3                           {"conn-limit":1,"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
42 43 44
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-2
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-2
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
45
  inet/filter/limit-2              -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-2
46 47
  inet/filter/limit-2              -m limit --limit 1/second -j LOG
  inet/filter/limit-2              -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
48 49
  inet/filter/logdrop-2            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-2            -j DROP
50 51 52
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-2
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-2
  inet6/filter/limit-2             -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
53 54
  inet6/filter/limit-2             -m limit --limit 1/second -j LOG
  inet6/filter/limit-2             -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
55 56
  inet6/filter/logdrop-2           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-2           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
57

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
58
Filter 4                           {"action":"pass","conn-limit":1,"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
59 60 61
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-3
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-3
62 63 64 65
  inet/filter/limit-3              -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3
  inet/filter/limit-3              -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
  inet/filter/logdrop-3            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-3            -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
66 67
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-3
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-3
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
68
  inet6/filter/limit-3             -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3
69
  inet6/filter/limit-3             -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
70 71
  inet6/filter/logdrop-3           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-3           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
72

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
73
Filter 5                           {"conn-limit":1,"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
74 75 76
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-4
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-4
77 78 79 80
  inet/filter/limit-4              -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4
  inet/filter/limit-4              -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT
  inet/filter/logdrop-4            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-4            -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
81 82
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-4
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-4
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
83
  inet6/filter/limit-4             -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4
84
  inet6/filter/limit-4             -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
85 86
  inet6/filter/logdrop-4           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-4           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
87

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
88
Filter 6                           {"action":"pass","conn-limit":1,"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
89 90 91
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-5
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-5
92 93 94 95
  inet/filter/limit-5              -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5
  inet/filter/limit-5              -m recent --name limit-5 --rsource --mask 255.255.255.255 --set 
  inet/filter/logdrop-5            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-5            -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
96 97
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-5
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-5
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
98
  inet6/filter/limit-5             -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5
99
  inet6/filter/limit-5             -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
100 101
  inet6/filter/logdrop-5           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-5           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
102

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
103
Filter 7                           {"conn-limit":{},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
104 105 106
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-6
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-6
107 108 109 110
  inet/filter/limit-6              -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6
  inet/filter/limit-6              -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT
  inet/filter/logdrop-6            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-6            -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
111 112
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-6
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-6
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
113
  inet6/filter/limit-6             -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6
114
  inet6/filter/limit-6             -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
115 116
  inet6/filter/logdrop-6           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-6           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
117

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
118
Filter 8                           {"action":"pass","conn-limit":{},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
119 120 121
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-7
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-7
122 123 124 125
  inet/filter/limit-7              -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7
  inet/filter/limit-7              -m recent --name limit-7 --rsource --mask 255.255.255.255 --set 
  inet/filter/logdrop-7            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-7            -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
126 127
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-7
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-7
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
128
  inet6/filter/limit-7             -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7
129
  inet6/filter/limit-7             -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
130 131
  inet6/filter/logdrop-7           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-7           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
132

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
133
Filter 9                           {"conn-limit":{},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
134 135 136
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-8
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-8
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
137
  inet/filter/limit-8              -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8
138 139
  inet/filter/limit-8              -m limit --limit 1/second -j LOG
  inet/filter/limit-8              -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
140 141
  inet/filter/logdrop-8            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-8            -j DROP
142 143 144
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-8
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-8
  inet6/filter/limit-8             -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
145 146
  inet6/filter/limit-8             -m limit --limit 1/second -j LOG
  inet6/filter/limit-8             -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
147 148
  inet6/filter/logdrop-8           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-8           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
149

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
150
Filter 10                          {"action":"pass","conn-limit":{},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
151 152 153
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-9
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-9
154 155 156 157
  inet/filter/limit-9              -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9
  inet/filter/limit-9              -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
  inet/filter/logdrop-9            -m limit --limit 1/second -j LOG
  inet/filter/logdrop-9            -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
158 159
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-9
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-9
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
160
  inet6/filter/limit-9             -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9
161
  inet6/filter/limit-9             -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
162 163
  inet6/filter/logdrop-9           -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-9           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
164

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
165
Filter 11                          {"conn-limit":{},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
166 167 168
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-10
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-10
169 170 171 172
  inet/filter/limit-10             -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10
  inet/filter/limit-10             -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT
  inet/filter/logdrop-10           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-10           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
173 174
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-10
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-10
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
175
  inet6/filter/limit-10            -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10
176
  inet6/filter/limit-10            -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
177 178
  inet6/filter/logdrop-10          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-10          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
179

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
180
Filter 12                          {"action":"pass","conn-limit":{},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
181 182 183
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-11
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-11
184 185 186 187
  inet/filter/limit-11             -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11
  inet/filter/limit-11             -m recent --name limit-11 --rsource --mask 255.255.255.255 --set 
  inet/filter/logdrop-11           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-11           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
188 189
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-11
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-11
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
190
  inet6/filter/limit-11            -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11
191
  inet6/filter/limit-11            -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
192 193
  inet6/filter/logdrop-11          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-11          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
194

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
195
Filter 13                          {"conn-limit":{"name":"A"},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
196 197 198
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-12
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-12
199 200 201 202
  inet/filter/limit-12             -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12
  inet/filter/limit-12             -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
  inet/filter/logdrop-12           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-12           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
203 204
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-12
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-12
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
205
  inet6/filter/limit-12            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12
206
  inet6/filter/limit-12            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
207 208
  inet6/filter/logdrop-12          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-12          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
209

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
210
Filter 14                          {"action":"pass","conn-limit":{"name":"A"},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
211 212 213
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-13
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-13
214 215 216 217
  inet/filter/limit-13             -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13
  inet/filter/limit-13             -m recent --name user:A --rsource --mask 255.255.255.255 --set 
  inet/filter/logdrop-13           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-13           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
218 219
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-13
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-13
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
220
  inet6/filter/limit-13            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13
221
  inet6/filter/limit-13            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
222 223
  inet6/filter/logdrop-13          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-13          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
224

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
225
Filter 15                          {"conn-limit":{"name":"A"},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
226 227 228
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-14
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-14
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
229
  inet/filter/limit-14             -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14
230 231
  inet/filter/limit-14             -m limit --limit 1/second -j LOG
  inet/filter/limit-14             -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
232 233
  inet/filter/logdrop-14           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-14           -j DROP
234 235 236
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-14
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-14
  inet6/filter/limit-14            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
237
  inet6/filter/limit-14            -m limit --limit 1/second -j LOG
238
  inet6/filter/limit-14            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
239 240
  inet6/filter/logdrop-14          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-14          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
241

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
242
Filter 16                          {"action":"pass","conn-limit":{"name":"A"},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
243 244 245
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-15
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-15
246 247 248 249
  inet/filter/limit-15             -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15
  inet/filter/limit-15             -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
  inet/filter/logdrop-15           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-15           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
250 251
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-15
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-15
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
252
  inet6/filter/limit-15            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15
253
  inet6/filter/limit-15            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
254 255
  inet6/filter/logdrop-15          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-15          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
256

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
257
Filter 17                          {"conn-limit":{"name":"A"},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
258 259 260
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-16
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-16
261 262 263 264
  inet/filter/limit-16             -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16
  inet/filter/limit-16             -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
  inet/filter/logdrop-16           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-16           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
265 266
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-16
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-16
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
267
  inet6/filter/limit-16            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16
268
  inet6/filter/limit-16            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
269 270
  inet6/filter/logdrop-16          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-16          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
271

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
272
Filter 18                          {"action":"pass","conn-limit":{"name":"A"},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
273 274 275
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-17
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-17
276 277 278 279
  inet/filter/limit-17             -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17
  inet/filter/limit-17             -m recent --name user:A --rsource --mask 255.255.255.255 --set 
  inet/filter/logdrop-17           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-17           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
280 281
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-17
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-17
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
282
  inet6/filter/limit-17            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17
283
  inet6/filter/limit-17            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
284 285
  inet6/filter/logdrop-17          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-17          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
286

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
287
Filter 19                          {"conn-limit":{"name":"A","update":false},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
288 289 290
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-18
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-18
291 292 293 294
  inet/filter/limit-18             -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-18
  inet/filter/limit-18             -j ACCEPT
  inet/filter/logdrop-18           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-18           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
295 296
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-18
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-18
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
297
  inet6/filter/limit-18            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-18
298
  inet6/filter/limit-18            -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
299 300
  inet6/filter/logdrop-18          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-18          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
301

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
302
Filter 20                          {"action":"pass","conn-limit":{"name":"A","update":false},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
303
(filter-limit)                     
304 305
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-19
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-19
306 307 308
  inet/filter/limit-19             -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19
  inet/filter/logdrop-19           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-19           -j DROP
309 310
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-19
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-19
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
311 312 313
  inet6/filter/limit-19            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19
  inet6/filter/logdrop-19          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-19          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
314

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
315
Filter 21                          {"conn-limit":{"name":"A","update":false},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
316 317 318
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-20
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-20
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
319
  inet/filter/limit-20             -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-20
320 321
  inet/filter/limit-20             -m limit --limit 1/second -j LOG
  inet/filter/limit-20             -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
322 323
  inet/filter/logdrop-20           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-20           -j DROP
324 325 326
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-20
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-20
  inet6/filter/limit-20            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
327
  inet6/filter/limit-20            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
328
  inet6/filter/limit-20            -j ACCEPT
329 330
  inet6/filter/logdrop-20          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-20          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
331

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
332
Filter 22                          {"action":"pass","conn-limit":{"name":"A","update":false},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
333 334 335
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-21
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-21
336 337 338 339
  inet/filter/limit-21             -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21
  inet/filter/limit-21             -m limit --limit 1/second -j LOG
  inet/filter/logdrop-21           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-21           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
340 341
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-21
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-21
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
342
  inet6/filter/limit-21            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21
343
  inet6/filter/limit-21            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
344 345
  inet6/filter/logdrop-21          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-21          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
346

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
347
Filter 23                          {"conn-limit":{"name":"A","update":false},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
348 349 350
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-22
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-22
351 352 353 354
  inet/filter/limit-22             -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22
  inet/filter/limit-22             -j ACCEPT
  inet/filter/logdrop-22           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-22           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
355 356
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-22
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-22
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
357
  inet6/filter/limit-22            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22
358
  inet6/filter/limit-22            -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
359 360
  inet6/filter/logdrop-22          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-22          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
361

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
362
Filter 24                          {"action":"pass","conn-limit":{"name":"A","update":false},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
363
(filter-limit)                     
364 365
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-23
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-23
366 367 368
  inet/filter/limit-23             -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23
  inet/filter/logdrop-23           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-23           -j DROP
369 370
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-23
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-23
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
371 372 373
  inet6/filter/limit-23            -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23
  inet6/filter/logdrop-23          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-23          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
374

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
375
Filter 25                          {"conn-limit":{"addr":"dest","name":"A"},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
376 377 378
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-24
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-24
379 380 381 382
  inet/filter/limit-24             -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24
  inet/filter/limit-24             -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
  inet/filter/logdrop-24           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-24           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
383 384
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-24
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-24
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
385
  inet6/filter/limit-24            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24
386
  inet6/filter/limit-24            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
387 388
  inet6/filter/logdrop-24          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-24          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
389

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
390
Filter 26                          {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
391 392 393
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-25
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-25
394 395 396 397
  inet/filter/limit-25             -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25
  inet/filter/limit-25             -m recent --name user:A --rdest --mask 255.255.255.255 --set 
  inet/filter/logdrop-25           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-25           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
398 399
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-25
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-25
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
400
  inet6/filter/limit-25            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25
401
  inet6/filter/limit-25            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
402 403
  inet6/filter/logdrop-25          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-25          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
404

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
405
Filter 27                          {"conn-limit":{"addr":"dest","name":"A"},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
406 407 408
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-26
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-26
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
409
  inet/filter/limit-26             -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26
410 411
  inet/filter/limit-26             -m limit --limit 1/second -j LOG
  inet/filter/limit-26             -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
412 413
  inet/filter/logdrop-26           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-26           -j DROP
414 415 416
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-26
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-26
  inet6/filter/limit-26            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
417
  inet6/filter/limit-26            -m limit --limit 1/second -j LOG
418
  inet6/filter/limit-26            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
419 420
  inet6/filter/logdrop-26          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-26          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
421

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
422
Filter 28                          {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
423 424 425
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-27
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-27
426 427 428 429
  inet/filter/limit-27             -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27
  inet/filter/limit-27             -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
  inet/filter/logdrop-27           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-27           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
430 431
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-27
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-27
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
432
  inet6/filter/limit-27            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27
433
  inet6/filter/limit-27            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
434 435
  inet6/filter/logdrop-27          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-27          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
436

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
437
Filter 29                          {"conn-limit":{"addr":"dest","name":"A"},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
438 439 440
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-28
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-28
441 442 443 444
  inet/filter/limit-28             -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28
  inet/filter/limit-28             -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
  inet/filter/logdrop-28           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-28           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
445 446
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-28
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-28
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
447
  inet6/filter/limit-28            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28
448
  inet6/filter/limit-28            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
449 450
  inet6/filter/logdrop-28          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-28          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
451

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
452
Filter 30                          {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
453 454 455
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-29
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-29
456 457 458 459
  inet/filter/limit-29             -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29
  inet/filter/limit-29             -m recent --name user:A --rdest --mask 255.255.255.255 --set 
  inet/filter/logdrop-29           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-29           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
460 461
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-29
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-29
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
462
  inet6/filter/limit-29            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29
463
  inet6/filter/limit-29            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
464 465
  inet6/filter/logdrop-29          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-29          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
466

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
467
Filter 31                          {"conn-limit":{"addr":"dest","name":"A","update":false},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
468 469 470
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-30
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-30
471 472 473 474
  inet/filter/limit-30             -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-30
  inet/filter/limit-30             -j ACCEPT
  inet/filter/logdrop-30           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-30           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
475 476
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-30
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-30
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
477
  inet6/filter/limit-30            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-30
478
  inet6/filter/limit-30            -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
479 480
  inet6/filter/logdrop-30          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-30          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
481

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
482
Filter 32                          {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
483
(filter-limit)                     
484 485
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-31
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-31
486 487 488
  inet/filter/limit-31             -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-31
  inet/filter/logdrop-31           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-31           -j DROP
489 490
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-31
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-31
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
491 492 493
  inet6/filter/limit-31            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-31
  inet6/filter/logdrop-31          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-31          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
494

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
495
Filter 33                          {"conn-limit":{"addr":"dest","name":"A","update":false},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
496 497 498
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-32
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-32
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
499
  inet/filter/limit-32             -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-32
500 501
  inet/filter/limit-32             -m limit --limit 1/second -j LOG
  inet/filter/limit-32             -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
502 503
  inet/filter/logdrop-32           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-32           -j DROP
504 505 506
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-32
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-32
  inet6/filter/limit-32            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
507
  inet6/filter/limit-32            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
508
  inet6/filter/limit-32            -j ACCEPT
509 510
  inet6/filter/logdrop-32          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-32          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
511

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
512
Filter 34                          {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
513 514 515
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-33
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-33
516 517 518 519
  inet/filter/limit-33             -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-33
  inet/filter/limit-33             -m limit --limit 1/second -j LOG
  inet/filter/logdrop-33           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-33           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
520 521
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-33
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-33
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
522
  inet6/filter/limit-33            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-33
523
  inet6/filter/limit-33            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
524 525
  inet6/filter/logdrop-33          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-33          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
526

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
527
Filter 35                          {"conn-limit":{"addr":"dest","name":"A","update":false},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
528 529 530
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-34
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-34
531 532 533 534
  inet/filter/limit-34             -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-34
  inet/filter/limit-34             -j ACCEPT
  inet/filter/logdrop-34           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-34           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
535 536
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-34
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-34
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
537
  inet6/filter/limit-34            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-34
538
  inet6/filter/limit-34            -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
539 540
  inet6/filter/logdrop-34          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-34          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
541

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
542
Filter 36                          {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
543
(filter-limit)                     
544 545
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-35
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-35
546 547 548
  inet/filter/limit-35             -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-35
  inet/filter/logdrop-35           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-35           -j DROP
549 550
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-35
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-35
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
551 552 553
  inet6/filter/limit-35            -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-35
  inet6/filter/logdrop-35          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-35          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
554

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
555
Filter 37                          {"conn-limit":{"name":"C"},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
556 557 558
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-36
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-36
559 560 561 562
  inet/filter/limit-36             -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-36
  inet/filter/limit-36             -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
  inet/filter/logdrop-36           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-36           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
563 564
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-36
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-36
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
565
  inet6/filter/limit-36            -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-36
566
  inet6/filter/limit-36            -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
567 568
  inet6/filter/logdrop-36          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-36          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
569

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
570
Filter 38                          {"action":"pass","conn-limit":{"name":"C"},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
571
(filter-limit)                     
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
572 573
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-37
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-37
574 575 576 577
  inet/filter/limit-37             -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-37
  inet/filter/limit-37             -m recent --name user:C --rsource --mask 254.0.0.0 --set 
  inet/filter/logdrop-37           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-37           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
578 579
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-37
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-37
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
580
  inet6/filter/limit-37            -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-37
581
  inet6/filter/limit-37            -m recent --name user:C --rsource --mask fe00:: --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
582 583
  inet6/filter/logdrop-37          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-37          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
584

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
585
Filter 39                          {"conn-limit":{"name":"C"},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
586 587 588
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-38
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-38
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
589
  inet/filter/limit-38             -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-38
590 591
  inet/filter/limit-38             -m limit --limit 1/second -j LOG
  inet/filter/limit-38             -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
592 593
  inet/filter/logdrop-38           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-38           -j DROP
594 595 596
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-38
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-38
  inet6/filter/limit-38            -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-38
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
597
  inet6/filter/limit-38            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
598
  inet6/filter/limit-38            -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
599 600
  inet6/filter/logdrop-38          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-38          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
601

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
602
Filter 40                          {"action":"pass","conn-limit":{"name":"C"},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
603 604 605
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-39
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-39
606 607 608 609
  inet/filter/limit-39             -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-39
  inet/filter/limit-39             -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
  inet/filter/logdrop-39           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-39           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
610 611
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-39
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-39
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
612
  inet6/filter/limit-39            -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-39
613
  inet6/filter/limit-39            -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
614 615
  inet6/filter/logdrop-39          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-39          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
616

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
617
Filter 41                          {"conn-limit":{"name":"C"},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
618 619 620
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-40
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-40
621 622 623 624
  inet/filter/limit-40             -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-40
  inet/filter/limit-40             -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
  inet/filter/logdrop-40           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-40           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
625 626
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-40
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-40
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
627
  inet6/filter/limit-40            -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-40
628
  inet6/filter/limit-40            -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
629 630
  inet6/filter/logdrop-40          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-40          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
631

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
632
Filter 42                          {"action":"pass","conn-limit":{"name":"C"},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
633
(filter-limit)                     
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
634 635
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-41
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-41
636 637 638 639
  inet/filter/limit-41             -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-41
  inet/filter/limit-41             -m recent --name user:C --rsource --mask 254.0.0.0 --set 
  inet/filter/logdrop-41           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-41           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
640 641
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-41
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-41
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
642
  inet6/filter/limit-41            -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-41
643
  inet6/filter/limit-41            -m recent --name user:C --rsource --mask fe00:: --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
644 645
  inet6/filter/logdrop-41          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-41          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
646

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
647
Filter 43                          {"conn-limit":{"name":"C","update":false},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
648 649 650
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-42
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-42
651 652 653 654
  inet/filter/limit-42             -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-42
  inet/filter/limit-42             -j ACCEPT
  inet/filter/logdrop-42           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-42           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
655 656
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-42
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-42
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
657
  inet6/filter/limit-42            -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-42
658
  inet6/filter/limit-42            -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
659 660
  inet6/filter/logdrop-42          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-42          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
661

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
662
Filter 44                          {"action":"pass","conn-limit":{"name":"C","update":false},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
663
(filter-limit)                     
664 665
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-43
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-43
666 667 668
  inet/filter/limit-43             -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-43
  inet/filter/logdrop-43           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-43           -j DROP
669 670
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-43
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-43
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
671 672 673
  inet6/filter/limit-43            -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-43
  inet6/filter/logdrop-43          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-43          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
674

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
675
Filter 45                          {"conn-limit":{"name":"C","update":false},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
676 677 678
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-44
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-44
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
679
  inet/filter/limit-44             -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-44
680 681
  inet/filter/limit-44             -m limit --limit 1/second -j LOG
  inet/filter/limit-44             -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
682 683
  inet/filter/logdrop-44           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-44           -j DROP
684 685 686
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-44
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-44
  inet6/filter/limit-44            -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-44
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
687
  inet6/filter/limit-44            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
688
  inet6/filter/limit-44            -j ACCEPT
689 690
  inet6/filter/logdrop-44          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-44          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
691

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
692
Filter 46                          {"action":"pass","conn-limit":{"name":"C","update":false},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
693 694 695
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-45
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-45
696 697 698 699
  inet/filter/limit-45             -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-45
  inet/filter/limit-45             -m limit --limit 1/second -j LOG
  inet/filter/logdrop-45           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-45           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
700 701
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-45
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-45
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
702
  inet6/filter/limit-45            -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-45
703
  inet6/filter/limit-45            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
704 705
  inet6/filter/logdrop-45          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-45          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
706

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
707
Filter 47                          {"conn-limit":{"name":"C","update":false},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
708 709 710
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-46
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-46
711 712 713 714
  inet/filter/limit-46             -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-46
  inet/filter/limit-46             -j ACCEPT
  inet/filter/logdrop-46           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-46           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
715 716
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-46
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-46
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
717
  inet6/filter/limit-46            -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-46
718
  inet6/filter/limit-46            -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
719 720
  inet6/filter/logdrop-46          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-46          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
721

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
722
Filter 48                          {"action":"pass","conn-limit":{"name":"C","update":false},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
723
(filter-limit)                     
724 725
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-47
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-47
726 727 728
  inet/filter/limit-47             -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-47
  inet/filter/logdrop-47           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-47           -j DROP
729 730
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-47
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-47
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
731 732 733
  inet6/filter/limit-47            -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-47
  inet6/filter/logdrop-47          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-47          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
734

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
735
Filter 49                          {"conn-limit":{"addr":"dest","name":"C"},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
736 737 738
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-48
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-48
739 740 741 742
  inet/filter/limit-48             -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-48
  inet/filter/limit-48             -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
  inet/filter/logdrop-48           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-48           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
743 744
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-48
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-48
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
745
  inet6/filter/limit-48            -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-48
746
  inet6/filter/limit-48            -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
747 748
  inet6/filter/logdrop-48          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-48          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
749

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
750
Filter 50                          {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
751 752 753
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-49
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-49
754 755 756 757
  inet/filter/limit-49             -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-49
  inet/filter/limit-49             -m recent --name user:C --rdest --mask 254.0.0.0 --set 
  inet/filter/logdrop-49           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-49           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
758 759
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-49
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-49
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
760
  inet6/filter/limit-49            -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-49
761
  inet6/filter/limit-49            -m recent --name user:C --rdest --mask fe00:: --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
762 763
  inet6/filter/logdrop-49          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-49          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
764

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
765
Filter 51                          {"conn-limit":{"addr":"dest","name":"C"},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
766 767 768
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-50
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-50
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
769
  inet/filter/limit-50             -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-50
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
770
  inet/filter/limit-50             -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
771
  inet/filter/limit-50             -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
772 773 774 775 776 777
  inet/filter/logdrop-50           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-50           -j DROP
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-50
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-50
  inet6/filter/limit-50            -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-50
  inet6/filter/limit-50            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
778
  inet6/filter/limit-50            -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
779 780
  inet6/filter/logdrop-50          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-50          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
781

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
782
Filter 52                          {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
783 784 785
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-51
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-51
786 787 788 789
  inet/filter/limit-51             -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-51
  inet/filter/limit-51             -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
  inet/filter/logdrop-51           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-51           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
790 791
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-51
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-51
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
792
  inet6/filter/limit-51            -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-51
793
  inet6/filter/limit-51            -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
794 795
  inet6/filter/logdrop-51          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-51          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
796

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
797
Filter 53                          {"conn-limit":{"addr":"dest","name":"C"},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
798 799 800
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-52
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-52
801 802 803 804
  inet/filter/limit-52             -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-52
  inet/filter/limit-52             -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
  inet/filter/logdrop-52           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-52           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
805 806
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-52
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-52
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
807
  inet6/filter/limit-52            -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-52
808
  inet6/filter/limit-52            -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
809 810
  inet6/filter/logdrop-52          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-52          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
811

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
812
Filter 54                          {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"log":"none","out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
813 814 815
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-53
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-53
816 817 818 819
  inet/filter/limit-53             -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-53
  inet/filter/limit-53             -m recent --name user:C --rdest --mask 254.0.0.0 --set 
  inet/filter/logdrop-53           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-53           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
820 821
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-53
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-53
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
822
  inet6/filter/limit-53            -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-53
823
  inet6/filter/limit-53            -m recent --name user:C --rdest --mask fe00:: --set 
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
824 825
  inet6/filter/logdrop-53          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-53          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
826

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
827
Filter 55                          {"conn-limit":{"addr":"dest","name":"C","update":false},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
828 829 830
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-54
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-54
831 832 833 834
  inet/filter/limit-54             -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-54
  inet/filter/limit-54             -j ACCEPT
  inet/filter/logdrop-54           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-54           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
835 836
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-54
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-54
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
837
  inet6/filter/limit-54            -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-54
838
  inet6/filter/limit-54            -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
839 840
  inet6/filter/logdrop-54          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-54          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
841

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
842
Filter 56                          {"action":"pass","conn-limit":{"addr":"dest","name":"C","update":false},"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
843
(filter-limit)                     
844 845
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-55
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-55
846 847 848
  inet/filter/limit-55             -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-55
  inet/filter/logdrop-55           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-55           -j DROP
849 850
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-55
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-55
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
851 852 853
  inet6/filter/limit-55            -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-55
  inet6/filter/logdrop-55          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-55          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
854

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
855
Filter 57                          {"conn-limit":{"addr":"dest","name":"C","update":false},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
856 857 858
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-56
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-56
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
859
  inet/filter/limit-56             -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-56
860 861
  inet/filter/limit-56             -m limit --limit 1/second -j LOG
  inet/filter/limit-56             -j ACCEPT
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
862 863
  inet/filter/logdrop-56           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-56           -j DROP
864 865 866
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-56
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-56
  inet6/filter/limit-56            -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-56
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
867
  inet6/filter/limit-56            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
868
  inet6/filter/limit-56            -j ACCEPT
869 870
  inet6/filter/logdrop-56          -m limit --limit 1/second -j LOG
  inet6/filter/logdrop-56          -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
871

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
872
Filter 58                          {"action":"pass","conn-limit":{"addr":"dest","name":"C","update":false},"log":true,"out":"B"}
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
873 874 875
(filter-limit)                     
  inet/filter/FORWARD              -o eth1 -d 10.0.0.0/12 -j limit-57
  inet/filter/OUTPUT               -o eth1 -d 10.0.0.0/12 -j limit-57
876 877 878 879
  inet/filter/limit-57             -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-57
  inet/filter/limit-57             -m limit --limit 1/second -j LOG
  inet/filter/logdrop-57           -m limit --limit 1/second -j LOG
  inet/filter/logdrop-57           -j DROP
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
880 881
  inet6/filter/FORWARD             -o eth1 -d fc00::/7 -j limit-57
  inet6/filter/OUTPUT              -o eth1 -d fc00::/7 -j limit-57
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
882
  inet6/filter/limit-57            -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-57
883
  inet6/filter/limit-57            -m limit --limit 1/second -j LOG
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
884 885