Commit 2b669c10 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

test: packet-log

parent eabe4a9a
...@@ -3,6 +3,10 @@ ...@@ -3,6 +3,10 @@
"none": { "mode": "none" }, "none": { "mode": "none" },
"ulog": { "mode": "ulog", "limit": { "interval": 5 } } "ulog": { "mode": "ulog", "limit": { "interval": 5 } }
}, },
"packet-log": [
{ "out": "_fw" },
{ "out": "_fw", "log": "ulog" }
],
"filter": [ "filter": [
{}, {},
{ "action": "drop" }, { "action": "drop" },
......
...@@ -8044,6 +8044,16 @@ No-track 3 {"out":"_fw"} ...@@ -8044,6 +8044,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"} Service babel {"port":6697,"proto":"tcp"}
(services) (services)
...@@ -10191,6 +10201,8 @@ hash:net family inet ...@@ -10191,6 +10201,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
...@@ -13031,6 +13043,7 @@ COMMIT ...@@ -13031,6 +13043,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -1937,6 +1937,8 @@ ...@@ -1937,6 +1937,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -559,6 +559,7 @@ ...@@ -559,6 +559,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -35774,6 +35774,16 @@ No-track 3 {"out":"_fw"} ...@@ -35774,6 +35774,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"} Service babel {"port":6697,"proto":"tcp"}
(services) (services)
...@@ -41445,6 +41455,8 @@ hash:net family inet ...@@ -41445,6 +41455,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set
-A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set
-A INPUT -j limit-1886 -A INPUT -j limit-1886
...@@ -59939,6 +59951,7 @@ COMMIT ...@@ -59939,6 +59951,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j limit-1886 -A INPUT -j limit-1886
...@@ -5461,6 +5461,8 @@ ...@@ -5461,6 +5461,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set
-A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set
-A INPUT -j limit-1886 -A INPUT -j limit-1886
......
...@@ -5435,6 +5435,7 @@ ...@@ -5435,6 +5435,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j limit-1886 -A INPUT -j limit-1886
......
...@@ -392,6 +392,16 @@ No-track 3 {"out":"_fw"} ...@@ -392,6 +392,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"} Service babel {"port":6697,"proto":"tcp"}
(services) (services)
...@@ -689,6 +699,8 @@ hash:net family inet ...@@ -689,6 +699,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
...@@ -867,6 +879,7 @@ COMMIT ...@@ -867,6 +879,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -87,6 +87,8 @@ ...@@ -87,6 +87,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -61,6 +61,7 @@ ...@@ -61,6 +61,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -388,6 +388,16 @@ No-track 3 {"out":"_fw"} ...@@ -388,6 +388,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"} Service babel {"port":6697,"proto":"tcp"}
(services) (services)
...@@ -681,6 +691,8 @@ hash:net family inet ...@@ -681,6 +691,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
...@@ -863,6 +875,7 @@ COMMIT ...@@ -863,6 +875,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -83,6 +83,8 @@ ...@@ -83,6 +83,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -51,6 +51,7 @@ ...@@ -51,6 +51,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"} ...@@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Route-track 1 {"mark":4} Route-track 1 {"mark":4}
(route-track) (route-track)
inet/mangle/OUTPUT -m mark --mark 0 -j MARK --set-mark 4 inet/mangle/OUTPUT -m mark --mark 0 -j MARK --set-mark 4
...@@ -621,6 +631,8 @@ hash:net family inet ...@@ -621,6 +631,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
...@@ -773,6 +785,7 @@ COMMIT ...@@ -773,6 +785,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -77,6 +77,8 @@ ...@@ -77,6 +77,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -51,6 +51,7 @@ ...@@ -51,6 +51,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"} ...@@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"} Service babel {"port":6697,"proto":"tcp"}
(services) (services)
...@@ -615,6 +625,8 @@ hash:net family inet ...@@ -615,6 +625,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
...@@ -766,6 +778,7 @@ COMMIT ...@@ -766,6 +778,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -77,6 +77,8 @@ ...@@ -77,6 +77,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
...@@ -51,6 +51,7 @@ ...@@ -51,6 +51,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT -A INPUT -j ACCEPT
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment