Commit dde0cffd authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

test: split filter-log cases

parent 5e3f4609
......@@ -12,29 +12,5 @@
{ "out": "_fw", "log": "nflog" },
{ "out": "_fw", "log": "ulog" }
],
"filter": [
{},
{ "action": "drop" },
{ "action": "pass" },
{ "log": false },
{ "log": false, "action": "drop" },
{ "log": false, "action": "pass" },
{ "log": true },
{ "log": true, "action": "drop" },
{ "log": true, "action": "pass" },
{ "log": "dual" },
{ "log": "dual", "action": "drop" },
{ "log": "dual", "action": "pass" },
{ "log": "mirror" },
{ "log": "mirror", "action": "drop" },
{ "log": "mirror", "action": "pass" },
{ "log": "none" },
{ "log": "none", "action": "drop" },
{ "log": "none", "action": "pass" },
{ "log": "ulog" },
{ "log": "ulog", "action": "drop" },
{ "log": "ulog", "action": "pass" },
{ "in": "_fw", "log": "ulog", "action": "pass" }
]
"filter": [ { "in": "_fw", "log": "ulog", "action": "pass" } ]
}
--[[
Filter log test cases for Alpine Wall
Copyright (C) 2012-2020 Kaarle Ritvanen
See LICENSE file for license details
]]--
json = require('cjson')
res = {}
for _, log in ipairs{'', false, true, 'dual', 'mirror', 'none', 'ulog'} do
for _, action in ipairs{false, 'drop', 'pass'} do
if log == '' then log = nil end
table.insert(res, {log=log, action=action or nil})
end
end
print(json.encode{filter=res})
This diff is collapsed.
......@@ -543,10 +543,6 @@
:logaccept-264 - [0:0]
:logaccept-265 - [0:0]
:logaccept-266 - [0:0]
:logaccept-267 - [0:0]
:logaccept-268 - [0:0]
:logaccept-269 - [0:0]
:logaccept-270 - [0:0]
:logaccept-3 - [0:0]
:logaccept-32 - [0:0]
:logaccept-33 - [0:0]
......@@ -610,11 +606,6 @@
:logaccept-97 - [0:0]
:logaccept-98 - [0:0]
:logaccept-99 - [0:0]
:logdrop-0 - [0:0]
:logdrop-1 - [0:0]
:logdrop-2 - [0:0]
:logdrop-3 - [0:0]
:logdrop-4 - [0:0]
:logpass-0 - [0:0]
:logpass-1 - [0:0]
:logpass-10 - [0:0]
......@@ -689,11 +680,7 @@
:logpass-164 - [0:0]
:logpass-165 - [0:0]
:logpass-166 - [0:0]
:logpass-167 - [0:0]
:logpass-168 - [0:0]
:logpass-169 - [0:0]
:logpass-17 - [0:0]
:logpass-170 - [0:0]
:logpass-18 - [0:0]
:logpass-19 - [0:0]
:logpass-2 - [0:0]
......@@ -1878,27 +1865,6 @@
-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j address-472
-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j address-473
-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j address-473
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
-A FORWARD
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -j logaccept-267
-A FORWARD -j logdrop-1
-A FORWARD -j logpass-167
-A FORWARD -j logaccept-268
-A FORWARD -j logdrop-2
-A FORWARD -j logpass-168
-A FORWARD -j logaccept-269
-A FORWARD -j logdrop-3
-A FORWARD -j logpass-169
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -j logaccept-270
-A FORWARD -j logdrop-4
-A FORWARD -j logpass-170
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
......@@ -2664,27 +2630,6 @@
-A INPUT -i eth1 -s 10.0.0.0/12 -j address-383
-A INPUT -i eth2 -s 10.1.0.0/12 -j address-383
-A INPUT -i eth3 -s 10.1.0.0/12 -j address-383
-A INPUT -j ACCEPT
-A INPUT -j logdrop-0
-A INPUT
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -j logaccept-267
-A INPUT -j logdrop-1
-A INPUT -j logpass-167
-A INPUT -j logaccept-268
-A INPUT -j logdrop-2
-A INPUT -j logpass-168
-A INPUT -j logaccept-269
-A INPUT -j logdrop-3
-A INPUT -j logpass-169
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -j logaccept-270
-A INPUT -j logdrop-4
-A INPUT -j logpass-170
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmp -j icmp-routing
......@@ -2942,27 +2887,6 @@
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j address-93
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j address-94
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j address-95
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-0
-A OUTPUT
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -j logaccept-267
-A OUTPUT -j logdrop-1
-A OUTPUT -j logpass-167
-A OUTPUT -j logaccept-268
-A OUTPUT -j logdrop-2
-A OUTPUT -j logpass-168
-A OUTPUT -j logaccept-269
-A OUTPUT -j logdrop-3
-A OUTPUT -j logpass-169
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -j logaccept-270
-A OUTPUT -j logdrop-4
-A OUTPUT -j logpass-170
-A OUTPUT -m limit --limit 12/minute -j ULOG
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
......@@ -3916,15 +3840,6 @@
-A logaccept-265 -j ACCEPT
-A logaccept-266 -m limit --limit 12/minute -j ULOG
-A logaccept-266 -j ACCEPT
-A logaccept-267 -m limit --limit 1/second -j LOG
-A logaccept-267 -j ACCEPT
-A logaccept-268 -j LOG
-A logaccept-268 -j ACCEPT
-A logaccept-269 -j TEE --gateway 10.0.0.1
-A logaccept-269 -j TEE --gateway 10.0.0.2
-A logaccept-269 -j ACCEPT
-A logaccept-270 -m limit --limit 12/minute -j ULOG
-A logaccept-270 -j ACCEPT
-A logaccept-3 -m limit --limit 12/minute -j ULOG
-A logaccept-3 -j ACCEPT
-A logaccept-32 -m limit --limit 1/second -j LOG
......@@ -4051,17 +3966,6 @@
-A logaccept-98 -j ACCEPT
-A logaccept-99 -m limit --limit 12/minute -j ULOG
-A logaccept-99 -j ACCEPT
-A logdrop-0 -m limit --limit 1/second -j LOG
-A logdrop-0 -j DROP
-A logdrop-1 -m limit --limit 1/second -j LOG
-A logdrop-1 -j DROP
-A logdrop-2 -j LOG
-A logdrop-2 -j DROP
-A logdrop-3 -j TEE --gateway 10.0.0.1
-A logdrop-3 -j TEE --gateway 10.0.0.2
-A logdrop-3 -j DROP
-A logdrop-4 -m limit --limit 12/minute -j ULOG
-A logdrop-4 -j DROP
-A logpass-0 -m limit --limit 1/second -j LOG
-A logpass-1 -m limit --limit 12/minute -j ULOG
-A logpass-10 -m limit --limit 12/minute -j ULOG
......@@ -4136,12 +4040,7 @@
-A logpass-164 -m limit --limit 12/minute -j ULOG
-A logpass-165 -m limit --limit 1/second -j LOG
-A logpass-166 -m limit --limit 12/minute -j ULOG
-A logpass-167 -m limit --limit 1/second -j LOG
-A logpass-168 -j LOG
-A logpass-169 -j TEE --gateway 10.0.0.1
-A logpass-169 -j TEE --gateway 10.0.0.2
-A logpass-17 -m limit --limit 1/second -j LOG
-A logpass-170 -m limit --limit 12/minute -j ULOG
-A logpass-18 -m limit --limit 12/minute -j ULOG
-A logpass-19 -m limit --limit 1/second -j LOG
-A logpass-2 -m limit --limit 1/second -j LOG
......
......@@ -180,11 +180,7 @@
:logaccept-233 - [0:0]
:logaccept-234 - [0:0]
:logaccept-26 - [0:0]
:logaccept-267 - [0:0]
:logaccept-268 - [0:0]
:logaccept-269 - [0:0]
:logaccept-27 - [0:0]
:logaccept-270 - [0:0]
:logaccept-28 - [0:0]
:logaccept-29 - [0:0]
:logaccept-30 - [0:0]
......@@ -219,11 +215,6 @@
:logaccept-88 - [0:0]
:logaccept-89 - [0:0]
:logaccept-9 - [0:0]
:logdrop-0 - [0:0]
:logdrop-1 - [0:0]
:logdrop-2 - [0:0]
:logdrop-3 - [0:0]
:logdrop-4 - [0:0]
:logpass-0 - [0:0]
:logpass-109 - [0:0]
:logpass-115 - [0:0]
......@@ -231,9 +222,6 @@
:logpass-130 - [0:0]
:logpass-136 - [0:0]
:logpass-137 - [0:0]
:logpass-167 - [0:0]
:logpass-168 - [0:0]
:logpass-169 - [0:0]
:logpass-25 - [0:0]
:logpass-26 - [0:0]
:logpass-27 - [0:0]
......@@ -525,26 +513,6 @@
-A FORWARD -i eth1 -s fc00::/7 -j address-380
-A FORWARD -i eth1 -s fc00::/7 -j address-381
-A FORWARD -i eth1 -s fc00::/7 -j address-382
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
-A FORWARD
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -j logaccept-267
-A FORWARD -j logdrop-1
-A FORWARD -j logpass-167
-A FORWARD -j logaccept-268
-A FORWARD -j logdrop-2
-A FORWARD -j logpass-168
-A FORWARD -j logaccept-269
-A FORWARD -j logdrop-3
-A FORWARD -j logpass-169
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -j logaccept-270
-A FORWARD -j logdrop-4
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
......@@ -756,26 +724,6 @@
-A INPUT -i eth1 -s fc00::/7 -j address-380
-A INPUT -i eth1 -s fc00::/7 -j address-381
-A INPUT -i eth1 -s fc00::/7 -j address-382
-A INPUT -j ACCEPT
-A INPUT -j logdrop-0
-A INPUT
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -j logaccept-267
-A INPUT -j logdrop-1
-A INPUT -j logpass-167
-A INPUT -j logaccept-268
-A INPUT -j logdrop-2
-A INPUT -j logpass-168
-A INPUT -j logaccept-269
-A INPUT -j logdrop-3
-A INPUT -j logpass-169
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -j logaccept-270
-A INPUT -j logdrop-4
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
......@@ -872,26 +820,6 @@
-A OUTPUT -o eth1 -d fc00::/7 -j address-93
-A OUTPUT -o eth1 -d fc00::/7 -j address-94
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-0
-A OUTPUT
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -j logaccept-267
-A OUTPUT -j logdrop-1
-A OUTPUT -j logpass-167
-A OUTPUT -j logaccept-268
-A OUTPUT -j logdrop-2
-A OUTPUT -j logpass-168
-A OUTPUT -j logaccept-269
-A OUTPUT -j logdrop-3
-A OUTPUT -j logpass-169
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -j logaccept-270
-A OUTPUT -j logdrop-4
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
-A OUTPUT -p icmpv6 -j ACCEPT
-A address-108 -d fc00::2 -j ACCEPT
......@@ -1109,15 +1037,7 @@
-A logaccept-234 -j ACCEPT
-A logaccept-26 -m limit --limit 1/second -j LOG
-A logaccept-26 -j ACCEPT
-A logaccept-267 -m limit --limit 1/second -j LOG
-A logaccept-267 -j ACCEPT
-A logaccept-268 -j LOG
-A logaccept-268 -j TEE --gateway fc00::1
-A logaccept-268 -j ACCEPT
-A logaccept-269 -j TEE --gateway fc00::2
-A logaccept-269 -j ACCEPT
-A logaccept-27 -j ACCEPT
-A logaccept-270 -j ACCEPT
-A logaccept-28 -m limit --limit 1/second -j LOG
-A logaccept-28 -j ACCEPT
-A logaccept-29 -j ACCEPT
......@@ -1171,16 +1091,6 @@
-A logaccept-88 -j ACCEPT
-A logaccept-89 -j ACCEPT
-A logaccept-9 -j ACCEPT
-A logdrop-0 -m limit --limit 1/second -j LOG
-A logdrop-0 -j DROP
-A logdrop-1 -m limit --limit 1/second -j LOG
-A logdrop-1 -j DROP
-A logdrop-2 -j LOG
-A logdrop-2 -j TEE --gateway fc00::1
-A logdrop-2 -j DROP
-A logdrop-3 -j TEE --gateway fc00::2
-A logdrop-3 -j DROP
-A logdrop-4 -j DROP
-A logpass-0 -m limit --limit 1/second -j LOG
-A logpass-109 -m limit --limit 1/second -j LOG
-A logpass-115 -m limit --limit 1/second -j LOG
......@@ -1188,10 +1098,6 @@
-A logpass-130 -m limit --limit 1/second -j LOG
-A logpass-136 -m limit --limit 1/second -j LOG
-A logpass-137 -m limit --limit 1/second -j LOG
-A logpass-167 -m limit --limit 1/second -j LOG
-A logpass-168 -j LOG
-A logpass-168 -j TEE --gateway fc00::1
-A logpass-169 -j TEE --gateway fc00::2
-A logpass-25 -m limit --limit 1/second -j LOG
-A logpass-26 -m limit --limit 1/second -j LOG
-A logpass-27 -m limit --limit 1/second -j LOG
......
This diff is collapsed.
......@@ -5,43 +5,9 @@
:OUTPUT DROP [0:0]
:custom:foo - [0:0]
:icmp-routing - [0:0]
:logaccept-0 - [0:0]
:logaccept-1 - [0:0]
:logaccept-2 - [0:0]
:logaccept-3 - [0:0]
:logdrop-0 - [0:0]
:logdrop-1 - [0:0]
:logdrop-2 - [0:0]
:logdrop-3 - [0:0]
:logdrop-4 - [0:0]
:logpass-0 - [0:0]
:logpass-1 - [0:0]
:logpass-2 - [0:0]
:logpass-3 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -m owner --uid-owner 0 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -j custom:foo
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
-A FORWARD
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -j logaccept-0
-A FORWARD -j logdrop-1
-A FORWARD -j logpass-0
-A FORWARD -j logaccept-1
-A FORWARD -j logdrop-2
-A FORWARD -j logpass-1
-A FORWARD -j logaccept-2
-A FORWARD -j logdrop-3
-A FORWARD -j logpass-2
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -j logaccept-3
-A FORWARD -j logdrop-4
-A FORWARD -j logpass-3
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
......@@ -100,54 +66,12 @@
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -s 10.0.0.0/12 -j custom:foo
-A INPUT -j ACCEPT
-A INPUT -j logdrop-0
-A INPUT
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -j logaccept-0
-A INPUT -j logdrop-1
-A INPUT -j logpass-0
-A INPUT -j logaccept-1
-A INPUT -j logdrop-2
-A INPUT -j logpass-1
-A INPUT -j logaccept-2
-A INPUT -j logdrop-3
-A INPUT -j logpass-2
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -j logaccept-3
-A INPUT -j logdrop-4
-A INPUT -j logpass-3
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmp -j icmp-routing
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m owner --uid-owner 0 -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-0
-A OUTPUT
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -j logaccept-0
-A OUTPUT -j logdrop-1
-A OUTPUT -j logpass-0
-A OUTPUT -j logaccept-1
-A OUTPUT -j logdrop-2
-A OUTPUT -j logpass-1
-A OUTPUT -j logaccept-2
-A OUTPUT -j logdrop-3
-A OUTPUT -j logpass-2
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -j logaccept-3
-A OUTPUT -j logdrop-4
-A OUTPUT -j logpass-3
-A OUTPUT -m limit --limit 12/minute -j ULOG
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
......@@ -156,31 +80,6 @@
-A icmp-routing -p icmp --icmp-type 3 -j ACCEPT
-A icmp-routing -p icmp --icmp-type 11 -j ACCEPT
-A icmp-routing -p icmp --icmp-type 12 -j ACCEPT
-A logaccept-0 -m limit --limit 1/second -j LOG
-A logaccept-0 -j ACCEPT
-A logaccept-1 -j LOG
-A logaccept-1 -j ACCEPT
-A logaccept-2 -j TEE --gateway 10.0.0.1
-A logaccept-2 -j TEE --gateway 10.0.0.2
-A logaccept-2 -j ACCEPT
-A logaccept-3 -m limit --limit 12/minute -j ULOG
-A logaccept-3 -j ACCEPT
-A logdrop-0 -m limit --limit 1/second -j LOG
-A logdrop-0 -j DROP
-A logdrop-1 -m limit --limit 1/second -j LOG
-A logdrop-1 -j DROP
-A logdrop-2 -j LOG
-A logdrop-2 -j DROP
-A logdrop-3 -j TEE --gateway 10.0.0.1
-A logdrop-3 -j TEE --gateway 10.0.0.2
-A logdrop-3 -j DROP
-A logdrop-4 -m limit --limit 12/minute -j ULOG
-A logdrop-4 -j DROP
-A logpass-0 -m limit --limit 1/second -j LOG
-A logpass-1 -j LOG
-A logpass-2 -j TEE --gateway 10.0.0.1
-A logpass-2 -j TEE --gateway 10.0.0.2
-A logpass-3 -m limit --limit 12/minute -j ULOG
COMMIT
*mangle
:FORWARD ACCEPT [0:0]
......
......@@ -5,41 +5,9 @@
:OUTPUT DROP [0:0]
:custom:foo - [0:0]
:icmp-routing - [0:0]
:logaccept-0 - [0:0]
:logaccept-1 - [0:0]
:logaccept-2 - [0:0]
:logaccept-3 - [0:0]
:logdrop-0 - [0:0]
:logdrop-1 - [0:0]
:logdrop-2 - [0:0]
:logdrop-3 - [0:0]
:logdrop-4 - [0:0]
:logpass-0 - [0:0]
:logpass-1 - [0:0]
:logpass-2 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -m owner --uid-owner 0 -j ACCEPT
-A FORWARD -i eth1 -s fc00::/7 -j custom:foo
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
-A FORWARD
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -j logaccept-0
-A FORWARD -j logdrop-1
-A FORWARD -j logpass-0
-A FORWARD -j logaccept-1
-A FORWARD -j logdrop-2
-A FORWARD -j logpass-1
-A FORWARD -j logaccept-2
-A FORWARD -j logdrop-3
-A FORWARD -j logpass-2
-A FORWARD -j ACCEPT
-A FORWARD -j DROP
-A FORWARD
-A FORWARD -j logaccept-3
-A FORWARD -j logdrop-4
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
......@@ -72,26 +40,6 @@
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -s fc00::/7 -j custom:foo
-A INPUT -j ACCEPT
-A INPUT -j logdrop-0
-A INPUT
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -j logaccept-0
-A INPUT -j logdrop-1
-A INPUT -j logpass-0
-A INPUT -j logaccept-1
-A INPUT -j logdrop-2
-A INPUT -j logpass-1
-A INPUT -j logaccept-2
-A INPUT -j logdrop-3
-A INPUT -j logpass-2
-A INPUT -j ACCEPT
-A INPUT -j DROP
-A INPUT
-A INPUT -j logaccept-3
-A INPUT -j logdrop-4
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
......@@ -99,26 +47,6 @@
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m owner --uid-owner 0 -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-0
-A OUTPUT
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -j logaccept-0
-A OUTPUT -j logdrop-1
-A OUTPUT -j logpass-0
-A OUTPUT -j logaccept-1
-A OUTPUT -j logdrop-2
-A OUTPUT -j logpass-1
-A OUTPUT -j logaccept-2
-A OUTPUT -j logdrop-3
-A OUTPUT -j logpass-2
-A OUTPUT -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT
-A OUTPUT -j logaccept-3
-A OUTPUT -j logdrop-4
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
-A OUTPUT -p icmpv6 -j ACCEPT
-A custom:foo -m hl --hl-lt 7 -j REJECT --reject-with icmpv6-no-route
......@@ -127,28 +55,6 @@
-A icmp-routing -p icmpv6 --icmpv6-type 2 -j ACCEPT
-A icmp-routing -p icmpv6 --icmpv6-type 3 -j ACCEPT
-A icmp-routing -p icmpv6 --icmpv6-type 4 -j ACCEPT
-A logaccept-0 -m limit --limit 1/second -j LOG
-A logaccept-0 -j ACCEPT
-A logaccept-1 -j LOG
-A logaccept-1 -j TEE --gateway fc00::1
-A logaccept-1 -j ACCEPT
-A logaccept-2 -j TEE --gateway fc00::2
-A logaccept-2 -j ACCEPT
-A logaccept-3 -j ACCEPT
-A logdrop-0 -m limit --limit 1/second -j LOG
-A logdrop-0 -j DROP
-A logdrop-1 -m limit --limit 1/second -j LOG
-A logdrop-1 -j DROP
-A logdrop-2 -j LOG
-A logdrop-2 -j TEE --gateway fc00::1
-A logdrop-2 -j DROP
-A logdrop-3 -j TEE --gateway fc00::2
-A logdrop-3 -j DROP
-A logdrop-4 -j DROP
-A logpass-0 -m limit --limit 1/second -j LOG
-A logpass-1 -j LOG
-A logpass-1 -j TEE --gateway fc00::1
-A logpass-2 -j TEE --gateway fc00::2
COMMIT
*mangle
:INPUT ACCEPT [0:0]
......
This diff is collapsed.
......@@ -7,44 +7,10 @@
:awall-INPUT - [0:0]
:awall-OUTPUT - [0:0]
:awall-icmp-routing - [0:0]
:awall-logaccept-0 - [0:0]
:awall-logaccept-1 - [0:0]
:awall-logaccept-2 - [0:0]
:awall-logaccept-3 - [0:0]
:awall-logdrop-0 - [0:0]
:awall-logdrop-1 - [0:0]
:awall-logdrop-2 - [0:0]
:awall-logdrop-3 - [0:0]
:awall-logdrop-4 - [0:0]
:awall-logpass-0 - [0:0]
:awall-logpass-1 - [0:0]
:awall-logpass-2 - [0:0]
:awall-logpass-3 - [0:0]
-A FORWARD -j awall-FORWARD
-A INPUT -j awall-INPUT
-A OUTPUT -j awall-OUTPUT
-A awall-FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A awall-FORWARD -j ACCEPT
-A awall-FORWARD -j awall-logdrop-0
-A awall-FORWARD
-A awall-FORWARD -j ACCEPT
-A awall-FORWARD -j DROP
-A awall-FORWARD
-A awall-FORWARD -j awall-logaccept-0
-A awall-FORWARD -j awall-logdrop-1
-A awall-FORWARD -j awall-logpass-0
-A awall-FORWARD -j awall-logaccept-1
-A awall-FORWARD -j awall-logdrop-2
-A awall-FORWARD -j awall-logpass-1
-A awall-FORWARD -j awall-logaccept-2
-A awall-FORWARD -j awall-logdrop-3
-A awall-FORWARD -j awall-logpass-2
-A awall-FORWARD -j ACCEPT
-A awall-FORWARD -j DROP
-A awall-FORWARD
-A awall-FORWARD -j awall-logaccept-3
-A awall-FORWARD -j awall-logdrop-4
-A awall-FORWARD -j awall-logpass-3
-A awall-FORWARD -i eth0 -j ACCEPT
-A awall-FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
-A awall-FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
......@@ -102,53 +68,11 @@
-A awall-INPUT -m limit --limit 1/second -j LOG
-A awall-INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A awall-INPUT -i lo -j ACCEPT
-A awall-INPUT -j ACCEPT
-A awall-INPUT -j awall-logdrop-0
-A awall-INPUT
-A awall-INPUT -j ACCEPT
-A awall-INPUT -j DROP
-A awall-INPUT
-A awall-INPUT -j awall-logaccept-0
-A awall-INPUT -j awall-logdrop-1
-A awall-INPUT -j awall-logpass-0
-A awall-INPUT -j awall-logaccept-1
-A awall-INPUT -j awall-logdrop-2
-A awall-INPUT -j awall-logpass-1
-A awall-INPUT -j awall-logaccept-2
-A awall-INPUT -j awall-logdrop-3
-A awall-INPUT -j awall-logpass-2
-A awall-INPUT -j ACCEPT
-A awall-INPUT -j DROP
-A awall-INPUT
-A awall-INPUT -j awall-logaccept-3
-A awall-INPUT -j awall-logdrop-4
-A awall-INPUT -j awall-logpass-3
-A awall-INPUT -i eth0 -j ACCEPT
-A awall-INPUT -j ACCEPT
-A awall-INPUT -p icmp -j awall-icmp-routing
-A awall-OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A awall-OUTPUT -o lo -j ACCEPT
-A awall-OUTPUT -j ACCEPT
-A awall-OUTPUT -j awall-logdrop-0
-A awall-OUTPUT
-A awall-OUTPUT -j ACCEPT
-A awall-OUTPUT -j DROP
-A awall-OUTPUT
-A awall-OUTPUT -j awall-logaccept-0
-A awall-OUTPUT -j awall-logdrop-1