Commit 2b669c10 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

test: packet-log

parent eabe4a9a
......@@ -3,6 +3,10 @@
"none": { "mode": "none" },
"ulog": { "mode": "ulog", "limit": { "interval": 5 } }
},
"packet-log": [
{ "out": "_fw" },
{ "out": "_fw", "log": "ulog" }
],
"filter": [
{},
{ "action": "drop" },
......
......@@ -8044,6 +8044,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"}
(services)
......@@ -10191,6 +10201,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......@@ -13031,6 +13043,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -1937,6 +1937,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -559,6 +559,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -35774,6 +35774,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"}
(services)
......@@ -41445,6 +41455,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set
-A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set
-A INPUT -j limit-1886
......@@ -59939,6 +59951,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j limit-1886
......@@ -5461,6 +5461,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set
-A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set
-A INPUT -j limit-1886
......
......@@ -5435,6 +5435,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j limit-1886
......
......@@ -392,6 +392,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"}
(services)
......@@ -689,6 +699,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......@@ -867,6 +879,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -87,6 +87,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -61,6 +61,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -388,6 +388,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"}
(services)
......@@ -681,6 +691,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......@@ -863,6 +875,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -83,6 +83,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -51,6 +51,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Route-track 1 {"mark":4}
(route-track)
inet/mangle/OUTPUT -m mark --mark 0 -j MARK --set-mark 4
......@@ -621,6 +631,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......@@ -773,6 +785,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -77,6 +77,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -51,6 +51,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"}
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
Packet-log 1 {"out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 1/second -j LOG
inet6/filter/INPUT -m limit --limit 1/second -j LOG
Packet-log 2 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
Service babel {"port":6697,"proto":"tcp"}
(services)
......@@ -615,6 +625,8 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......@@ -766,6 +778,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -77,6 +77,8 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
......@@ -51,6 +51,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j ACCEPT
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment