Commit d172644f authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

test: filter-limit: make conn and flow limit outputs differ

parent cdd8944b
......@@ -29,7 +29,7 @@ function add(limit_type, base)
end
end
add('conn')
add('conn', {out='B'})
add('flow')
add('flow', {['in']='A', out='_fw', ['no-track']=true})
......
......@@ -78,14 +78,12 @@ Filter 6 {"action":"tarpit"}
inet/raw/OUTPUT -j CT --notrack
inet6/raw/OUTPUT -j CT --notrack
Filter 7 {"conn-limit":1}
(filter-limit)
inet/filter/FORWARD -j limit-0
inet6/filter/FORWARD -j limit-0
inet/filter/INPUT -j limit-0
inet6/filter/INPUT -j limit-0
inet/filter/OUTPUT -j limit-0
inet6/filter/OUTPUT -j limit-0
Filter 7 {"conn-limit":1,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-0
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-0
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-0
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-0
inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-1
inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-1
inet/filter/logdrop-1 -m limit --limit 1/second -j LOG
......@@ -95,14 +93,12 @@ Filter 7 {"conn-limit":1}
inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 8 {"action":"pass","conn-limit":1}
Filter 8 {"action":"pass","conn-limit":1,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-1
inet6/filter/FORWARD -j limit-1
inet/filter/INPUT -j limit-1
inet6/filter/INPUT -j limit-1
inet/filter/OUTPUT -j limit-1
inet6/filter/OUTPUT -j limit-1
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-1
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-1
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-1
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-1
inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-2
inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2
inet/filter/logdrop-2 -m limit --limit 1/second -j LOG
......@@ -112,14 +108,12 @@ Filter 8 {"action":"pass","conn-limit":1}
inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 9 {"conn-limit":1,"log":true}
Filter 9 {"conn-limit":1,"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-2
inet6/filter/FORWARD -j limit-2
inet/filter/INPUT -j limit-2
inet6/filter/INPUT -j limit-2
inet/filter/OUTPUT -j limit-2
inet6/filter/OUTPUT -j limit-2
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-2
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-2
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-2
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-2
inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3
inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3
inet/filter/logdrop-3 -m limit --limit 1/second -j LOG
......@@ -131,14 +125,12 @@ Filter 9 {"conn-limit":1,"log":true}
inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 10 {"action":"pass","conn-limit":1,"log":true}
Filter 10 {"action":"pass","conn-limit":1,"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-3
inet6/filter/FORWARD -j limit-3
inet/filter/INPUT -j limit-3
inet6/filter/INPUT -j limit-3
inet/filter/OUTPUT -j limit-3
inet6/filter/OUTPUT -j limit-3
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-3
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-3
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-3
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-3
inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4
inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4
inet/filter/logdrop-4 -m limit --limit 1/second -j LOG
......@@ -148,14 +140,12 @@ Filter 10 {"action":"pass","conn-limit":1,"log":true}
inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 11 {"conn-limit":1,"log":"none"}
Filter 11 {"conn-limit":1,"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-4
inet6/filter/FORWARD -j limit-4
inet/filter/INPUT -j limit-4
inet6/filter/INPUT -j limit-4
inet/filter/OUTPUT -j limit-4
inet6/filter/OUTPUT -j limit-4
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-4
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-4
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-4
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-4
inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5
inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5
inet/filter/logdrop-5 -m limit --limit 1/second -j LOG
......@@ -165,14 +155,12 @@ Filter 11 {"conn-limit":1,"log":"none"}
inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 12 {"action":"pass","conn-limit":1,"log":"none"}
Filter 12 {"action":"pass","conn-limit":1,"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-5
inet6/filter/FORWARD -j limit-5
inet/filter/INPUT -j limit-5
inet6/filter/INPUT -j limit-5
inet/filter/OUTPUT -j limit-5
inet6/filter/OUTPUT -j limit-5
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-5
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-5
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-5
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-5
inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6
inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6
inet/filter/logdrop-6 -m limit --limit 1/second -j LOG
......@@ -182,40 +170,34 @@ Filter 12 {"action":"pass","conn-limit":1,"log":"none"}
inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 13 {"conn-limit":{"count":1,"log":false}}
Filter 13 {"conn-limit":{"count":1,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-6
inet6/filter/FORWARD -j limit-6
inet/filter/INPUT -j limit-6
inet6/filter/INPUT -j limit-6
inet/filter/OUTPUT -j limit-6
inet6/filter/OUTPUT -j limit-6
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-6
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-6
inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 14 {"action":"pass","conn-limit":{"count":1,"log":false}}
Filter 14 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-7
inet6/filter/FORWARD -j limit-7
inet/filter/INPUT -j limit-7
inet6/filter/INPUT -j limit-7
inet/filter/OUTPUT -j limit-7
inet6/filter/OUTPUT -j limit-7
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-7
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-7
inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 15 {"conn-limit":{"count":1,"log":false},"log":true}
Filter 15 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-8
inet6/filter/FORWARD -j limit-8
inet/filter/INPUT -j limit-8
inet6/filter/INPUT -j limit-8
inet/filter/OUTPUT -j limit-8
inet6/filter/OUTPUT -j limit-8
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-8
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-8
inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-8 -m limit --limit 1/second -j LOG
......@@ -223,79 +205,67 @@ Filter 15 {"conn-limit":{"count":1,"log":false},"log":tr
inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 16 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true}
Filter 16 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-9
inet6/filter/FORWARD -j limit-9
inet/filter/INPUT -j limit-9
inet6/filter/INPUT -j limit-9
inet/filter/OUTPUT -j limit-9
inet6/filter/OUTPUT -j limit-9
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-9
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-9
inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 17 {"conn-limit":{"count":1,"log":false},"log":"none"}
Filter 17 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-10
inet6/filter/FORWARD -j limit-10
inet/filter/INPUT -j limit-10
inet6/filter/INPUT -j limit-10
inet/filter/OUTPUT -j limit-10
inet6/filter/OUTPUT -j limit-10
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-10
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-10
inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 18 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none"}
Filter 18 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-11
inet6/filter/FORWARD -j limit-11
inet/filter/INPUT -j limit-11
inet6/filter/INPUT -j limit-11
inet/filter/OUTPUT -j limit-11
inet6/filter/OUTPUT -j limit-11
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-11
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-11
inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 19 {"conn-limit":{"count":1,"log":"none"}}
Filter 19 {"conn-limit":{"count":1,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-12
inet6/filter/FORWARD -j limit-12
inet/filter/INPUT -j limit-12
inet6/filter/INPUT -j limit-12
inet/filter/OUTPUT -j limit-12
inet6/filter/OUTPUT -j limit-12
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-12
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-12
inet/filter/limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 20 {"action":"pass","conn-limit":{"count":1,"log":"none"}}
Filter 20 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-13
inet6/filter/FORWARD -j limit-13
inet/filter/INPUT -j limit-13
inet6/filter/INPUT -j limit-13
inet/filter/OUTPUT -j limit-13
inet6/filter/OUTPUT -j limit-13
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-13
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-13
inet/filter/limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 21 {"conn-limit":{"count":1,"log":"none"},"log":true}
Filter 21 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-14
inet6/filter/FORWARD -j limit-14
inet/filter/INPUT -j limit-14
inet6/filter/INPUT -j limit-14
inet/filter/OUTPUT -j limit-14
inet6/filter/OUTPUT -j limit-14
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-14
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-14
inet/filter/limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-14 -m limit --limit 1/second -j LOG
......@@ -303,53 +273,45 @@ Filter 21 {"conn-limit":{"count":1,"log":"none"},"log":t
inet/filter/limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 22 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true}
Filter 22 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-15
inet6/filter/FORWARD -j limit-15
inet/filter/INPUT -j limit-15
inet6/filter/INPUT -j limit-15
inet/filter/OUTPUT -j limit-15
inet6/filter/OUTPUT -j limit-15
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-15
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-15
inet/filter/limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 23 {"conn-limit":{"count":1,"log":"none"},"log":"none"}
Filter 23 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-16
inet6/filter/FORWARD -j limit-16
inet/filter/INPUT -j limit-16
inet6/filter/INPUT -j limit-16
inet/filter/OUTPUT -j limit-16
inet6/filter/OUTPUT -j limit-16
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-16
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-16
inet/filter/limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 24 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none"}
Filter 24 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-17
inet6/filter/FORWARD -j limit-17
inet/filter/INPUT -j limit-17
inet6/filter/INPUT -j limit-17
inet/filter/OUTPUT -j limit-17
inet6/filter/OUTPUT -j limit-17
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-17
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-17
inet/filter/limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 25 {"conn-limit":30}
Filter 25 {"conn-limit":30,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-18
inet6/filter/FORWARD -j limit-18
inet/filter/INPUT -j limit-18
inet6/filter/INPUT -j limit-18
inet/filter/OUTPUT -j limit-18
inet6/filter/OUTPUT -j limit-18
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-18
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-18
inet/filter/limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-18 -j ACCEPT
inet6/filter/limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-18 -j ACCEPT
inet/filter/limit-18 -m limit --limit 1/second -j LOG
......@@ -357,14 +319,12 @@ Filter 25 {"conn-limit":30}
inet/filter/limit-18 -j DROP
inet6/filter/limit-18 -j DROP
Filter 26 {"action":"pass","conn-limit":30}
Filter 26 {"action":"pass","conn-limit":30,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-19
inet6/filter/FORWARD -j limit-19
inet/filter/INPUT -j limit-19
inet6/filter/INPUT -j limit-19
inet/filter/OUTPUT -j limit-19
inet6/filter/OUTPUT -j limit-19
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-19
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-19
inet/filter/limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-19 -j RETURN
inet6/filter/limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-19 -j RETURN
inet/filter/limit-19 -m limit --limit 1/second -j LOG
......@@ -372,14 +332,12 @@ Filter 26 {"action":"pass","conn-limit":30}
inet/filter/limit-19 -j DROP
inet6/filter/limit-19 -j DROP
Filter 27 {"conn-limit":30,"log":true}
Filter 27 {"conn-limit":30,"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-20
inet6/filter/FORWARD -j limit-20
inet/filter/INPUT -j limit-20
inet6/filter/INPUT -j limit-20
inet/filter/OUTPUT -j limit-20
inet6/filter/OUTPUT -j limit-20
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-20
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-20
inet/filter/limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-20 -j logaccept-0
inet6/filter/limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-20 -j logaccept-0
inet/filter/logaccept-0 -m limit --limit 1/second -j LOG
......@@ -391,14 +349,12 @@ Filter 27 {"conn-limit":30,"log":true}
inet/filter/limit-20 -j DROP
inet6/filter/limit-20 -j DROP
Filter 28 {"conn-limit":30,"log":"none"}
Filter 28 {"conn-limit":30,"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-21
inet6/filter/FORWARD -j limit-21
inet/filter/INPUT -j limit-21
inet6/filter/INPUT -j limit-21
inet/filter/OUTPUT -j limit-21
inet6/filter/OUTPUT -j limit-21
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-21
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-21
inet/filter/limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-21 -j ACCEPT
inet6/filter/limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-21 -j ACCEPT
inet/filter/limit-21 -m limit --limit 1/second -j LOG
......@@ -406,40 +362,34 @@ Filter 28 {"conn-limit":30,"log":"none"}
inet/filter/limit-21 -j DROP
inet6/filter/limit-21 -j DROP
Filter 29 {"conn-limit":{"count":30,"log":false}}
Filter 29 {"conn-limit":{"count":30,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-22
inet6/filter/FORWARD -j limit-22
inet/filter/INPUT -j limit-22
inet6/filter/INPUT -j limit-22
inet/filter/OUTPUT -j limit-22
inet6/filter/OUTPUT -j limit-22
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-22
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-22
inet/filter/limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-22 -j ACCEPT
inet6/filter/limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-22 -j ACCEPT
inet/filter/limit-22 -j DROP
inet6/filter/limit-22 -j DROP
Filter 30 {"action":"pass","conn-limit":{"count":30,"log":false}}
Filter 30 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-23
inet6/filter/FORWARD -j limit-23
inet/filter/INPUT -j limit-23
inet6/filter/INPUT -j limit-23
inet/filter/OUTPUT -j limit-23
inet6/filter/OUTPUT -j limit-23
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-23
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-23
inet/filter/limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-23 -j RETURN
inet6/filter/limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-23 -j RETURN
inet/filter/limit-23 -j DROP
inet6/filter/limit-23 -j DROP
Filter 31 {"conn-limit":{"count":30,"log":false},"log":true}
Filter 31 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-24
inet6/filter/FORWARD -j limit-24
inet/filter/INPUT -j limit-24
inet6/filter/INPUT -j limit-24
inet/filter/OUTPUT -j limit-24
inet6/filter/OUTPUT -j limit-24
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-24
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-24
inet/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j logaccept-1
inet6/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j logaccept-1
inet/filter/logaccept-1 -m limit --limit 1/second -j LOG
......@@ -449,53 +399,45 @@ Filter 31 {"conn-limit":{"count":30,"log":false},"log":t
inet/filter/limit-24 -j DROP
inet6/filter/limit-24 -j DROP
Filter 32 {"conn-limit":{"count":30,"log":false},"log":"none"}
Filter 32 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-25
inet6/filter/FORWARD -j limit-25
inet/filter/INPUT -j limit-25
inet6/filter/INPUT -j limit-25
inet/filter/OUTPUT -j limit-25
inet6/filter/OUTPUT -j limit-25
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-25
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-25
inet/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j ACCEPT
inet6/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j ACCEPT
inet/filter/limit-25 -j DROP
inet6/filter/limit-25 -j DROP
Filter 33 {"conn-limit":{"count":30,"log":"none"}}
Filter 33 {"conn-limit":{"count":30,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-26
inet6/filter/FORWARD -j limit-26
inet/filter/INPUT -j limit-26
inet6/filter/INPUT -j limit-26
inet/filter/OUTPUT -j limit-26
inet6/filter/OUTPUT -j limit-26
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26
inet/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j ACCEPT
inet6/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j ACCEPT
inet/filter/limit-26 -j DROP
inet6/filter/limit-26 -j DROP
Filter 34 {"action":"pass","conn-limit":{"count":30,"log":"none"}}
Filter 34 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-27
inet6/filter/FORWARD -j limit-27
inet/filter/INPUT -j limit-27
inet6/filter/INPUT -j limit-27
inet/filter/OUTPUT -j limit-27
inet6/filter/OUTPUT -j limit-27
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-27
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-27
inet/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j RETURN
inet6/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j RETURN
inet/filter/limit-27 -j DROP
inet6/filter/limit-27 -j DROP
Filter 35 {"conn-limit":{"count":30,"log":"none"},"log":true}
Filter 35 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-28
inet6/filter/FORWARD -j limit-28
inet/filter/INPUT -j limit-28
inet6/filter/INPUT -j limit-28
inet/filter/OUTPUT -j limit-28
inet6/filter/OUTPUT -j limit-28
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-28
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-28
inet/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j logaccept-2
inet6/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j logaccept-2
inet/filter/logaccept-2 -m limit --limit 1/second -j LOG
......@@ -505,14 +447,12 @@ Filter 35 {"conn-limit":{"count":30,"log":"none"},"log":
inet/filter/limit-28 -j DROP
inet6/filter/limit-28 -j DROP
Filter 36 {"conn-limit":{"count":30,"log":"none"},"log":"none"}
Filter 36 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -j limit-29
inet6/filter/FORWARD -j limit-29
inet/filter/INPUT -j limit-29
inet6/filter/INPUT -j limit-29
inet/filter/OUTPUT -j limit-29
inet6/filter/OUTPUT -j limit-29
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-29
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-29
inet/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j ACCEPT
inet6/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j ACCEPT
inet/filter/limit-29 -j DROP
......@@ -2273,36 +2213,36 @@ hash:net family inet
-A FORWARD
-A FORWARD -j logreject-0
-A FORWARD -j logtarpit-0
-A FORWARD -j limit-0
-A FORWARD -j limit-1
-A FORWARD -j limit-2
-A FORWARD -j limit-3
-A FORWARD -j limit-4
-A FORWARD -j limit-5
-A FORWARD -j limit-6
-A FORWARD -j limit-7
-A FORWARD -j limit-8
-A FORWARD -j limit-9
-A FORWARD -j limit-10
-A FORWARD -j limit-11
-A FORWARD -j limit-12
-A FORWARD -j limit-13
-A FORWARD -j limit-14
-A FORWARD -j limit-15
-A FORWARD -j limit-16
-A FORWARD -j limit-17
-A FORWARD -j limit-18
-A FORWARD -j limit-19
-A FORWARD -j limit-20
-A FORWARD -j limit-21
-A FORWARD -j limit-22
-A FORWARD -j limit-23
-A FORWARD -j limit-24
-A FORWARD -j limit-25
-A FORWARD -j limit-26
-A FORWARD -j limit-27
-A FORWARD -j limit-28
-A FORWARD -j limit-29
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-0
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-1
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-2
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-3
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-4
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-5
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28
-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29
-A FORWARD -j ACCEPT
-A FORWARD -j logaccept-final-0
-A FORWARD -j ACCEPT
......@@ -2431,36 +2371,6 @@ hash:net family inet
-A INPUT
-A INPUT -j logreject-0
-A INPUT -j logtarpit-0
-A INPUT -j limit-0
-A INPUT -j limit-1
-A INPUT -j limit-2
-A INPUT -j limit-3
-A INPUT -j limit-4
-A INPUT -j limit-5
-A INPUT -j limit-6
-A INPUT -j limit-7
-A INPUT -j limit-8
-A INPUT -j limit-9
-A INPUT -j limit-10
-A INPUT -j limit-11
-A INPUT -j limit-12
-A INPUT -j limit-13
-A INPUT -j limit-14
-A INPUT -j limit-15
-A INPUT -j limit-16
-A INPUT -j limit-17
-A INPUT -j limit-18
-A INPUT -j limit-19
-A INPUT -j limit-20
-A INPUT -j limit-21
-A INPUT -j limit-22
-A INPUT -j limit-23
-A INPUT -j limit-24
-A INPUT -j limit-25
-A INPUT -j limit-26
-A INPUT -j limit-27
-A INPUT -j limit-28
-A INPUT -j limit-29
-A INPUT -j ACCEPT
-A INPUT -j logaccept-final-0
-A INPUT -j ACCEPT
......@@ -2575,36 +2485,36 @@ hash:net family inet
-A OUTPUT
-A OUTPUT -j logreject-0
-A OUTPUT -j logtarpit-0
-A OUTPUT -j limit-0
-A OUTPUT -j limit-1
-A OUTPUT -j limit-2
-A OUTPUT -j limit-3
-A OUTPUT -j limit-4
-A OUTPUT -j limit-5
-A OUTPUT -j limit-6
-A OUTPUT -j limit-7
-A OUTPUT -j limit-8
-A OUTPUT -j limit-9
-A OUTPUT -j limit-10
-A OUTPUT -j limit-11
-A OUTPUT -j limit-12
-A OUTPUT -j limit-13
-A OUTPUT -j limit-14
-A OUTPUT -j limit-15
-A OUTPUT -j limit-16
-A OUTPUT -j limit-17
-A OUTPUT -j limit-18
-A OUTPUT -j limit-19
-A OUTPUT -j limit-20
-A OUTPUT -j limit-21
-A OUTPUT -j limit-22
-A OUTPUT -j limit-23
-A OUTPUT -j limit-24
-A OUTPUT -j limit-25
-A OUTPUT -j limit-26
-A OUTPUT -j limit-27
-A OUTPUT -j limit-28
-A OUTPUT -j limit-29
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-0
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-1
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-2
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-3
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-4
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-5
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28
-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29
-A OUTPUT -j ACCEPT
-A OUTPUT -j logaccept-final-0
-A OUTPUT -j ACCEPT
......@@ -3221,36 +3131,36 @@ COMMIT
-A FORWARD
-A FORWARD -j logreject-0
-A FORWARD -j logtarpit-0
-A FORWARD -j limit-0
-A FORWARD -j limit-1
-A FORWARD -j limit-2
-A FORWARD -j limit-3
-A FORWARD -j limit-4
-A FORWARD -j limit-5
-A FORWARD -j limit-6
-A FORWARD -j limit-7
-A FORWARD -j limit-8
-A FORWARD -j limit-9
-A FORWARD -j limit-10
-A FORWARD -j limit-11
-A FORWARD -j limit-12
-A FORWARD -j limit-13
-A FORWARD -j limit-14
-A FORWARD -j limit-15
-A FORWARD -j limit-16
-A FORWARD -j limit-17
-A FORWARD -j limit-18
-A FORWARD -j limit-19
-A FORWARD -j limit-20
-A FORWARD -j limit-21
-A FORWARD -j limit-22
-A FORWARD -j limit-23
-A FORWARD -j limit-24
-A FORWARD -j limit-25
-A FORWARD -j limit-26
-A FORWARD -j limit-27
-A FORWARD -j limit-28
-A FORWARD -j limit-29
-A FORWARD -o eth1 -d fc00::/7 -j limit-0
-A FORWARD -o eth1 -d fc00::/7 -j limit-1
-A FORWARD -o eth1 -d fc00::/7 -j limit-2
-A FORWARD -o eth1 -d fc00::/7 -j limit-3