[root@gateway shorewall]# /sbin/shorewall show
Shorewall-2.0.17 Chain at gateway.immoos.homelinux.net - Sat Jan 7
17:09:04 EST 2006
Counters reset Sat Jan 7 16:57:41 EST 2006
Chain INPUT (policy DROP 1 packets, 176 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
218 140K ppp_in all -- ppp+ * 0.0.0.0/0
0.0.0.0/0
638 79585 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_in all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 3 packets, 180 bytes)
pkts bytes target prot opt in out source
destination
5 300 TCPMSS tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
27 8261 ppp_fwd all -- ppp+ * 0.0.0.0/0
0.0.0.0/0
47 3189 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 4 packets, 604 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
202 16514 fw2net all -- * ppp+ 0.0.0.0/0
0.0.0.0/0
0 0 fw2net all -- * eth1 0.0.0.0/0
0.0.0.0/0
625 221K fw2loc all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain Drop (1 references)
pkts bytes target prot opt in out source
destination
31 8807 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
31 8807 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
31 8807 dropInvalid all -- * *
0.0.0.0/0 0.0.0.0/0
31 8807 DropSMB all -- * * 0.0.0.0/0
0.0.0.0/0
31 8807 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
31 8807 dropNotSyn all -- * * 0.0.0.0/0
0.0.0.0/0
31 8807 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53
Chain DropSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain DropUPnP (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
Chain Reject (4 references)
pkts bytes target prot opt in out source
destination
0 0 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropInvalid all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 RejectSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNotSyn all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain RejectAuth (2 references)
pkts bytes target prot opt in out source
destination
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
Chain RejectSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain all2all (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x16/0x02
Chain dynamic (6 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
8 493 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
47 3189 loc2net all -- * ppp+ 0.0.0.0/0
0.0.0.0/0
0 0 loc2net all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
170 29512 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
638 79585 loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 ACCEPT all -- * ppp+ 0.0.0.0/0
0.0.0.0/0
0 0 net2loc all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2loc (1 references)
pkts bytes target prot opt in out source
destination
525 206K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
100 14551 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (2 references)
pkts bytes target prot opt in out source
destination
168 14234 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
9 540 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
25 1740 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmpdef (0 references)
pkts bytes target prot opt in out source
destination
Chain loc2fw (1 references)
pkts bytes target prot opt in out source
destination
468 50073 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
5 300 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports
80,443,22,20,25,109,110,143,5223,10000
4 224 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3128
161 28988 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (2 references)
pkts bytes target prot opt in out source
destination
39 2696 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 192.168.3.240
0.0.0.0/0 udp dpt:5060
0 0 ACCEPT tcp -- * * 192.168.3.240
0.0.0.0/0 tcp dpt:5060
0 0 ACCEPT udp -- * * 192.168.3.240
0.0.0.0/0 udp spts:8000:8020 dpts:8000:8020
0 0 ACCEPT udp -- * * 192.168.3.240
0.0.0.0/0 udp spts:16384:23384 dpts:16384:23384
8 493 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 7 prefix
`Shorewall:loc2net:ACCEPT:''
8 493 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2all (2 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
31 8807 Drop all -- * * 0.0.0.0/0
0.0.0.0/0
31 8807 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:net2all:DROP:''
31 8807 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (2 references)
pkts bytes target prot opt in out source
destination
186 131K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 60 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports
80,443,22,20,25,109,110,143,5223,10000
31 8807 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2loc (2 references)
pkts bytes target prot opt in out source
destination
27 8261 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
192.168.3.240 tcp dpt:5060
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.3.240 udp dpt:5060
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.3.240 udp spts:8000:8020 dpts:8000:8020
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.3.240 udp spts:16384:23384 dpts:16384:23384
0 0 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain ppp_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0
27 8261 net2loc all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain ppp_in (1 references)
pkts bytes target prot opt in out source
destination
32 8867 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
218 140K net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 192.168.3.255
0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 192.168.3.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.3.255
0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
[root@gateway shorewall]#
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click