Problem with iptables
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all.
I'm using Etch a server and i want to configure bind.
After i've done everything i set up firehol (iptables parser) and
noticed that, when firehol is on, i cannot make any request to the
outside dns server.
I checked the firehol log and i see:
May 3 14:19:54 srv-web 'OUT-unknown:' IN= OUT=eth0 MAC=
SRC=192.168.100.2 DST=213.140.2.49 LEN=70 TOS=00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=53 DPT=53 LEN=50
OUT-unknown is the default rule for the OUTPUT chain (DROP).
In my firehol setup for that interface i have these rules:
policy drop
protection strong
server dns accept custom "--state NEW,ESTABLISHED"
server icmp accept
server http accept
server ftp accept
client all accept
This is a result of many tryings, but all without success.
Now, as far as i can understand, it seems as the packet originated from
my dns server is not intercepted by any rule, going then to the default
one (DROP).
These are the rules:
Chain out_public_lan_124 (1 references)
target prot opt source destination
out_public_lan_124_dns_s1 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_icmp_s2 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_http_s3 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_ftp_s4 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_all_c5 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_irc_c6 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_ftp_c7 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg
1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix
`''OUT-public_lan_124':'' queue
_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain out_public_lan_124_all_c5 (1 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
Chain out_public_lan_124_dns_s1 (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53
state NEW,ESTABLISHED
For a complete set of rules i have attached the all ruleset.
Is there something wrong with the rules generated by firehol?
Pier
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGOdT40EvuLV/O0yoRAuuvAKCVM8MK4ViDLmB+YlyoQKIl5RJpwACfXB4l
+rm1T2jCElp8t3PPRjv4fk0=
=u5xz
-----END PGP SIGNATURE-----
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan 0 -- 0.0.0.0/0 192.168.30.103
in_public_lan_124 0 -- 0.0.0.0/0 192.168.100.2
in_public_lan_125 0 -- 0.0.0.0/0 192.168.100.5
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'IN-unknown:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'PASS-unknown:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan 0 -- 192.168.30.103 0.0.0.0/0
out_public_lan_124 0 -- 192.168.100.2 0.0.0.0/0
out_public_lan_125 0 -- 192.168.100.5 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'OUT-unknown:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain in_lan (1 references)
target prot opt source destination
DROP 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID
pr_lan_fragments 0 -f 0.0.0.0/0 0.0.0.0/0
pr_lan_nosyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x17/0x02
pr_lan_icmpflood icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
pr_lan_synflood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
pr_lan_malxmas tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
pr_lan_malnull tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
pr_lan_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
pr_lan_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
pr_lan_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
pr_lan_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
in_lan_dns_s1 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan_http_s2 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan_https_s3 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan_ssh_s4 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan_icmp_s5 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan_ftp_s6 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan_all_c7 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan_irc_c8 0 -- 0.0.0.0/0 0.0.0.0/0
in_lan_ftp_c9 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `''IN-lan':'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain in_lan_all_c7 (1 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
Chain in_lan_dns_s1 (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW,ESTABLISHED
Chain in_lan_ftp_c9 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:32768:61000 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20 dpts:32768:61000 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpts:32768:61000 state ESTABLISHED
Chain in_lan_ftp_s6 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:21 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:20 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpts:32768:61000 state RELATED,ESTABLISHED
Chain in_lan_http_s2 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:80 state NEW,ESTABLISHED
Chain in_lan_https_s3 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:443 state NEW,ESTABLISHED
Chain in_lan_icmp_s5 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
Chain in_lan_irc_c8 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:6667 dpts:32768:61000 state ESTABLISHED
Chain in_lan_ssh_s4 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:22 state NEW,ESTABLISHED
Chain in_public_lan_124 (1 references)
target prot opt source destination
DROP 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID
pr_public_lan_124_fragments 0 -f 0.0.0.0/0 0.0.0.0/0
pr_public_lan_124_nosyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x17/0x02
pr_public_lan_124_icmpflood icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
pr_public_lan_124_synflood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
pr_public_lan_124_malxmas tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
pr_public_lan_124_malnull tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
pr_public_lan_124_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
pr_public_lan_124_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
pr_public_lan_124_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
pr_public_lan_124_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
in_public_lan_124_dns_s1 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_124_icmp_s2 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_124_http_s3 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_124_ftp_s4 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_124_all_c5 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_124_irc_c6 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_124_ftp_c7 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `''IN-public_lan_124':'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain in_public_lan_124_all_c5 (1 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
Chain in_public_lan_124_dns_s1 (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW,ESTABLISHED
Chain in_public_lan_124_ftp_c7 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:32768:61000 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20 dpts:32768:61000 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpts:32768:61000 state ESTABLISHED
Chain in_public_lan_124_ftp_s4 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:21 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:20 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpts:32768:61000 state RELATED,ESTABLISHED
Chain in_public_lan_124_http_s3 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:80 state NEW,ESTABLISHED
Chain in_public_lan_124_icmp_s2 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
Chain in_public_lan_124_irc_c6 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:6667 dpts:32768:61000 state ESTABLISHED
Chain in_public_lan_125 (1 references)
target prot opt source destination
DROP 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID
pr_public_lan_125_fragments 0 -f 0.0.0.0/0 0.0.0.0/0
pr_public_lan_125_nosyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x17/0x02
pr_public_lan_125_icmpflood icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
pr_public_lan_125_synflood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
pr_public_lan_125_malxmas tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
pr_public_lan_125_malnull tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
pr_public_lan_125_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
pr_public_lan_125_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
pr_public_lan_125_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
pr_public_lan_125_malbad tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
in_public_lan_125_dns_s1 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_125_icmp_s2 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_125_http_s3 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_125_ftp_s4 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_125_all_c5 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_125_irc_c6 0 -- 0.0.0.0/0 0.0.0.0/0
in_public_lan_125_ftp_c7 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `''IN-public_lan_125':'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain in_public_lan_125_all_c5 (1 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
Chain in_public_lan_125_dns_s1 (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW,ESTABLISHED
Chain in_public_lan_125_ftp_c7 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:32768:61000 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20 dpts:32768:61000 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpts:32768:61000 state ESTABLISHED
Chain in_public_lan_125_ftp_s4 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:21 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:20 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpts:32768:61000 state RELATED,ESTABLISHED
Chain in_public_lan_125_http_s3 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1000:65535 dpt:80 state NEW,ESTABLISHED
Chain in_public_lan_125_icmp_s2 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
Chain in_public_lan_125_irc_c6 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:6667 dpts:32768:61000 state ESTABLISHED
Chain out_lan (1 references)
target prot opt source destination
out_lan_dns_s1 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan_http_s2 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan_https_s3 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan_ssh_s4 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan_icmp_s5 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan_ftp_s6 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan_all_c7 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan_irc_c8 0 -- 0.0.0.0/0 0.0.0.0/0
out_lan_ftp_c9 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `''OUT-lan':'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain out_lan_all_c7 (1 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
Chain out_lan_dns_s1 (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 state NEW,ESTABLISHED
Chain out_lan_ftp_c9 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:21 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:20 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpts:1000:65535 state RELATED,ESTABLISHED
Chain out_lan_ftp_s6 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:1000:65535 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20 dpts:1000:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpts:1000:65535 state ESTABLISHED
Chain out_lan_http_s2 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 dpts:1000:65535 state ESTABLISHED
Chain out_lan_https_s3 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:443 dpts:1000:65535 state ESTABLISHED
Chain out_lan_icmp_s5 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
Chain out_lan_irc_c8 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:6667 state NEW,ESTABLISHED
Chain out_lan_ssh_s4 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 dpts:1000:65535 state ESTABLISHED
Chain out_public_lan_124 (1 references)
target prot opt source destination
out_public_lan_124_dns_s1 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_icmp_s2 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_http_s3 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_ftp_s4 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_all_c5 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_irc_c6 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_124_ftp_c7 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `''OUT-public_lan_124':'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain out_public_lan_124_all_c5 (1 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
Chain out_public_lan_124_dns_s1 (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 state NEW,ESTABLISHED
Chain out_public_lan_124_ftp_c7 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:21 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:20 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpts:1000:65535 state RELATED,ESTABLISHED
Chain out_public_lan_124_ftp_s4 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:1000:65535 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20 dpts:1000:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpts:1000:65535 state ESTABLISHED
Chain out_public_lan_124_http_s3 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 dpts:1000:65535 state ESTABLISHED
Chain out_public_lan_124_icmp_s2 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
Chain out_public_lan_124_irc_c6 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:6667 state NEW,ESTABLISHED
Chain out_public_lan_125 (1 references)
target prot opt source destination
out_public_lan_125_dns_s1 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_125_icmp_s2 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_125_http_s3 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_125_ftp_s4 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_125_all_c5 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_125_irc_c6 0 -- 0.0.0.0/0 0.0.0.0/0
out_public_lan_125_ftp_c7 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `''OUT-public_lan_125':'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain out_public_lan_125_all_c5 (1 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
Chain out_public_lan_125_dns_s1 (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 state NEW,ESTABLISHED
Chain out_public_lan_125_ftp_c7 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:21 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:20 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpts:1000:65535 state RELATED,ESTABLISHED
Chain out_public_lan_125_ftp_s4 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:1000:65535 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20 dpts:1000:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpts:1000:65535 state ESTABLISHED
Chain out_public_lan_125_http_s3 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 dpts:1000:65535 state ESTABLISHED
Chain out_public_lan_125_icmp_s2 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
Chain out_public_lan_125_irc_c6 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:61000 dpt:6667 state NEW,ESTABLISHED
Chain pr_lan_fragments (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'PACKET FRAGMENTS:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_lan_icmpflood (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 50
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'ICMP FLOOD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_lan_malbad (4 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED BAD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_lan_malnull (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED NULL:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_lan_malxmas (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED XMAS:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_lan_nosyn (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'NEW TCP w/o SYN:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_lan_synflood (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 50
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'SYN FLOOD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_124_fragments (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'PACKET FRAGMENTS:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_124_icmpflood (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 50
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'ICMP FLOOD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_124_malbad (4 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED BAD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_124_malnull (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED NULL:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_124_malxmas (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED XMAS:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_124_nosyn (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'NEW TCP w/o SYN:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_124_synflood (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 50
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'SYN FLOOD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_125_fragments (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'PACKET FRAGMENTS:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_125_icmpflood (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 50
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'ICMP FLOOD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_125_malbad (4 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED BAD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_125_malnull (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED NULL:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_125_malxmas (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'MALFORMED XMAS:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_125_nosyn (1 references)
target prot opt source destination
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'NEW TCP w/o SYN:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain pr_public_lan_125_synflood (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 50
ULOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `'SYN FLOOD:'' queue_threshold 1
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Reply to: