Am 11.05.2018 um 00:03 schrieb Tom Eastep:
> Please forward the output of 'shorewall6 dump' taken when the problem is
> occurring.
in attachment you can find the dump after 15 seconds ping6 (file:
dump15.txt):
# ping6 -n 2a01:170:1150:4:a:a:a:a
PING 2a01:170:1150:4:a:a:a:a(2a01:170:1150:4:a:a:a:a) 56 data bytes
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=1 ttl=56 time=10534 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=2 ttl=56 time=9513 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=3 ttl=56 time=8490 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=4 ttl=56 time=7466 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=5 ttl=56 time=6443 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=6 ttl=56 time=5419 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=7 ttl=56 time=4395 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=8 ttl=56 time=3371 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=9 ttl=56 time=2347 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=10 ttl=56 time=1323 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=11 ttl=56 time=299 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=12 ttl=56 time=12.7 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=13 ttl=56 time=13.6 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=14 ttl=56 time=12.6 ms
64 bytes from 2a01:170:1150:4:a:a:a:a: icmp_seq=15 ttl=56 time=14.0 ms
Shorewall6 5.1.12.3 Dump at tribunus - Fr 11. Mai 00:49:23 CEST 2018
Shorewall 5.1.12.3
Shorewall6 is running
State:Started Mi 9. Mai 23:31:20 CEST 2018 from /etc/shorewall6/
(/var/lib/shorewall6/firewall compiled Mi 9. Mai 23:31:17 CEST 2018 by
Shorewall version 5.1.12.3)
Counters reset Mi 9. Mai 23:31:20 CEST 2018
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11474 773K int-fw all br0 * ::/0 ::/0
317 36224 dsl1-fw all eth1 * ::/0 ::/0
4607 312K cbl1-fw all eth2 * ::/0 ::/0
53 8904 ACCEPT all lo * ::/0 ::/0
0 0 Reject all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:INPUT:REJECT:"
0 0 reject all * * ::/0 ::/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
467K 62M int_frwd all br0 * ::/0 ::/0
0 0 dsl1_frwd all eth1 * ::/0 ::/0
269K 1486M cbl1_frwd all eth2 * ::/0 ::/0
0 0 Reject all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:FORWARD:REJECT:"
0 0 reject all * * ::/0 ::/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11829 830K fw-int all * br0 ::/0 ::/0
13 1080 fw-dsl1 all * eth1 ::/0 ::/0
2741 199K fw-cbl1 all * eth2 ::/0 ::/0
53 8904 ACCEPT all * lo ::/0 ::/0
0 0 Reject all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:OUTPUT:REJECT:"
0 0 reject all * * ::/0 ::/0
[goto]
Chain AllowICMPs (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 1 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 2 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 3 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 4 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 133 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 134 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 135 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 136 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 137 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 141 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 142 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0
ipv6-icmptype 130 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0
ipv6-icmptype 131 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0
ipv6-icmptype 132 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0
ipv6-icmptype 143 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 148 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 149 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0
ipv6-icmptype 151 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0
ipv6-icmptype 152 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0
ipv6-icmptype 153 /* Needed ICMP types (RFC4890) */
Chain Broadcast (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0
2a01:170:1150:4::
0 0 DROP all * * ::/0
2a01:170:1150:4:ffff:ffff:ffff:ff80/121
0 0 DROP all * * ::/0
2a02:8106:f:e04::
0 0 DROP all * * ::/0
2a02:8106:f:e04:ffff:ffff:ffff:ff80/121
Chain Multicast (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ff00::/8
Chain Reject (9 references)
pkts bytes target prot opt in out source destination
2179 141K all * * ::/0 ::/0
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
2179 141K Broadcast all * * ::/0 ::/0
2179 141K Multicast all * * ::/0 ::/0
1742 105K DROP all * * ::/0 ::/0
ctstate INVALID
0 0 reject udp * * ::/0 ::/0
[goto] multiport dports 135,445 /* SMB */
0 0 reject udp * * ::/0 ::/0
[goto] udp dpts:137:139 /* SMB */
0 0 reject udp * * ::/0 ::/0
[goto] udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp * * ::/0 ::/0
[goto] multiport dports 135,139,445 /* SMB */
0 0 DROP udp * * ::/0 ::/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp * * ::/0 ::/0
tcp flags:!0x17/0x02
0 0 DROP udp * * ::/0 ::/0
udp spt:53 /* Late DNS Replies */
Chain cbl1-dsl1 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp * * ::/0 ::/0
udp dpt:546
0 0 Reject all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:cbl1-dsl1:REJECT:"
0 0 reject all * * ::/0 ::/0
[goto]
Chain cbl1-fw (1 references)
pkts bytes target prot opt in out source destination
4520 304K dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
2177 140K tcpflags tcp * * ::/0 ::/0
87 8352 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
2341 162K ACCEPT icmpv6 * * ::/0 ::/0
0 0 ACCEPT udp * * ::/0 ::/0
udp dpt:546
2179 141K Reject all * * ::/0 ::/0
437 36258 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:cbl1-fw:REJECT:"
437 36258 reject all * * ::/0 ::/0
[goto]
Chain cbl1-int (1 references)
pkts bytes target prot opt in out source destination
269K 1486M ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp * * ::/0
fda:b4d:d34d:b33f:a:a:a:d tcp dpt:25
0 0 ACCEPT tcp * * ::/0
fda:b4d:d34d:b33f:a:a:a:aac tcp dpt:80 ctorigdstport 34080
0 0 ACCEPT udp * * ::/0 ::/0
udp dpt:546
0 0 Reject all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:cbl1-int:REJECT:"
0 0 reject all * * ::/0 ::/0
[goto]
Chain cbl1_frwd (1 references)
pkts bytes target prot opt in out source destination
64 4352 sfilter all * eth2 ::/0 ::/0
[goto]
0 0 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
256K 1482M tcpflags tcp * * ::/0 ::/0
269K 1486M cbl1-int all * br0 ::/0 ::/0
0 0 cbl1-dsl1 all * eth1 ::/0 ::/0
Chain dsl1-cbl1 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp * * ::/0 ::/0
udp dpt:546
0 0 Reject all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:dsl1-cbl1:REJECT:"
0 0 reject all * * ::/0 ::/0
[goto]
Chain dsl1-fw (1 references)
pkts bytes target prot opt in out source destination
241 28320 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
76 7904 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
241 28320 ACCEPT icmpv6 * * ::/0 ::/0
0 0 ACCEPT udp * * ::/0 ::/0
udp dpt:546
0 0 Reject all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:dsl1-fw:REJECT:"
0 0 reject all * * ::/0 ::/0
[goto]
Chain dsl1-int (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp * * ::/0
fda:b4d:d34d:b33f:a:a:a:d tcp dpt:25
0 0 ACCEPT tcp * * ::/0
fda:b4d:d34d:b33f:a:a:a:aac tcp dpt:80 ctorigdstport 34080
0 0 ACCEPT udp * * ::/0 ::/0
udp dpt:546
0 0 Reject all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:dsl1-int:REJECT:"
0 0 reject all * * ::/0 ::/0
[goto]
Chain dsl1_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all * eth1 ::/0 ::/0
[goto]
0 0 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
0 0 dsl1-int all * br0 ::/0 ::/0
0 0 dsl1-cbl1 all * eth2 ::/0 ::/0
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain fw-cbl1 (1 references)
pkts bytes target prot opt in out source destination
540 38220 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
2201 160K LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:fw-cbl1:ACCEPT:"
2201 160K ACCEPT all * * ::/0 ::/0
Chain fw-dsl1 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
13 1080 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:fw-dsl1:ACCEPT:"
13 1080 ACCEPT all * * ::/0 ::/0
Chain fw-int (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
11829 830K LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:fw-int:ACCEPT:"
11829 830K ACCEPT all * * ::/0 ::/0
Chain int-cbl1 (1 references)
pkts bytes target prot opt in out source destination
424K 58M ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
27181 2420K LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:int-cbl1:ACCEPT:"
27181 2420K ACCEPT all * * ::/0 ::/0
Chain int-dsl1 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:int-dsl1:ACCEPT:"
0 0 ACCEPT all * * ::/0 ::/0
Chain int-fw (1 references)
pkts bytes target prot opt in out source destination
11474 773K dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
11474 773K LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:int-fw:ACCEPT:"
11474 773K ACCEPT all * * ::/0 ::/0
Chain int_frwd (1 references)
pkts bytes target prot opt in out source destination
39154 3374K dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
439K 59M tcpflags tcp * * ::/0 ::/0
15497 1549K ACCEPT all * br0 ::/0 ::/0
0 0 int-dsl1 all * eth1 ::/0 ::/0
452K 60M int-cbl1 all * eth2 ::/0 ::/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0
LOG flags 4 level 6 prefix "Shorewal6:logflags:DROP:"
0 0 DROP all * * ::/0 ::/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all * * ::/0 ::/0
Chain reject (14 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0
2a01:170:1150:4::
0 0 DROP all * * ::/0
2a01:170:1150:4:ffff:ffff:ffff:ff80/121
0 0 DROP all * * ::/0
2a02:8106:f:e04::
0 0 DROP all * * ::/0
2a02:8106:f:e04:ffff:ffff:ffff:ff80/121
0 0 DROP all * * ff00::/8 ::/0
0 0 DROP 2 * * ::/0 ::/0
435 34780 REJECT tcp * * ::/0 ::/0
reject-with tcp-reset
2 1478 REJECT udp * * ::/0 ::/0
reject-with icmp6-port-unreachable
0 0 REJECT icmpv6 * * ::/0 ::/0
reject-with icmp6-addr-unreachable
0 0 REJECT all * * ::/0 ::/0
reject-with icmp6-adm-prohibited
Chain sfilter (2 references)
pkts bytes target prot opt in out source destination
64 4352 LOG all * * ::/0 ::/0
LOG flags 0 level 6 prefix "Shorewal6:sfilter:DROP:"
64 4352 DROP all * * ::/0 ::/0
Chain sha-lh-21a4408b360f66c98fb1 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-f8ecd7f722058e864038 (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all * * ::/0 ::/0
recent: SET name: %CURRENTTIME side: source mask:
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Chain tcpflags (6 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
May 7 15:36:50 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=ns1-vif0
SRC=fe80::216:3eff:feef:ceb3 DST=0fda:b4d:d34d:b33f:a:a:a:a LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:36:50 tribunus fw-int ACCEPT IN= OUT=br0
SRC=0fda:b4d:d34d:b33f:a:a:a:a DST=fe80::216:3eff:feef:ceb3 LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
May 7 15:36:50 tribunus fw-int ACCEPT IN= OUT=br0
SRC=fe80::329c:23ff:fe67:8577 DST=0fda:b4d:d34d:b33f:a:a:a:b LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:36:50 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=ns1-vif0
SRC=0fda:b4d:d34d:b33f:a:a:a:b DST=fe80::329c:23ff:fe67:8577 LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
May 7 15:36:55 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=ns1-vif0
SRC=fe80::216:3eff:feef:ceb3 DST=fe80::329c:23ff:fe67:8577 LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:36:55 tribunus fw-int ACCEPT IN= OUT=br0
SRC=fe80::329c:23ff:fe67:8577 DST=fe80::216:3eff:feef:ceb3 LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
May 7 15:36:55 tribunus fw-int ACCEPT IN= OUT=br0
SRC=fe80::329c:23ff:fe67:8577 DST=fe80::216:3eff:feef:ceb3 LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:36:55 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=ns1-vif0
SRC=fe80::216:3eff:feef:ceb3 DST=fe80::329c:23ff:fe67:8577 LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
May 7 15:36:56 tribunus fw-int ACCEPT IN= OUT=br0
SRC=fe80::329c:23ff:fe67:8577 DST=0fda:b4d:d34d:b33f:a:a:b:a LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:36:56 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=eth0
SRC=0fda:b4d:d34d:b33f:a:a:b:a DST=fe80::329c:23ff:fe67:8577 LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
May 7 15:37:1 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=eth0
SRC=fe80::73a8:7f55:540e:f74d DST=fe80::329c:23ff:fe67:8577 LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:37:1 tribunus fw-int ACCEPT IN= OUT=br0 SRC=fe80::329c:23ff:fe67:8577
DST=fe80::73a8:7f55:540e:f74d LEN=64 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6
TYPE=136 CODE=0
May 7 15:37:6 tribunus fw-int ACCEPT IN= OUT=br0 SRC=fe80::329c:23ff:fe67:8577
DST=fe80::73a8:7f55:540e:f74d LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6
TYPE=135 CODE=0
May 7 15:37:6 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=eth0
SRC=fe80::73a8:7f55:540e:f74d DST=fe80::329c:23ff:fe67:8577 LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
May 7 15:37:11 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=eth0
SRC=fe80::73a8:7f55:540e:f74d DST=0fda:b4d:d34d:b33f:a:a:a:a LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:37:11 tribunus fw-int ACCEPT IN= OUT=br0
SRC=0fda:b4d:d34d:b33f:a:a:a:a DST=fe80::73a8:7f55:540e:f74d LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
May 7 15:37:24 tribunus fw-int ACCEPT IN= OUT=br0
SRC=fe80::329c:23ff:fe67:8577 DST=0fda:b4d:d34d:b33f:a:a:b:a LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:37:24 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=eth0
SRC=0fda:b4d:d34d:b33f:a:a:b:a DST=fe80::329c:23ff:fe67:8577 LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
May 7 15:37:30 tribunus int-fw ACCEPT IN=br0 OUT= PHYSIN=eth0
SRC=fe80::73a8:7f55:540e:f74d DST=fe80::329c:23ff:fe67:8577 LEN=72 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
May 7 15:37:30 tribunus fw-int ACCEPT IN= OUT=br0
SRC=fe80::329c:23ff:fe67:8577 DST=fe80::73a8:7f55:540e:f74d LEN=64 TC=0
HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=136 CODE=0
NAT Table
Chain PREROUTING (policy ACCEPT 1 packets, 80 bytes)
pkts bytes target prot opt in out source destination
209 77799 dsl1_dnat all eth1 * ::/0 ::/0
624 84656 cbl1_dnat all eth2 * ::/0 ::/0
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth1_masq all * eth1 ::/0 ::/0
25993 2330K eth2_masq all * eth2 ::/0 ::/0
Chain cbl1_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp * * ::/0 ::/0
tcp dpt:25 to:fda:b4d:d34d:b33f:a:a:a:d
0 0 DNAT tcp * * ::/0 ::/0
tcp dpt:34080 to:[fda:b4d:d34d:b33f:a:a:a:aac]:80
Chain dsl1_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp * * ::/0 ::/0
tcp dpt:25 to:fda:b4d:d34d:b33f:a:a:a:d
0 0 DNAT tcp * * ::/0 ::/0
tcp dpt:34080 to:[fda:b4d:d34d:b33f:a:a:a:aac]:80
Chain eth1_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 SNAT all * * fda:b4d:d34d:b33f::/64 ::/0
to:2a01:170:1150:4:a:a:a:a
0 0 SNAT all * * 2a02:8106:f:e04:a:a:a:a ::/0
to:2a01:170:1150:4:a:a:a:a
Chain eth2_masq (1 references)
pkts bytes target prot opt in out source destination
25471 2296K SNAT all * * fda:b4d:d34d:b33f::/64 ::/0
to:2a02:8106:f:e04:a:a:a:a
0 0 SNAT all * * 2a01:170:1150:4:a:a:a:a ::/0
to:2a02:8106:f:e04:a:a:a:a
Mangle Table
Chain PREROUTING (policy ACCEPT 54 packets, 7325 bytes)
pkts bytes target prot opt in out source destination
750K 1549M CONNMARK all * * ::/0 ::/0
CONNMARK restore mask 0xff00
474 109K routemark all eth1 * ::/0 ::/0
mark match 0x0/0xff00
30136 5538K routemark all eth2 * ::/0 ::/0
mark match 0x0/0xff00
550 117K tcpre all eth1 * ::/0 ::/0
274K 1486M tcpre all eth2 * ::/0 ::/0
51706 4523K tcpre all * * ::/0 ::/0
mark match 0x0/0xff00
Chain INPUT (policy ACCEPT 1 packets, 104 bytes)
pkts bytes target prot opt in out source destination
16451 1130K tcin all * * ::/0 ::/0
Chain FORWARD (policy ACCEPT 53 packets, 7221 bytes)
pkts bytes target prot opt in out source destination
736K 1548M MARK all * * ::/0 ::/0
MARK and 0xffff00ff
736K 1548M tcfor all * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 1 packets, 104 bytes)
pkts bytes target prot opt in out source destination
14636 1038K CONNMARK all * * ::/0 ::/0
CONNMARK restore mask 0xff00
14096 1000K tcout all * * ::/0 ::/0
mark match 0x0/0xff00
Chain POSTROUTING (policy ACCEPT 54 packets, 7325 bytes)
pkts bytes target prot opt in out source destination
751K 1549M tcpost all * * ::/0 ::/0
Chain routemark (2 references)
pkts bytes target prot opt in out source destination
474 109K MARK all eth1 * ::/0 ::/0
MARK xset 0x100/0xff00
30136 5538K MARK all eth2 * ::/0 ::/0
MARK xset 0x200/0xff00
30610 5647K CONNMARK all * * ::/0 ::/0
mark match ! 0x0/0xff00 CONNMARK save mask 0xff00
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (3 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 48 packets, 6742 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp * * ::/0 ::/0
udp dpt:10080 CT helper amanda
0 0 CT tcp * * ::/0 ::/0
tcp dpt:21 flags:0x17/0x02 CT helper ftp
0 0 CT udp * * ::/0 ::/0
udp dpt:1719 CT helper RAS
0 0 CT tcp * * ::/0 ::/0
tcp dpt:1720 flags:0x17/0x02 CT helper Q.931
0 0 CT tcp * * ::/0 ::/0
tcp dpt:6566 flags:0x17/0x02 CT helper sane
0 0 CT udp * * ::/0 ::/0
udp dpt:5060 CT helper sip
0 0 CT udp * * ::/0 ::/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 1 packets, 104 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp * * ::/0 ::/0
udp dpt:10080 CT helper amanda
0 0 CT tcp * * ::/0 ::/0
tcp dpt:21 flags:0x17/0x02 CT helper ftp
0 0 CT udp * * ::/0 ::/0
udp dpt:1719 CT helper RAS
0 0 CT tcp * * ::/0 ::/0
tcp dpt:1720 flags:0x17/0x02 CT helper Q.931
0 0 CT tcp * * ::/0 ::/0
tcp dpt:6566 flags:0x17/0x02 CT helper sane
0 0 CT udp * * ::/0 ::/0
udp dpt:5060 CT helper sip
0 0 CT udp * * ::/0 ::/0
udp dpt:69 CT helper tftp
Conntrack Table (737 out of 65536)
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0668:001f:0011:0000:0000:0000:0106 sport=57222 dport=53
src=2001:0668:001f:0011:0000:0000:0000:0106
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=57222 mark=512
zone=0 use=2
ipv6 10 udp 17 9 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2600:1480:b000:0000:0000:0000:0000:0043 sport=37555 dport=53
src=2600:1480:b000:0000:0000:0000:0000:0043
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=37555 mark=512
zone=0 use=2
ipv6 10 udp 17 9 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2600:1401:0002:0000:0000:0000:0000:00f0 sport=22310 dport=53
src=2600:1401:0002:0000:0000:0000:0000:00f0
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=22310 mark=512
zone=0 use=2
ipv6 10 tcp 6 406968 ESTABLISHED
src=0fda:0b4d:d34d:b33f:1c4f:bef2:51f2:3109
dst=2a00:1450:4013:0c01:0000:0000:0000:00bc sport=47630 dport=5228
src=2a00:1450:4013:0c01:0000:0000:0000:00bc
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=5228 dport=47630 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0668:001f:0011:0000:0000:0000:0106 sport=52497 dport=53
src=2001:0668:001f:0011:0000:0000:0000:0106
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=52497 mark=512
zone=0 use=2
ipv6 10 tcp 6 19 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35914 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35914 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 431985 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a00:1450:4005:0800:0000:0000:0000:200a sport=40872 dport=443
src=2a00:1450:4005:0800:0000:0000:0000:200a
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=40872 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 93 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35964 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35964 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 431998 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a00:1450:4013:0c04:0000:0000:0000:006c sport=50670 dport=993
src=2a00:1450:4013:0c04:0000:0000:0000:006c
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=993 dport=50670 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 24 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2600:9000:5307:b400:0000:0000:0000:0001 sport=41097 dport=53
src=2600:9000:5307:b400:0000:0000:0000:0001
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=41097 mark=512
zone=0 use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2003:0008:0014:0000:0000:0000:0000:0053 sport=9071 dport=53
src=2003:0008:0014:0000:0000:0000:0000:0053
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=9071 mark=512 zone=0
use=2
ipv6 10 tcp 6 72 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35952 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35952 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 24 src=0fda:0b4d:d34d:b33f:1c4f:bef2:51f2:3109
dst=0fda:0b4d:d34d:b33f:000a:000a:000a:000b sport=5480 dport=53
src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=0fda:0b4d:d34d:b33f:1c4f:bef2:51f2:3109 sport=53 dport=5480 mark=0 zone=0
use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0668:001f:0011:0000:0000:0000:0106 sport=19096 dport=53
src=2001:0668:001f:0011:0000:0000:0000:0106
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=19096 mark=512
zone=0 use=2
ipv6 10 tcp 6 51 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35938 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35938 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 431998 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a00:1450:4013:0c04:0000:0000:0000:006c sport=50720 dport=993
src=2a00:1450:4013:0c04:0000:0000:0000:006c
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=993 dport=50720 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 59 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:0120:9401:0002:0007:ffff:0002 sport=59564 dport=443
src=2a01:04f8:0120:9401:0002:0007:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=59564 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 431999 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35982 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35982 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 119 TIME_WAIT
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:0120:9401:0002:0007:ffff:0002 sport=59600 dport=443
src=2a01:04f8:0120:9401:0002:0007:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=59600 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 41 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35928 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35928 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 392189 ESTABLISHED
src=0fda:0b4d:d34d:b33f:1c4f:bef2:51f2:3109
dst=2607:f8b0:400d:0c0e:0000:0000:0000:00bc sport=44436 dport=5228
src=2607:f8b0:400d:0c0e:0000:0000:0000:00bc
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=5228 dport=44436 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 431923 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a00:1450:4013:0c01:0000:0000:0000:006d sport=42194 dport=993
src=2a00:1450:4013:0c01:0000:0000:0000:006d
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=993 dport=42194 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0668:001f:0011:0000:0000:0000:0106 sport=31547 dport=53
src=2001:0668:001f:0011:0000:0000:0000:0106
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=31547 mark=512
zone=0 use=2
ipv6 10 tcp 6 35 SYN_SENT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:6161:0002:ffff:ffff:0002 sport=42454 dport=22222 [UNREPLIED]
src=2a01:04f8:00a0:6161:0002:ffff:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=22222 dport=42454 mark=0
zone=0 use=2
ipv6 10 tcp 6 104 TIME_WAIT
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35968 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35968 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 15 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2a01:04f8:0110:43a2:0002:0005:ffff:0002 sport=36781 dport=53
src=2a01:04f8:0110:43a2:0002:0005:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=36781 mark=512
zone=0 use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0668:001f:0011:0000:0000:0000:0106 sport=46885 dport=53
src=2001:0668:001f:0011:0000:0000:0000:0106
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=46885 mark=512
zone=0 use=2
ipv6 10 udp 17 9 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2600:1480:b000:0000:0000:0000:0000:0043 sport=27335 dport=53
src=2600:1480:b000:0000:0000:0000:0000:0043
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=27335 mark=512
zone=0 use=2
ipv6 10 tcp 6 42 SYN_SENT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:6161:0002:ffff:ffff:0002 sport=60174 dport=22 [UNREPLIED]
src=2a01:04f8:00a0:6161:0002:ffff:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=22 dport=60174 mark=0 zone=0
use=2
ipv6 10 tcp 6 431514 ESTABLISHED
src=0fda:0b4d:d34d:b33f:1c4f:bef2:51f2:3109
dst=2a00:1450:4013:0c01:0000:0000:0000:00bc sport=47782 dport=5228
src=2a00:1450:4013:0c01:0000:0000:0000:00bc
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=5228 dport=47782 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 431893 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a00:1450:4013:0c04:0000:0000:0000:006c sport=50702 dport=993
src=2a00:1450:4013:0c04:0000:0000:0000:006c
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=993 dport=50702 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:067c:1011:0001:0000:0000:0000:0053 sport=25943 dport=53
src=2001:067c:1011:0001:0000:0000:0000:0053
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=25943 mark=512
zone=0 use=2
ipv6 10 udp 17 24 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2600:9000:5301:7800:0000:0000:0000:0001 sport=15222 dport=53
src=2600:9000:5301:7800:0000:0000:0000:0001
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=15222 mark=512
zone=0 use=2
ipv6 10 tcp 6 61 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35946 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35946 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 29 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:0120:9401:0002:0007:ffff:0002 sport=59540 dport=443
src=2a01:04f8:0120:9401:0002:0007:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=59540 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 9 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2600:9000:5302:6600:0000:0000:0000:0001 sport=45983 dport=53
src=2600:9000:5302:6600:0000:0000:0000:0001
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=45983 mark=512
zone=0 use=2
ipv6 10 tcp 6 431983 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a03:2880:f02d:0012:face:b00c:0000:0003 sport=47336 dport=443
src=2a03:2880:f02d:0012:face:b00c:0000:0003
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=47336 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 73 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35954 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35954 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 431950 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a03:2880:f130:0083:face:b00c:0000:25de sport=54928 dport=443
src=2a03:2880:f130:0083:face:b00c:0000:25de
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=54928 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 114 TIME_WAIT
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35976 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35976 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 86 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35958 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35958 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 39 SYN_SENT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:6161:0002:ffff:ffff:0002 sport=60170 dport=22 [UNREPLIED]
src=2a01:04f8:00a0:6161:0002:ffff:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=22 dport=60170 mark=0 zone=0
use=2
ipv6 10 udp 17 24 src=0fda:0b4d:d34d:b33f:1c4f:bef2:51f2:3109
dst=0fda:0b4d:d34d:b33f:000a:000a:000a:000b sport=3383 dport=53
src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=0fda:0b4d:d34d:b33f:1c4f:bef2:51f2:3109 sport=53 dport=3383 mark=0 zone=0
use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0678:0002:0000:0000:0000:0000:0053 sport=41116 dport=53
src=2001:0678:0002:0000:0000:0000:0000:0053
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=41116 mark=512
zone=0 use=2
ipv6 10 tcp 6 431988 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2620:0000:0862:ed1a:0000:0000:0002:000b sport=54646 dport=443
src=2620:0000:0862:ed1a:0000:0000:0002:000b
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=54646 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 13 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35910 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35910 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 431999 ESTABLISHED
src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a00:1450:4013:0c04:0000:0000:0000:006c sport=50800 dport=993
src=2a00:1450:4013:0c04:0000:0000:0000:006c
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=993 dport=50800 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 icmpv6 58 29 src=2a01:04f8:00a0:6161:0000:0000:0000:0002
dst=2a01:0170:1150:0004:000a:000a:000a:000a type=128 code=0 id=20232
src=2a01:0170:1150:0004:000a:000a:000a:000a
dst=2a01:04f8:00a0:6161:0000:0000:0000:0002 type=129 code=0 id=20232 mark=256
zone=0 use=2
ipv6 10 tcp 6 89 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:0120:9401:0002:0007:ffff:0002 sport=59582 dport=443
src=2a01:04f8:0120:9401:0002:0007:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=59582 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 tcp 6 30 TIME_WAIT src=0fda:0b4d:d34d:b33f:000a:000a:000b:000a
dst=2a01:04f8:00a0:1303:0002:0002:ffff:0002 sport=35918 dport=443
src=2a01:04f8:00a0:1303:0002:0002:ffff:0002
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=443 dport=35918 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0668:001f:0011:0000:0000:0000:0105 sport=57553 dport=53
src=2001:0668:001f:0011:0000:0000:0000:0105
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=57553 mark=512
zone=0 use=2
ipv6 10 udp 17 6 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0668:001f:0011:0000:0000:0000:0106 sport=54350 dport=53
src=2001:0668:001f:0011:0000:0000:0000:0106
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=54350 mark=512
zone=0 use=2
ipv6 10 tcp 6 390917 ESTABLISHED
src=0fda:0b4d:d34d:b33f:1c4f:bef2:51f2:3109
dst=2a00:1450:4013:0c01:0000:0000:0000:00bc sport=48767 dport=5228
src=2a00:1450:4013:0c01:0000:0000:0000:00bc
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=5228 dport=48767 [ASSURED]
mark=512 zone=0 use=2
ipv6 10 udp 17 5 src=0fda:0b4d:d34d:b33f:000a:000a:000a:000b
dst=2001:0668:001f:0011:0000:0000:0000:0106 sport=54338 dport=53
src=2001:0668:001f:0011:0000:0000:0000:0106
dst=2a02:8106:000f:0e04:000a:000a:000a:000a sport=53 dport=54338 mark=512
zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2a01:170:1150:4:a:a:a:a/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f6f2:6dff:fe06:182c/64 scope link
valid_lft forever preferred_lft forever
3: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2a02:8106:f:e04:a:a:a:a/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f6f2:6dff:fe06:589f/64 scope link
valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fda:b4d:d34d:b33f:a:a:a:a/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::329c:23ff:fe67:8577/64 scope link
valid_lft forever preferred_lft forever
6: ns1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
7: sip1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
8: mx1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
9: mon1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
10: misc1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
11: cppws1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
23732 168 0 0 0 0
TX: bytes packets errors dropped carrier collsns
23732 168 0 0 0 0
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether f4:f2:6d:06:18:2c brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
358042904 1293512 0 57876 0 6857
TX: bytes packets errors dropped carrier collsns
85809354 957891 0 0 0 0
3: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether f4:f2:6d:06:58:9f brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
10914924868 9127158 0 130 0 8110
TX: bytes packets errors dropped carrier collsns
2268969582 4050740 0 0 0 0
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0
state UP mode DEFAULT group default qlen 1000
link/ether 30:9c:23:67:85:77 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
477514054305 389931120 0 2401 0 20242
TX: bytes packets errors dropped carrier collsns
593556382742 501873123 0 0 0 0
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode
DEFAULT group default qlen 1000
link/ether 30:9c:23:67:85:77 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
99485145771 35294060 0 1066 0 0
TX: bytes packets errors dropped carrier collsns
108396048037 34527037 0 0 0 0
6: ns1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0
state UP mode DEFAULT group default qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
60792469 751837 0 0 0 0
TX: bytes packets errors dropped carrier collsns
75231786 784162 0 0 0 0
7: sip1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0
state UP mode DEFAULT group default qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
86280312 419484 0 0 0 0
TX: bytes packets errors dropped carrier collsns
98722484 461991 0 0 0 0
8: mx1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0
state UP mode DEFAULT group default qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
78485565 147314 0 0 0 0
TX: bytes packets errors dropped carrier collsns
27554719 170829 0 0 0 0
9: mon1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0
state UP mode DEFAULT group default qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
31962818 437303 0 0 0 0
TX: bytes packets errors dropped carrier collsns
46081641 476044 0 0 0 0
10: misc1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0
state UP mode DEFAULT group default qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
2842989663 51742181 0 0 0 0
TX: bytes packets errors dropped carrier collsns
231773346027 60883173 0 0 0 0
11: cppws1-vif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0
state UP mode DEFAULT group default qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
556565940679 98407698 0 0 0 0
TX: bytes packets errors dropped carrier collsns
231791568204 121868399 0 0 0 0
Bridges
bridge name bridge id STP enabled interfaces
br0 8000.309c23678577 no cppws1-vif0
eth0
misc1-vif0
mon1-vif0
mx1-vif0
ns1-vif0
sip1-vif0
Routing Rules
0: from all lookup local
999: from all lookup main
1000: from all to fda:b4d:d34d:b33f::/64 lookup main
10000: from all fwmark 0x100/0xff00 lookup 1
10001: from all fwmark 0x200/0xff00 lookup 2
11000: from all iif lo lookup 2
11500: from all to 2001:4860:4860::8888 iif br0 lookup 1
11500: from all to 2001:4860:4860::8844 iif br0 lookup 2
11999: from all iif br0 lookup 2
19000: from all iif eth1 lookup 1
19000: from all iif eth2 lookup 2
20000: from 2a01:170:1150:4:a:a:a:a lookup 1
20000: from 2a02:8106:f:e04:a:a:a:a lookup 2
32765: from all lookup balance
32767: from all lookup default
Table 1:
fe80::e228:6dff:fe68:f913 dev eth1 src 2a01:170:1150:4:a:a:a:a metric 1024 pref
medium
default via fe80::e228:6dff:fe68:f913 dev eth1 src 2a01:170:1150:4:a:a:a:a
metric 1024 pref medium
Table 2:
fe80::e228:6dff:fe44:3e61 dev eth2 src 2a02:8106:f:e04:a:a:a:a metric 1024 pref
medium
default via fe80::e228:6dff:fe44:3e61 dev eth2 src 2a02:8106:f:e04:a:a:a:a
metric 1024 pref medium
Table balance:
default via fe80::e228:6dff:fe68:f913 dev eth1 metric 1024 pref medium
default via fe80::e228:6dff:fe44:3e61 dev eth2 metric 1024 pref medium
Table default:
Table local:
local fe80::fcff:ffff:feff:ffff dev lo proto none metric 0 pref medium
local fe80::fcff:ffff:feff:ffff dev lo proto none metric 0 pref medium
local fe80::fcff:ffff:feff:ffff dev lo proto none metric 0 pref medium
local fe80::fcff:ffff:feff:ffff dev lo proto none metric 0 pref medium
local fe80::fcff:ffff:feff:ffff dev lo proto none metric 0 pref medium
local fe80::fcff:ffff:feff:ffff dev lo proto none metric 0 pref medium
local fe80::f6f2:6dff:fe06:589f dev lo proto none metric 0 pref medium
local fe80::f6f2:6dff:fe06:182c dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80::329c:23ff:fe67:8577 dev lo proto none metric 0 pref medium
local fda:b4d:d34d:b33f:: dev lo proto none metric 0 pref medium
local fda:b4d:d34d:b33f:a:a:a:a dev lo proto none metric 0 pref medium
local 2a02:8106:f:e04:: dev lo proto none metric 0 pref medium
local 2a02:8106:f:e04:a:a:a:a dev lo proto none metric 0 pref medium
local 2a01:170:1150:4:: dev lo proto none metric 0 pref medium
local 2a01:170:1150:4:a:a:a:a dev lo proto none metric 0 pref medium
local ::1 dev lo proto none metric 0 pref medium
ff00::/8 dev sip1-vif0 metric 256 pref medium
ff00::/8 dev ns1-vif0 metric 256 pref medium
ff00::/8 dev mx1-vif0 metric 256 pref medium
ff00::/8 dev mon1-vif0 metric 256 pref medium
ff00::/8 dev misc1-vif0 metric 256 pref medium
ff00::/8 dev eth2 metric 256 pref medium
ff00::/8 dev eth1 metric 256 pref medium
ff00::/8 dev cppws1-vif0 metric 256 pref medium
ff00::/8 dev br0 metric 256 pref medium
Table main:
fe80::e228:6dff:fe68:f913 dev eth1 src 2a01:170:1150:4:a:a:a:a metric 1024 pref
medium
fe80::e228:6dff:fe44:3e61 dev eth2 src 2a02:8106:f:e04:a:a:a:a metric 1024 pref
medium
2a02:8106:f:e00:e228:6dff:fe44:3e61 dev eth2 metric 1024 pref medium
fe80::/64 dev sip1-vif0 proto kernel metric 256 pref medium
fe80::/64 dev ns1-vif0 proto kernel metric 256 pref medium
fe80::/64 dev mx1-vif0 proto kernel metric 256 pref medium
fe80::/64 dev mon1-vif0 proto kernel metric 256 pref medium
fe80::/64 dev misc1-vif0 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev cppws1-vif0 proto kernel metric 256 pref medium
fe80::/64 dev br0 proto kernel metric 256 pref medium
fda:b4d:d34d:b33f::/64 dev br0 proto kernel metric 256 pref medium
2a02:8106:f:e04::/64 dev eth2 proto kernel metric 256 pref medium
2a01:170:1150:4::/64 dev eth1 proto kernel metric 256 pref medium
NF Accounting
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 4.9.0-6-amd64 (debian-ker...@lists.debian.org)
(gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian
4.9.88-1+deb9u1 (2018-05-07)
/proc/sys/net/ipv6/conf/all/forwarding = 1
/proc/sys/net/ipv6/conf/all/proxy_ndp = 1
/proc/sys/net/ipv6/conf/br0/forwarding = 1
/proc/sys/net/ipv6/conf/br0/proxy_ndp = 1
/proc/sys/net/ipv6/conf/cppws1-vif0/forwarding = 1
/proc/sys/net/ipv6/conf/cppws1-vif0/proxy_ndp = 1
/proc/sys/net/ipv6/conf/default/forwarding = 1
/proc/sys/net/ipv6/conf/default/proxy_ndp = 1
/proc/sys/net/ipv6/conf/eth0/forwarding = 1
/proc/sys/net/ipv6/conf/eth0/proxy_ndp = 0
/proc/sys/net/ipv6/conf/eth1/forwarding = 1
/proc/sys/net/ipv6/conf/eth1/proxy_ndp = 0
/proc/sys/net/ipv6/conf/eth2/forwarding = 1
/proc/sys/net/ipv6/conf/eth2/proxy_ndp = 0
/proc/sys/net/ipv6/conf/lo/forwarding = 1
/proc/sys/net/ipv6/conf/lo/proxy_ndp = 0
/proc/sys/net/ipv6/conf/misc1-vif0/forwarding = 1
/proc/sys/net/ipv6/conf/misc1-vif0/proxy_ndp = 1
/proc/sys/net/ipv6/conf/mon1-vif0/forwarding = 1
/proc/sys/net/ipv6/conf/mon1-vif0/proxy_ndp = 1
/proc/sys/net/ipv6/conf/mx1-vif0/forwarding = 1
/proc/sys/net/ipv6/conf/mx1-vif0/proxy_ndp = 1
/proc/sys/net/ipv6/conf/ns1-vif0/forwarding = 1
/proc/sys/net/ipv6/conf/ns1-vif0/proxy_ndp = 1
/proc/sys/net/ipv6/conf/sip1-vif0/forwarding = 1
/proc/sys/net/ipv6/conf/sip1-vif0/proxy_ndp = 1
Neighbors
fe80::99e5:1cc3:3596:f01e dev br0 lladdr 44:8a:5b:8d:d1:a3 STALE
fda:b4d:d34d:b33f:1c4f:bef2:51f2:3109 dev br0 lladdr 94:65:2d:d3:85:f3 STALE
fe80::8ac9:d0ff:fec1:619b dev br0 lladdr 88:c9:d0:c1:61:9b STALE
fda:b4d:d34d:b33f:a:a:b:a dev br0 lladdr 30:9c:23:22:fc:c0 REACHABLE
fe80::e228:6dff:fe44:3e61 dev eth2 lladdr e0:28:6d:44:3e:61 router REACHABLE
fe80::74b1:836e:6a2a:d6f3 dev br0 lladdr 94:65:2d:d3:85:f3 STALE
fe80::216:3eff:feaf:d3e7 dev br0 lladdr 00:16:3e:af:d3:e7 STALE
fda:b4d:d34d:b33f:a:a:a:b dev br0 lladdr 00:16:3e:ef:ce:b3 REACHABLE
fda:b4d:d34d:b33f:a:a:a:d dev br0 lladdr 00:16:3e:ad:c3:b9 STALE
fe80::216:3eff:feec:d1a4 dev br0 lladdr 00:16:3e:ec:d1:a4 STALE
fe80::e228:6dff:fe68:f913 dev eth1 lladdr e0:28:6d:68:f9:13 router REACHABLE
fe80::216:3eff:feda:c4f7 dev br0 lladdr 00:16:3e:da:c4:f7 STALE
fda:b4d:d34d:b33f:9411:4d20:ffd3:ba0d dev br0 FAILED
fe80::73a8:7f55:540e:f74d dev br0 lladdr 30:9c:23:22:fc:c0 DELAY
fe80::216:3fff:fefe:a3c7 dev br0 lladdr 00:16:3f:fe:a3:c7 STALE
fe80::ba27:ebff:fecb:641a dev br0 lladdr b8:27:eb:9e:31:4f STALE
fe80::216:3eff:fead:c3b9 dev br0 lladdr 00:16:3e:ad:c3:b9 STALE
fda:b4d:d34d:b33f:a:a:a:aac dev br0 lladdr 00:16:3e:af:d3:e7 STALE
fe80::ba27:ebff:fecc:4278 dev br0 lladdr b8:27:eb:99:17:2d STALE
fe80::216:3eff:feef:ceb3 dev br0 lladdr 00:16:3e:ef:ce:b3 REACHABLE
2a02:8106:f:e00:e228:6dff:fe44:3e61 dev eth2 lladdr e0:28:6d:44:3e:61 router
STALE
Modules
ip6table_filter 16384 1
ip6table_mangle 16384 1
ip6table_nat 16384 1
ip6table_raw 16384 1
ip6_tables 28672 4
ip6table_mangle,ip6table_filter,ip6table_raw,ip6table_nat
ip6t_ipv6header 16384 0
ip6t_MASQUERADE 16384 0
ip6t_REJECT 16384 4
ip6t_rpfilter 16384 0
nf_conntrack 114688 34
nf_nat_pptp,nf_conntrack_sip,nf_conntrack_snmp,nf_conntrack_proto_sctp,nf_conntrack_irc,nf_nat_h323,nf_conntrack_ipv6,nf_conntrack_ftp,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_ipv4,nf_conntrack_tftp,nf_nat_irc,xt_connmark,nf_conntrack_pptp,nf_conntrack_amanda,xt_helper,nf_conntrack_broadcast,nf_nat_ftp,nf_conntrack_sane,nf_nat_masquerade_ipv6,nf_nat_amanda,xt_connlimit,nf_conntrack_netlink,nf_conntrack_proto_udplite,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_CT,nf_nat_ipv6,nf_conntrack_h323,xt_conntrack,nf_nat_ipv4,nf_nat_tftp,nf_nat
nf_conntrack_amanda 16384 5 nf_nat_amanda
nf_conntrack_broadcast 16384 2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp 20480 5 nf_nat_ftp
nf_conntrack_h323 77824 9 nf_nat_h323
nf_conntrack_ipv4 16384 59
nf_conntrack_ipv6 20480 39
nf_conntrack_irc 16384 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 36864 0
nf_conntrack_pptp 16384 3 nf_nat_pptp
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 24576 0
nf_conntrack_proto_udplite 16384 0
nf_conntrack_sane 16384 4
nf_conntrack_sip 28672 5 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 16384 5 nf_nat_tftp
nf_defrag_ipv4 16384 2 nf_conntrack_ipv4,xt_TPROXY
nf_defrag_ipv6 36864 2 nf_conntrack_ipv6,xt_TPROXY
nf_log_common 16384 2 nf_log_ipv6,nf_log_ipv4
nf_log_ipv4 16384 12
nf_log_ipv6 16384 17
nf_nat 24576 13
nf_nat_pptp,nf_nat_proto_gre,xt_nat,nf_nat_h323,nf_nat_sip,xt_NETMAP,nf_nat_irc,nf_nat_ftp,nf_nat_masquerade_ipv6,nf_nat_amanda,nf_nat_ipv6,nf_nat_ipv4,nf_nat_tftp
nf_nat_amanda 16384 0
nf_nat_ftp 16384 0
nf_nat_h323 20480 0
nf_nat_ipv4 16384 1 iptable_nat
nf_nat_ipv6 16384 1 ip6table_nat
nf_nat_irc 16384 0
nf_nat_masquerade_ipv6 16384 1 ip6t_MASQUERADE
nf_nat_pptp 16384 0
nf_nat_proto_gre 16384 1 nf_nat_pptp
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
nf_reject_ipv6 16384 1 ip6t_REJECT
x_tables 36864 48
xt_comment,xt_hashlimit,xt_LOG,xt_AUDIT,xt_multiport,ipt_REJECT,xt_pkttype,xt_owner,xt_nat,iptable_mangle,xt_statistic,ip_tables,ip6t_rpfilter,xt_time,iptable_filter,xt_length,xt_mark,xt_mac,xt_dscp,xt_tcpudp,iptable_raw,xt_tcpmss,xt_NETMAP,xt_connmark,ip6t_REJECT,ip6table_mangle,xt_TPROXY,xt_CHECKSUM,xt_recent,xt_NFQUEUE,xt_helper,ip6t_ipv6header,ip6table_filter,xt_connlimit,xt_addrtype,xt_policy,xt_DSCP,xt_iprange,xt_CT,ip6table_raw,xt_CLASSIFY,xt_physdev,ip6t_MASQUERADE,xt_conntrack,xt_nfacct,ip6_tables,xt_TCPMSS,xt_NFLOG
xt_addrtype 16384 5
xt_AUDIT 16384 0
xt_CHECKSUM 16384 0
xt_CLASSIFY 16384 0
xt_comment 16384 34
xt_connlimit 16384 0
xt_connmark 16384 6
xt_conntrack 16384 54
xt_CT 16384 36
xt_dscp 16384 0
xt_DSCP 16384 0
xt_hashlimit 20480 0
xt_helper 16384 0
xt_iprange 16384 0
xt_length 16384 0
xt_LOG 16384 29
xt_mac 16384 8
xt_mark 16384 19
xt_multiport 16384 4
xt_nat 16384 50
xt_NETMAP 16384 0
xt_nfacct 16384 0
xt_NFLOG 16384 0
xt_NFQUEUE 16384 0
xt_owner 16384 0
xt_physdev 16384 24
xt_pkttype 16384 0
xt_policy 16384 0
xt_recent 20480 2
xt_statistic 16384 0
xt_tcpmss 16384 0
xt_TCPMSS 16384 0
xt_tcpudp 16384 197
xt_time 16384 0
xt_TPROXY 20480 0
Shorewall6 has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Not available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Available
Basic Filter (BASIC_FILTER): Available
Capabilities Version (CAPVERSION): 50112
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
INPUT chain in nat table (NAT_INPUT_CHAIN): Available
ip6tables-restore --wait option (RESTORE_WAIT_OPTION): Not available
ip6tables -S (IPTABLES_S): Available
ip6tables --wait option (WAIT_OPTION): Available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match (IPSET_MATCH): Not available
ipset V5 (IPSET_V5): Not available
IRC-0 Helper: Not available
IRC Helper: Not available
Kernel Version (KERNELVERSION): 40900
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Not available
NETMAP Target (NETMAP_TARGET): Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Available
--nflog-size support (NFLOG_SIZE): Available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE CPU Fanout (CPU_FANOUT): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Not available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Not available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:Port
udp UNCONN 0 0 fe80::f6f2:6dff:fe06:182c%eth1:123
:::* users:(("ntpd",pid=1881,fd=24))
udp UNCONN 0 0 2a01:170:1150:4:a:a:a:a:123
:::* users:(("ntpd",pid=1881,fd=23))
udp UNCONN 0 0 fe80::fcff:ffff:feff:ffff%cppws1-vif0:123
:::* users:(("ntpd",pid=1881,fd=37))
udp UNCONN 0 0 fe80::fcff:ffff:feff:ffff%misc1-vif0:123
:::* users:(("ntpd",pid=1881,fd=36))
udp UNCONN 0 0 fe80::fcff:ffff:feff:ffff%mon1-vif0:123
:::* users:(("ntpd",pid=1881,fd=35))
udp UNCONN 0 0 fe80::fcff:ffff:feff:ffff%mx1-vif0:123
:::* users:(("ntpd",pid=1881,fd=34))
udp UNCONN 0 0 fe80::fcff:ffff:feff:ffff%sip1-vif0:123
:::* users:(("ntpd",pid=1881,fd=33))
udp UNCONN 0 0 fe80::fcff:ffff:feff:ffff%ns1-vif0:123
:::* users:(("ntpd",pid=1881,fd=32))
udp UNCONN 0 0 fe80::329c:23ff:fe67:8577%br0:123
:::* users:(("ntpd",pid=1881,fd=28))
udp UNCONN 0 0 fda:b4d:d34d:b33f:a:a:a:a:123
:::* users:(("ntpd",pid=1881,fd=27))
udp UNCONN 0 0 fe80::f6f2:6dff:fe06:589f%eth2:123
:::* users:(("ntpd",pid=1881,fd=26))
udp UNCONN 0 0 2a02:8106:f:e04:a:a:a:a:123
:::* users:(("ntpd",pid=1881,fd=25))
udp UNCONN 0 0 ::1:123 :::*
users:(("ntpd",pid=1881,fd=22))
udp UNCONN 0 0 :::123 :::*
users:(("ntpd",pid=1881,fd=16))
tcp LISTEN 0 20 ::1:25 :::*
users:(("exim4",pid=2095,fd=4))
tcp LISTEN 0 128 :::22222 :::*
users:(("sshd",pid=1668,fd=4))
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
