Okay -- then I'm going to have to learn something about your
configuration to make any progress with your issues. The output of
'shorewall dump' as an attachment is best.
See attached.
Shorewall 4.4.13-Beta5 Dump at zieg.sam.home-net - Wed Sep 15 01:03:03 BST 2010
Counters reset Wed Sep 15 01:02:48 BST 2010
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 net2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 lo_fwd all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain Reject (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113 /* Auth */
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11 /* Needed ICMP types */
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain blackout (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
match-set blacklist_chinese_banned dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
match-set blacklist_eu_banned dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
match-set blacklist_za_banned dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
match-set blacklist_misc_banned dst
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain eth0_fwd (0 references)
pkts bytes target prot opt in out source destination
0 0 blackout all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 reject all -- * * 0.0.0.0/0
212.219.56.128/26
0 0 reject all -- * * 0.0.0.0/0
130.59.0.0/16
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
match-set blacklist_chinese_banned dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
match-set blacklist_eu_banned dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
match-set blacklist_za_banned dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
match-set blacklist_misc_banned dst
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain lo_fwd (1 references)
pkts bytes target prot opt in out source destination
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix `Shorewall:logflags:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (2 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcin all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
0 0 SECMARK tcp -- * * 212.12.176.12 0.0.0.0/0
ctstate NEW tcp spt:22 SECMARK selctx
system_u:object_r:sshd_packet_t:s0
0 0 CONNSECMARK all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate NEW CONNSECMARK save
0 0 CONNSECMARK all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED CONNSECMARK restore
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
0 0 SECMARK tcp -- * * 0.0.0.0/0
212.12.176.12 ctstate NEW tcp dpt:22 owner UID match 0 /* test on ec2:ssh
*/ SECMARK selctx system_u:object_r:sshd_packet_t:s0
0 0 CONNSECMARK all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate NEW CONNSECMARK save
0 0 CONNSECMARK all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED CONNSECMARK restore
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (4 out of 65536)
ipv4 2 tcp 6 22 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=38783
dport=7634 packets=4 bytes=216 src=127.0.0.1 dst=127.0.0.1 sport=7634
dport=38783 packets=4 bytes=247 [ASSURED] mark=0 secmark=0 zone=0 use=2
ipv4 2 tcp 6 84 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=38784
dport=7634 packets=4 bytes=216 src=127.0.0.1 dst=127.0.0.1 sport=7634
dport=38784 packets=4 bytes=247 [ASSURED] mark=0 secmark=0 zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
inet 10.1.2.7/24 brd 10.1.2.255 scope global eth0
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
38926 672 0 0 0 0
TX: bytes packets errors dropped carrier collsns
38926 672 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 00:19:66:fb:79:2a brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
170859 609 0 0 0 0
TX: bytes packets errors dropped carrier collsns
80115 637 0 0 0 0
3: ifb0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN
qlen 32
link/ether 52:2e:54:da:ec:16 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
70 1 0 1 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
/proc
/proc/version = Linux version 2.6.34.6-54.zieg.sam.home-net.fc13.x86_64
([email protected]) (gcc version 4.4.4 20100630 (Red Hat 4.4.4-10) (GCC) )
#1 SMP Wed Sep 1 22:13:10 BST 2010
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/ifb0/proxy_arp = 0
/proc/sys/net/ipv4/conf/ifb0/arp_filter = 0
/proc/sys/net/ipv4/conf/ifb0/arp_ignore = 0
/proc/sys/net/ipv4/conf/ifb0/rp_filter = 1
/proc/sys/net/ipv4/conf/ifb0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.2.255 dev eth0 proto kernel scope link src 10.1.2.7
broadcast 10.1.2.0 dev eth0 proto kernel scope link src 10.1.2.7
local 10.1.2.7 dev eth0 proto kernel scope host src 10.1.2.7
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
10.1.2.0/24 dev eth0 proto kernel scope link src 10.1.2.7
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.1.2.1 dev eth0
ARP
? (10.1.2.1) at 00:02:b3:ef:5b:51 [ether] on eth0
? (10.1.2.4) at 00:08:9b:ad:08:47 [ether] on eth0
Modules
ip_set 13414 18
ipt_set,ipt_SET,ip_set_nethash,ip_set_iptreemap,ip_set_iptree,ip_set_ipporthash,ip_set_portmap,ip_set_macipmap,ip_set_ipmap,ip_set_iphash
ip_set_iphash 5196 0
ip_set_ipmap 3357 0
ip_set_ipporthash 5968 0
ip_set_iptree 4878 0
ip_set_iptreemap 7336 4
ip_set_macipmap 3452 0
ip_set_nethash 5931 0
ip_set_portmap 3402 0
iptable_mangle 1679 1
iptable_nat 4890 0
iptable_raw 1470 0
ipt_addrtype 1951 3
ipt_ah 1221 0
ipt_CLUSTERIP 6361 0
ipt_ecn 1417 0
ipt_ECN 1817 0
ipt_LOG 5387 6
ipt_MASQUERADE 2296 0
ipt_NETMAP 1742 0
ipt_REDIRECT 1718 0
ipt_set 1471 12
ipt_SET 1615 0
ipt_ULOG 10284 0
nf_conntrack_amanda 2836 1 nf_nat_amanda
nf_conntrack_ftp 11389 1 nf_nat_ftp
nf_conntrack_h323 61246 1 nf_nat_h323
nf_conntrack_ipv6 17856 0
nf_conntrack_irc 5166 1 nf_nat_irc
nf_conntrack_netbios_ns 1558 0
nf_conntrack_netlink 15768 0
nf_conntrack_pptp 10473 1 nf_nat_pptp
nf_conntrack_proto_gre 6212 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 10499 0
nf_conntrack_sane 5442 0
nf_conntrack_sip 20531 1 nf_nat_sip
nf_conntrack_tftp 4633 1 nf_nat_tftp
nf_nat 19999 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda 1171 0
nf_nat_ftp 2160 0
nf_nat_h323 8068 0
nf_nat_irc 1777 0
nf_nat_pptp 4275 0
nf_nat_proto_gre 2632 1 nf_nat_pptp
nf_nat_sip 5631 0
nf_nat_snmp_basic 7807 0
nf_nat_tftp 993 0
nf_tproxy_core 2251 1 xt_TPROXY,[permanent]
xt_CLASSIFY 1059 0
xt_comment 1040 19
xt_connlimit 3108 0
xt_connmark 1305 0
xt_CONNMARK 1449 0
xt_CONNSECMARK 1749 4
xt_dccp 2061 0
xt_dscp 1789 0
xt_DSCP 2189 0
xt_hashlimit 9141 0
xt_helper 1391 0
xt_IPMARK 1401 0
xt_ipp2p 6863 0
xt_iprange 2167 0
xt_length 1312 0
xt_limit 2076 0
xt_mac 1108 0
xt_mark 1047 0
xt_MARK 1047 1
xt_multiport 2514 4
xt_NFLOG 1169 0
xt_NFQUEUE 2307 0
xt_owner 1194 1
xt_physdev 1699 0
xt_pkttype 1120 0
xt_policy 2334 0
xt_realm 1050 0
xt_recent 8114 0
xt_SECMARK 1926 2
xt_tcpmss 1533 0
xt_time 1981 0
xt_TPROXY 2158 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Available
Time Match: Available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
Persistent SNAT: Available
TPROXY Target: Available
FLOW Classifier: Available
fwmark route mask: Available
Mark in any table: Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 127.0.0.1:7634 0.0.0.0:*
LISTEN 1955/hddtemp
tcp 0 0 10.1.2.7:45621 10.1.2.4:445 ESTABLISHED
2442/gvfsd-smb
tcp 0 0 127.0.0.1:7634 127.0.0.1:38784
TIME_WAIT -
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 80115 bytes 637 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device ifb0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 70 bytes 1 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device ifb0:
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
