Shorewall 4.0.9 Dump at FW - Sun Mar 23 20:50:54 EDT 2008

   Shorewall-perl 4.0.9.1

Counters reset Sun Mar 23 20:46:19 EDT 2008

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1021 66626 eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    9  2594 eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
   11  2716 eth2_in    all  --  eth2   *       0.0.0.0/0            0.0.0.0/0           
    0     0 vif1.0_in  all  --  vif1.0 *       0.0.0.0/0            0.0.0.0/0           
 2775  227K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    6   366 eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth2_fwd   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0           
    0     0 vif1.0_fwd  all  --  vif1.0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1172  164K eth0_out   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 eth1_out   all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 eth2_out   all  --  *      eth2    0.0.0.0/0            0.0.0.0/0           
    0     0 vif1.0_out  all  --  *      vif1.0  0.0.0.0/0            0.0.0.0/0           
 2775  227K fw2fw      all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain Drop (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 
    7  2117 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
    0     0 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 
    0     0 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 

Chain Reject (13 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 
   20  5310 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
    2   122 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 
    0     0 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 

Chain all2dmz (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2dmz:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain all2fw (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2fw:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain all2loc (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2loc:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain all2net (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2net:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dmz2all (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:dmz2all:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dmz2fw (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
   11  2716 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    2   122 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:dmz2fw:REJECT:' 
    2   122 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dmz2loc (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:dmz2loc:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dmz2net (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dropBcast (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   25  7305 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type BROADCAST 
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4         

Chain dropInvalid (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 

Chain dropNotSyn (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 

Chain dynamic (8 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    0     0 norfc1918  all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
    0     0 net2loc    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 net2dmz    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0           
    0     0 net2dmz    all  --  *      vif1.0  0.0.0.0/0            0.0.0.0/0           

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    9  2594 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    9  2594 norfc1918  all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
 1019 66149 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth0_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1172  164K fw2net     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    6   366 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    6   366 loc2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 loc2dmz    all  --  *      eth2    0.0.0.0/0            0.0.0.0/0           
    0     0 loc2dmz    all  --  *      vif1.0  0.0.0.0/0            0.0.0.0/0           

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    9  2594 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    9  2594 loc2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 fw2loc     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth2_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    0     0 dmz2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 dmz2loc    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      vif1.0  0.0.0.0/0            0.0.0.0/0           

Chain eth2_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   11  2716 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
   11  2716 dmz2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth2_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 fw2dmz     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2all (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:fw2all:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2dmz (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2775  227K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1172  164K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc2all (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:loc2all:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc2dmz (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    9  2594 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:loc2fw:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    6   366 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2dmz (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2dmz:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1012 64032 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    7  2117 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2loc:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain norfc1918 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 rfc1918    all  --  *      *       172.16.0.0/12        0.0.0.0/0           
    0     0 rfc1918    all  --  *      *       192.168.0.0/16       0.0.0.0/0           
    2   477 rfc1918    all  --  *      *       10.0.0.0/8           0.0.0.0/0           
    7  2117 rfc1918d   all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain reject (21 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match src-type BROADCAST 
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    2   122 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain rfc1918 (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   477 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:' 
    2   477 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain rfc1918d (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 rfc1918    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 172.16.0.0/12 
    0     0 rfc1918    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 192.168.0.0/16 
    0     0 rfc1918    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctorigdst 10.0.0.0/8 

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain smurfs (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0              0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match src-type BROADCAST LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match src-type BROADCAST 
    0     0 LOG        all  --  *      *       224.0.0.0/4          0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           

Chain vif1.0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    0     0 dmz2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 dmz2loc    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      eth2    0.0.0.0/0            0.0.0.0/0           

Chain vif1.0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
    0     0 dmz2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain vif1.0_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 fw2dmz     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Log (/var/log/firewall)


NAT Table

Chain PREROUTING (policy ACCEPT 32 packets, 8087 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 3 packets, 183 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Mangle Table

Chain PREROUTING (policy ACCEPT 3822 packets, 300K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3822  300K tcpre      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 3816 packets, 299K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 6 packets, 366 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   366 tcfor      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 3947 packets, 391K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3947  391K tcout      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 3953 packets, 391K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3953  391K tcpost     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcfor (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpre (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Conntrack Table

tcp      6 431436 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=41167 dport=6009 packets=51 bytes=118224 src=127.0.0.1 dst=127.0.0.1 sport=6009 dport=41167 packets=48 bytes=5992 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431505 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=42692 dport=22 packets=23 bytes=2904 src=127.0.0.1 dst=127.0.0.1 sport=22 dport=42692 packets=24 bytes=3892 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431999 ESTABLISHED src=x.x.x.44 dst=x.x.x.173 sport=61395 dport=22 packets=4435 bytes=340596 src=x.x.x.173 dst=x.x.x.44 sport=22 dport=61395 packets=4167 bytes=1612156 [ASSURED] mark=0 secmark=0 use=1
unknown  2 67 src=10.10.0.20 dst=224.0.0.22 packets=2 bytes=80 [UNREPLIED] src=224.0.0.22 dst=10.10.0.20 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 431999 ESTABLISHED src=127.0.0.1 dst=127.0.0.1 sport=37546 dport=5000 packets=5270 bytes=314297 src=127.0.0.1 dst=127.0.0.1 sport=5000 dport=37546 packets=5699 bytes=1611835 [ASSURED] mark=0 secmark=0 use=1
unknown  2 159 src=x.x.x.173 dst=224.0.0.22 packets=6 bytes=240 [UNREPLIED] src=224.0.0.22 dst=x.x.x.173 packets=0 bytes=0 mark=0 secmark=0 use=1
unknown  2 63 src=x.x.x.164 dst=224.0.0.22 packets=2 bytes=80 [UNREPLIED] src=224.0.0.22 dst=x.x.x.164 packets=0 bytes=0 mark=0 secmark=0 use=1

IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0b:db:91:0d:b3 brd ff:ff:ff:ff:ff:ff
    inet x.x.x.173/27 brd x.x.x.191 scope global eth0
    inet6 fe80::20b:dbff:fe91:db3/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0b:db:91:0d:b4 brd ff:ff:ff:ff:ff:ff
    inet 10.10.0.20/24 brd 10.10.0.255 scope global eth1
    inet6 fe80::20b:dbff:fe91:db4/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:04:23:08:c8:04 brd ff:ff:ff:ff:ff:ff
    inet x.x.x.164/27 brd x.x.x.191 scope global eth2
    inet6 fe80::204:23ff:fe08:c804/64 scope link 
       valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether 00:04:23:08:c8:05 brd ff:ff:ff:ff:ff:ff
6: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether 00:04:23:08:c8:06 brd ff:ff:ff:ff:ff:ff
7: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether 00:04:23:08:c8:07 brd ff:ff:ff:ff:ff:ff
8: sit0: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0
9: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
    inet6 fe80::200:ff:fe00:0/64 scope link 
       valid_lft forever preferred_lft forever
10: vif1.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet x.x.x.173/32 brd x.x.x.173 scope global vif1.0
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link 
       valid_lft forever preferred_lft forever

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    79609364   19655    0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    79609364   19655    0       0       0       0      
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0b:db:91:0d:b3 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    441053     4500     0       0       0       30     
    TX: bytes  packets  errors  dropped carrier collsns 
    1721402    4487     0       0       0       0      
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0b:db:91:0d:b4 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    14316      76       0       0       0       30     
    TX: bytes  packets  errors  dropped carrier collsns 
    4312       29       0       0       0       0      
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:04:23:08:c8:04 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    11832      59       0       0       0       30     
    TX: bytes  packets  errors  dropped carrier collsns 
    4458       31       0       0       0       0      
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether 00:04:23:08:c8:05 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
6: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether 00:04:23:08:c8:06 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
7: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ether 00:04:23:08:c8:07 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
8: sit0: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
9: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
10: vif1.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    9390       55       0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    1740       14       0       0       0       0      

Bridges

bridge name	bridge id		STP enabled	interfaces
virbr0		8000.000000000000	no		

PFKEY SPD

No SPD entries.

PFKEY SAD

No SAD entries.

/proc

   /proc/version = Linux version 2.6.18-53.1.14.el5xen (mockbuild@builder6.centos.org) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Wed Mar 5 12:39:19 EST 2008
   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 1
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/default/log_martians = 0
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 1
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/log_martians = 0
   /proc/sys/net/ipv4/conf/eth1/proxy_arp = 1
   /proc/sys/net/ipv4/conf/eth1/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth1/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/log_martians = 0
   /proc/sys/net/ipv4/conf/eth2/proxy_arp = 1
   /proc/sys/net/ipv4/conf/eth2/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth2/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth2/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth2/log_martians = 0
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/log_martians = 0
   /proc/sys/net/ipv4/conf/vif1.0/proxy_arp = 1
   /proc/sys/net/ipv4/conf/vif1.0/arp_filter = 0
   /proc/sys/net/ipv4/conf/vif1.0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/vif1.0/rp_filter = 0
   /proc/sys/net/ipv4/conf/vif1.0/log_martians = 0
   /proc/sys/net/ipv4/conf/virbr0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/virbr0/arp_filter = 0
   /proc/sys/net/ipv4/conf/virbr0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/virbr0/rp_filter = 0
   /proc/sys/net/ipv4/conf/virbr0/log_martians = 0

Routing Rules

0:	from all lookup 255 
32766:	from all lookup main 
32767:	from all lookup default 

Table 255:

broadcast 10.10.0.0 dev eth1  proto kernel  scope link  src 10.10.0.20 
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
local x.x.x.164 dev eth2  proto kernel  scope host  src x.x.x.164 
local 10.10.0.20 dev eth1  proto kernel  scope host  src 10.10.0.20 
local 192.168.122.1 dev virbr0  proto kernel  scope host  src 192.168.122.1 
broadcast 192.168.122.0 dev virbr0  proto kernel  scope link  src 192.168.122.1 
broadcast x.x.x.160 dev eth0  proto kernel  scope link  src x.x.x.173 
broadcast x.x.x.160 dev eth2  proto kernel  scope link  src x.x.x.164 
broadcast x.x.x.191 dev eth0  proto kernel  scope link  src x.x.x.173 
broadcast x.x.x.191 dev eth2  proto kernel  scope link  src x.x.x.164 
broadcast 10.10.0.255 dev eth1  proto kernel  scope link  src 10.10.0.20 
local x.x.x.173 dev eth0  proto kernel  scope host  src x.x.x.173 
local x.x.x.173 dev vif1.0  proto kernel  scope host  src x.x.x.173 
broadcast x.x.x.173 dev vif1.0  proto kernel  scope link  src x.x.x.173 
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 192.168.122.255 dev virbr0  proto kernel  scope link  src 192.168.122.1 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 

Table default:


Table main:

x.x.x.165 dev vif1.0  scope link  src x.x.x.173 
x.x.x.160/27 dev eth0  proto kernel  scope link  src x.x.x.173 
x.x.x.160/27 dev eth2  proto kernel  scope link  src x.x.x.164 
10.10.0.0/24 dev eth1  proto kernel  scope link  src 10.10.0.20 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 
169.254.0.0/16 dev eth2  scope link 
default via x.x.x.161 dev eth0 

ARP

? (x.x.x.181) at <incomplete> on eth0
? (x.x.x.161) at 00:00:0C:07:AC:FF [ether] on eth0
? (x.x.x.165) at * PERM PUP on eth2

Modules

ip_conntrack           53025  24 ipt_MASQUERADE,ip_nat_tftp,ip_nat_snmp_basic,ip_nat_sip,ip_nat_pptp,ip_nat_irc,ip_nat_h323,ip_nat_ftp,ip_nat_amanda,ip_conntrack_tftp,ip_conntrack_sip,ip_conntrack_pptp,ip_conntrack_irc,ip_conntrack_h323,ip_conntrack_ftp,ip_conntrack_amanda,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,iptable_nat,ip_nat,ip_conntrack_netbios_ns,xt_state
ip_conntrack_amanda     8901  1 ip_nat_amanda
ip_conntrack_ftp       11697  1 ip_nat_ftp
ip_conntrack_h323      51677  1 ip_nat_h323
ip_conntrack_irc       10801  1 ip_nat_irc
ip_conntrack_netbios_ns     6977  0 
ip_conntrack_pptp      15441  1 ip_nat_pptp
ip_conntrack_sip       11313  1 ip_nat_sip
ip_conntrack_tftp       8249  1 ip_nat_tftp
ip_nat                 21101  12 ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ip_nat_tftp,ip_nat_sip,ip_nat_pptp,ip_nat_irc,ip_nat_h323,ip_nat_ftp,ip_nat_amanda,iptable_nat
ip_nat_amanda           6465  0 
ip_nat_ftp              7361  0 
ip_nat_h323            11201  0 
ip_nat_irc              6721  0 
ip_nat_pptp             9925  0 
ip_nat_sip              8129  0 
ip_nat_snmp_basic      13253  0 
ip_nat_tftp             5953  0 
iptable_filter          7105  1 
iptable_mangle          6849  1 
iptable_nat            11205  0 
iptable_raw             6209  0 
ip_tables              17029  4 iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype            5953  4 
ipt_ah                  5953  0 
ipt_CLUSTERIP          12357  0 
ipt_dscp                5825  0 
ipt_DSCP                6337  0 
ipt_ecn                 6337  0 
ipt_ECN                 7105  0 
ipt_hashlimit          12745  0 
ipt_iprange             5953  0 
ipt_LOG                10177  19 
ipt_MASQUERADE          7745  0 
ipt_NETMAP              6209  0 
ipt_owner               6081  0 
ipt_recent             12497  0 
ipt_REDIRECT            6209  0 
ipt_REJECT              9537  4 
ipt_SAME                6465  0 
ipt_TCPMSS              8129  0 
ipt_tos                 5825  0 
ipt_TOS                 6337  0 
ipt_ttl                 5953  0 
ipt_TTL                 6337  0 
ipt_ULOG               11717  0 
xt_CLASSIFY             5953  0 
xt_comment              5953  0 
xt_connmark             6209  0 
xt_CONNMARK             6465  0 
xt_conntrack            6593  3 
xt_dccp                 7365  0 
xt_helper               6593  0 
xt_length               6081  0 
xt_limit                6721  0 
xt_mac                  6081  0 
xt_mark                 5953  0 
xt_MARK                 6465  0 
xt_multiport            7233  4 
xt_NFQUEUE              6209  0 
xt_physdev              6993  0 
xt_pkttype              6081  0 
xt_policy               7617  0 
xt_state                6209  34 
xt_tcpmss               6337  0 
xt_tcpudp               7105  13 

Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
   Packet Type Match: Available
   Policy Match: Available
   Physdev Match: Available
   Physdev-is-bridged Support: Available
   Packet length Match: Available
   IP range Match: Available
   Recent Match: Available
   Owner Match: Available
   Ipset Match: Not available
   CONNMARK Target: Available
   Extended CONNMARK Target: Available
   Connmark Match: Available
   Extended Connmark Match: Available
   Raw Table: Available
   IPP2P Match: Not available
   CLASSIFY Target: Available
   Extended REJECT: Available
   Repeat match: Not available
   MARK Target: Available
   Extended MARK Target: Available
   Mangle FORWARD Chain: Available
   Comments: Available
   Address Type Match: Available
   TCPMSS Match: Available
   Hashlimit Match: Available
   NFQUEUE Target: Available

Traffic Control

Device eth0:
qdisc pfifo_fast 0: bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 1681232 bytes 4253 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 

Device eth1:
qdisc pfifo_fast 0: bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 4076 bytes 29 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 

Device eth2:
qdisc pfifo_fast 0: bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 4178 bytes 31 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 

Device vif1.0:
qdisc pfifo_fast 0: bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 1740 bytes 14 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 


TC Filters

Device eth0:

Device eth1:

Device eth2:

Device vif1.0:

