Hi, I've been receiving the following error for weeks or months now:
iptables: No chain/target/match by that name.
I know this is a common thing and that it usually means that something
is missing from your kernel config. I'm a Gentoo user and I'm well
accustomed to kernel config, and have read the docs explaining which
settings are needed. I *think* it's all in there.
This is just a simple f/w setup running on a single machine with a
single network i/f active at a time.
Bottom line: I have no idea whether this is really causing a problem or
not. Firewall seems to be working, but I worry that it's really not, and
I'm vulnerable. In typical intelligent human fashion, I've waited months
to get around to seriously addressing it :-\
Without further ado, here's the evidence I offer. Note that the error
comes at the beginning of the startup process, right after "Loading
modules..." This is how it's been each time I've checked.
Thanks in advance for the help.
Dave
Shorewall version: 4.5.11.2
==== Output of ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
DOWN qlen 1000
link/ether 00:1d:e0:8c:2a:e3 brd ff:ff:ff:ff:ff:ff
3: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:1d:72:8c:87:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.78/24 brd 255.255.255.255 scope global enp0s25
==== Output of ip route show
default via 192.168.200.1 dev enp0s25 metric 203
127.0.0.0/8 via 127.0.0.1 dev lo
192.168.200.0/24 dev enp0s25 proto kernel scope link src
192.168.200.78 metric 203
==== Output of shorewall debug -vvvv restart
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
iptables: No chain/target/match by that name. <====
HERE!
Shorewall has detected the following capabilities:
ACCOUNT Target: Not Available
AUDIT Target: Not Available
Address Type Match: Available
Amanda Helper: Not Available
Basic Filter: Available
CLASSIFY Target: Not Available
CONNMARK Target: Not Available
CT Target: Not Available
Capability Version: 4.5.9
Checksum Target: Not Available
Comments: Not Available
Condition Match: Not Available
Connection Tracking Match: Available
Connlimit Match: Not Available
Connmark Match: Not Available
DSCP Match: Not Available
DSCP Target: Not Available
Extended CONNMARK Target: Not Available
Extended Connection Tracking Match: Available
Extended Connmark Match: Not Available
Extended Mark Target: Not Available
Extended Mark Target 2: Not Available
Extended Multi-port Match: Available
Extended Reject: Available
FTP Helper: Not Available
FTP-0 Helper: Not Available
Flow Classifier: Available
GeoIP Match: Not Available
Goto Support: Available
H323 Helpers: Not Available
Hashlimit Match: Not Available
Header Match: Not Available
Helper Match: Not Available
IMQ Target: Not Available
IP Range Match: Not Available
IPMARK Target: Not Available
IPP2P Match: Not Available
IRC Helper: Not Available
IRC-0 Helper: Not Available
Ipset Match: Not Available
Kernel Version: 3.7.10
LOG Target: Available
LOGMARK Target: Not Available
Log Options: Available
MARK Target: Not Available
Mangle FORWARD Chain: Not Available
Mark in any table: Available
Multi-port Match: Available
NAT: Not Available
NFAcct Match: Not Available
NFLOG Target: Not Available
NFQUEUE Target: Not Available
Netbios-ns Helper: Not Available
Old Hash Limit Match: Not Available
Old IPP2P Match Syntax: Not Available
Old Ipset Match: Not Available
Old conntrack match syntax: Not Available
Owner Match: Not Available
Owner Name Match: Not Available
PPTP Helper: Not Available
Packet Mangling: Not Available
Packet Type Match: Available
Packet length Match: Not Available
Persistent SNAT: Not Available
Physdev Match: Not Available
Physdev-is-bridged support: Not Available
Policy Match: Not Available
RPFilter Match: Not Available
Raw Table: Not Available
Rawpost Table: Not Available
Realm Match: Not Available
Recent Match: Not Available
Repeat match: Available
SANE Helper: Not Available
SANE-0 Helper: Not Available
SIP Helper: Not Available
SIP-0 Helper: Not Available
SNMP Helper: Not Available
Statistics Match: Not Available
TCPMSS Match: Not Available
TFTP Helper: Not Available
TFTP-0 Helper: Not Available
TPROXY Target: Not Available
Time Match: Not Available
ULOG Target: Not Available
Version 5 ipsets: Not Available
fwmark route mask: Available
iptables -S: Available
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Interface "net enp0s25 dhcp" Validated
Interface "net wlp3s0 dhcp" Validated
Determining Hosts in Zones...
fw (firewall)
net (ipv4)
enp0s25:0.0.0.0/0
wlp3s0:0.0.0.0/0
Locating Action Files...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
Rule "PARAM - - tcp 113" Compiled
..End Macro /usr/share/shorewall/macro.Auth
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Rule "PARAM - - icmp fragmentation-needed" Compiled
Rule "PARAM - - icmp time-exceeded" Compiled
..End Macro /usr/share/shorewall/macro.AllowICMPs
Compiling /usr/share/shorewall/action.Invalid for chain Invalid...
..Expanding Macro /usr/share/shorewall/macro.SMB...
Rule "PARAM - - udp 135,445" Compiled
Rule " PARAM - - udp 137:139" Compiled
Rule "PARAM - - udp 1024: 137" Compiled
Rule "PARAM - - tcp 135,139,445" Compiled
..End Macro /usr/share/shorewall/macro.SMB
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Rule "PARAM - - udp 1900" Compiled
..End Macro /usr/share/shorewall/macro.DropUPnP
Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn...
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Rule "PARAM - - udp - 53" Compiled
..End Macro /usr/share/shorewall/macro.DropDNSrep
Compiling /usr/share/shorewall/action.Reject for chain Reject...
..Expanding Macro /usr/share/shorewall/macro.Auth...
Rule "PARAM - - tcp 113" Compiled
..End Macro /usr/share/shorewall/macro.Auth
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Rule "PARAM - - icmp fragmentation-needed" Compiled
Rule "PARAM - - icmp time-exceeded" Compiled
..End Macro /usr/share/shorewall/macro.AllowICMPs
..Expanding Macro /usr/share/shorewall/macro.SMB...
Rule "PARAM - - udp 135,445" Compiled
Rule " PARAM - - udp 137:139" Compiled
Rule "PARAM - - udp 1024: 137" Compiled
Rule "PARAM - - tcp 135,139,445" Compiled
..End Macro /usr/share/shorewall/macro.SMB
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Rule "PARAM - - udp 1900" Compiled
..End Macro /usr/share/shorewall/macro.DropUPnP
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Rule "PARAM - - udp - 53" Compiled
..End Macro /usr/share/shorewall/macro.DropDNSrep
Compiling /etc/shorewall/policy...
Policy for fw to net is ACCEPT using chain fw2net
Policy for net to fw is DROP using chain net2all
Policy for fw to net is REJECT using chain all2all
Policy for net to fw is REJECT using chain all2all
Running /etc/shorewall/initdone...
Adding rules for DHCP
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling MAC Filtration -- Phase 1...
Chain enp0s25_iop deleted
Chain enp0s25_fop deleted
Chain enp0s25_oop deleted
Chain wlp3s0_iop deleted
Chain wlp3s0_fop deleted
Chain wlp3s0_oop deleted
Compiling /etc/shorewall/rules...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Policy ACCEPT from fw to net using chain fw2net
Policy DROP from net to fw using chain net2fw
Generating Rule Matrix...
Handling complex zones...
Entering main matrix-generation loop...
Chain enp0s25_out deleted
Chain wlp3s0_out deleted
Finishing matrix...
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Disabling Kernel Automatic Helper Association
Preparing iptables-restore input...
Running debug_restore_input...
IPv4 Forwarding Enabled
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.
=== Output of shorewall dump
Shorewall 4.5.11.2 Dump at linux8 - Sun Jun 23 00:28:33 HST 2013
Shorewall is running
State:Started (Sun Jun 23 00:10:24 HST 2013) from /etc/shorewall/
Counters reset Sun Jun 23 00:10:24 HST 2013
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2382 1545K enp0s25_in all -- enp0s25 * 0.0.0.0/0
0.0.0.0/0
0 0 wlp3s0_in all -- wlp3s0 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
"Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 enp0s25_fwd all -- enp0s25 * 0.0.0.0/0
0.0.0.0/0
0 0 wlp3s0_fwd all -- wlp3s0 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
"Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2137 909K fw2net all -- * enp0s25 0.0.0.0/0
0.0.0.0/0
0 0 fw2net all -- * wlp3s0 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
"Shorewall:OUTPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0 [goto]
Chain Broadcast (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0
224.0.0.0/4
Chain Drop (1 references)
pkts bytes target prot opt in out source
destination
3 120 all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
3 120 Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 11
3 120 Invalid all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
0 0 NotSyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53
Chain Invalid (2 references)
pkts bytes target prot opt in out source
destination
3 120 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID
Chain NotSyn (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02
Chain Reject (3 references)
pkts bytes target prot opt in out source
destination
0 0 all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
0 0 Broadcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 11
0 0 Invalid all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
0 0 NotSyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53
Chain dynamic (4 references)
pkts bytes target prot opt in out source
destination
Chain enp0s25_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 sfilter all -- * enp0s25 0.0.0.0/0
0.0.0.0/0 [goto]
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW
0 0 net_frwd all -- * * 0.0.0.0/0
0.0.0.0/0
Chain enp0s25_in (1 references)
pkts bytes target prot opt in out source
destination
4 1580 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW
1 1460 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
2381 1544K net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (2 references)
pkts bytes target prot opt in out source
destination
1 353 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
1938 897K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
198 12375 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source
destination
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2fw (2 references)
pkts bytes target prot opt in out source
destination
2378 1544K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate RELATED,ESTABLISHED
3 120 Drop all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
"Shorewall:net2fw:DROP:"
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net_frwd (2 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * enp0s25 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * wlp3s0 0.0.0.0/0
0.0.0.0/0
Chain reject (10 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0
0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain sfilter (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
"Shorewall:sfilter:DROP:"
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Chain wlp3s0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 sfilter all -- * wlp3s0 0.0.0.0/0
0.0.0.0/0 [goto]
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW
0 0 net_frwd all -- * * 0.0.0.0/0
0.0.0.0/0
Chain wlp3s0_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 ctstate INVALID,NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 net2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Log (/var/log/messages)
Jun 17 15:46:22 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=37.220.19.98 DST=128.171.7.25 LEN=72 TOS=0x00 PREC=0x00 TTL=48 ID=0
DF PROTO=UDP SPT=42772 DPT=53 LEN=52
Jun 17 16:00:36 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=128.171.7.38 DST=128.171.7.25 LEN=73 TOS=0x00 PREC=0x00 TTL=128
ID=15976 PROTO=UDP SPT=57203 DPT=161 LEN=53
Jun 17 16:00:38 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=128.171.7.38 DST=128.171.7.25 LEN=73 TOS=0x00 PREC=0x00 TTL=128
ID=15981 DF PROTO=UDP SPT=57203 DPT=161 LEN=53
Jun 17 16:07:18 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=37.220.19.98 DST=128.171.7.25 LEN=72 TOS=0x00 PREC=0x00 TTL=48 ID=0
DF PROTO=UDP SPT=43351 DPT=53 LEN=52
Jun 18 17:15:34 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=89.248.172.173 DST=128.171.7.25 LEN=72 TOS=0x00 PREC=0x00 TTL=52
ID=0 DF PROTO=UDP SPT=37198 DPT=53 LEN=52
Jun 18 17:23:49 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=89.248.168.178 DST=128.171.7.25 LEN=72 TOS=0x00 PREC=0x00 TTL=52
ID=0 DF PROTO=UDP SPT=57982 DPT=53 LEN=52
Jun 20 10:44:22 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=89.248.171.71 DST=128.171.7.25 LEN=29 TOS=0x00 PREC=0x00 TTL=52 ID=0
DF PROTO=UDP SPT=57574 DPT=19 LEN=9
Jun 20 15:59:58 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=128.171.7.38 DST=128.171.7.25 LEN=73 TOS=0x00 PREC=0x00 TTL=128
ID=3292 PROTO=UDP SPT=56052 DPT=161 LEN=53
Jun 20 16:00:00 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=128.171.7.38 DST=128.171.7.25 LEN=73 TOS=0x00 PREC=0x00 TTL=128
ID=3304 DF PROTO=UDP SPT=56052 DPT=161 LEN=53
Jun 20 16:58:10 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=85.214.251.10 DST=128.171.7.25 LEN=48 TOS=0x00 PREC=0x00 TTL=114
ID=36586 PROTO=TCP SPT=34921 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0
Jun 21 18:31:41 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=50.63.55.200 DST=128.171.7.25 LEN=66 TOS=0x00 PREC=0x00 TTL=48
ID=13497 PROTO=UDP SPT=24208 DPT=53 LEN=46
Jun 21 18:31:41 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=50.63.55.200 DST=128.171.7.25 LEN=66 TOS=0x00 PREC=0x00 TTL=49
ID=13497 PROTO=UDP SPT=24208 DPT=53 LEN=46
Jun 21 18:40:38 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=59.42.106.242 DST=128.171.7.25 LEN=48 TOS=0x00 PREC=0x00 TTL=113
ID=7778 DF PROTO=TCP SPT=11880 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0
Jun 21 19:01:50 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=218.27.207.249 DST=128.171.7.25 LEN=77 TOS=0x00 PREC=0x00 TTL=115
ID=15909 PROTO=UDP SPT=31875 DPT=53 LEN=57
Jun 21 19:35:54 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=213.186.60.63 DST=128.171.7.25 LEN=48 TOS=0x00 PREC=0x00 TTL=115
ID=18972 PROTO=TCP SPT=38127 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jun 21 19:57:34 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=177.133.168.145 DST=128.171.7.25 LEN=28 TOS=0x00 PREC=0x00 TTL=109
ID=27673 PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=27070
Jun 21 20:09:31 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=188.138.109.53 DST=128.171.7.25 LEN=78 TOS=0x00 PREC=0x00 TTL=41
ID=0 DF PROTO=UDP SPT=46984 DPT=53 LEN=58
Jun 21 20:20:05 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=141.212.121.72 DST=128.171.7.25 LEN=40 TOS=0x00 PREC=0x00 TTL=242
ID=0 PROTO=TCP SPT=38153 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Jun 21 20:35:49 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=218.17.156.198 DST=128.171.7.25 LEN=44 TOS=0x00 PREC=0x00 TTL=106
ID=256 PROTO=TCP SPT=6000 DPT=8009 WINDOW=16384 RES=0x00 SYN URGP=0
Jun 21 21:01:41 localhost Shorewall:net2fw:DROP:IN=enp0s25 OUT=
SRC=142.0.37.93 DST=128.171.7.25 LEN=435 TOS=0x00 PREC=0x00 TTL=40 ID=0
DF PROTO=UDP SPT=5077 DPT=5060 LEN=415
Conntrack Table (16 out of 65536)
grep: /proc/net/nf_conntrack: No such file or directory
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
3: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
inet 192.168.200.78/24 brd 255.255.255.255 scope global enp0s25
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
1100 22 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1100 22 0 0 0 0
2: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
DOWN mode DEFAULT qlen 1000
link/ether 00:1d:e0:8c:2a:e3 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT qlen 1000
link/ether 00:1d:72:8c:87:29 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
190425111 165922 0 0 0 0
TX: bytes packets errors dropped carrier collsns
12899118 104365 0 0 0 0
RTNETLINK answers: Operation not supported
Dump terminated
Routing Table
Command line is not complete. Try option "help"
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
/proc
/proc/version = Linux version 3.7.10-gentoo (root@linux8) (gcc
version 4.5.4 (Gentoo 4.5.4 p1.0, pie-0.4.7) ) #4 SMP Mon Jun 10
15:55:58 HST 2013
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/enp0s25/proxy_arp = 0
/proc/sys/net/ipv4/conf/enp0s25/arp_filter = 0
/proc/sys/net/ipv4/conf/enp0s25/arp_ignore = 0
/proc/sys/net/ipv4/conf/enp0s25/rp_filter = 0
/proc/sys/net/ipv4/conf/enp0s25/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/wlp3s0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlp3s0/arp_filter = 0
/proc/sys/net/ipv4/conf/wlp3s0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlp3s0/rp_filter = 0
/proc/sys/net/ipv4/conf/wlp3s0/log_martians = 1
ARP
? (192.168.200.1) at 00:26:41:aa:a3:c0 [ether] on enp0s25
Modules
ip_tables 8661 1 iptable_filter
ipt_REJECT 1862 4
iptable_filter 965 1
nf_conntrack 38156 3 xt_state,xt_conntrack,nf_conntrack_ipv4
nf_conntrack_ipv4 4979 7
nf_defrag_ipv4 856 1 nf_conntrack_ipv4
xt_LOG 6661 5
xt_addrtype 1462 4
xt_conntrack 2582 7
xt_limit 1288 0
xt_mac 704 0
xt_mark 762 0
xt_multiport 1427 4
xt_pkttype 712 0
xt_state 836 0
xt_tcpudp 1812 14
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
AUDIT Target (AUDIT_TARGET): Not available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Not available
Basic Filter (BASIC_FILTER): Available
CLASSIFY Target (CLASSIFY_TARGET): Not available
CONNMARK Target (CONNMARK): Not available
CT Target (CT_TARGET): Not available
Capabilities Version (CAPVERSION): 40509
Checksum Target: Not available
Comments (COMMENTS): Not available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Not available
Connmark Match (CONNMARK_MATCH): Not available
DSCP Match (DSCP_MATCH): Not available
DSCP Target (DSCP_TARGET): Not available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH):
Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP Helper: Not available
FTP-0 Helper: Not available
Geo IP match: Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Not available
Hashlimit Match (HASHLIMIT_MATCH): Not available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
IP range Match(IPRANGE_MATCH): Not available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IRC Helper: Not available
IRC-0 Helper: Not available
Kernel Version (KERNELVERSION): 30710
LOG Target (LOG_TARGET): Available
LOGMARK Target (LOGMARK_TARGET): Not available
MARK Target (MARK): Not available
Mangle FORWARD Chain (MANGLE_FORWARD): Not available
Mark in any table (MARK_ANYWHERE): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Not available
NFAcct match: Not available
NFLOG Target (NFLOG_TARGET): Not available
NFQUEUE Target (NFQUEUE_TARGET): Not available
Netbios_ns Helper: Not available
Owner Match (OWNER_MATCH): Not available
Owner Name Match (OWNER_NAME_MATCH): Not available
PPTP Helper: Not available
Packet Mangling (MANGLE_ENABLED): Not available
Packet Type Match (USEPKTTYPE): Available
Packet length Match (LENGTH_MATCH): Not available
Persistent SNAT (PERSISTENT_SNAT): Not available
Physdev Match (PHYSDEV_MATCH): Not available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Not available
Policy Match (POLICY_MATCH): Not available
RPFilter match: Not available
Raw Table (RAW_TABLE): Not available
Rawpost Table (RAWPOST_TABLE): Not available
Realm Match (REALM_MATCH): Not available
Recent Match (RECENT_MATCH): Not available
Repeat match (KLUDGEFREE): Not available
SANE Helper: Not available
SANE-0 Helper: Not available
SIP Helper: Not available
SIP-0 Helper: Not available
SNMP Helper: Not available
Statistic Match (STATISTIC_MATCH): Not available
TCPMSS Match (TCPMSS_MATCH): Not available
TFTP Helper: Not available
TFTP-0 Helper: Not available
TPROXY Target (TPROXY_TARGET): Not available
Time Match (TIME_MATCH): Not available
ULOG Target (ULOG_TARGET): Not available
fwmark route mask (FWMARK_RT_MASK): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 2330/sshd
tcp 0 1 192.168.200.78:52487 74.201.105.31:443
LAST_ACK -
tcp 0 0 192.168.200.78:39758 74.125.141.95:443
ESTABLISHED 6480/firefox
tcp 0 0 192.168.200.78:40245 54.230.146.136:80
TIME_WAIT -
tcp 0 0 192.168.200.78:53578 74.125.224.219:80
TIME_WAIT -
tcp 0 0 192.168.200.78:53555 74.125.224.219:80
TIME_WAIT -
tcp 0 0 192.168.200.78:39298 66.111.4.56:443
ESTABLISHED 6480/firefox
tcp 0 0 192.168.200.78:55434 199.7.54.72:80
TIME_WAIT -
tcp 0 0 192.168.200.78:56175 72.235.63.19:80
TIME_WAIT -
tcp 0 0 192.168.200.78:49326 74.125.224.222:443
ESTABLISHED 6480/firefox
tcp 0 0 192.168.200.78:60157 74.125.224.211:443
ESTABLISHED 6480/firefox
tcp 0 0 192.168.200.78:56176 72.235.63.19:80
TIME_WAIT -
tcp 0 0 192.168.200.78:40246 54.230.146.136:80
TIME_WAIT -
tcp 0 0 192.168.200.78:40244 54.230.146.136:80
TIME_WAIT -
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
