On 07/25/2013 04:44 PM, Tom Eastep wrote:
> On 07/25/2013 07:02 AM, Tiemen Ruiten wrote:
>> On 07/25/2013 03:33 PM, Tom Eastep wrote:
>>> On 07/25/2013 04:33 AM, Tiemen Ruiten wrote:
>>>> Hello shorewall users,
>>>>
>>>> I'm testing the new Events feature in shorewall 4.5.19 (on Arch
>>>> Linux) and noticed there are a few things that seem to be amiss:
>>>>
>>>> - in /usr/share/shorewall/action.IfEvent, line 50, it says
>>>> second, not seconds (as is documented in the iptables-extensions
>>>> man page).
>>> Interestingly enough, 'second' seems to be accepted, at least by
>>> iptables 1.4.15.
>>>> - to use SSH limiting as is described in the example on
>>>> http://www.shorewall.net/Events.html, I need to define an
>>>> additional SSH_BLACKLIST action in /etc/shorewall/actions or
>>>> shorewall check will fail with:
>>>>
>>>> ERROR: Unknown ACTION (SSH_BLACKLIST)
>>>> /usr/share/shorewall/action.IfEvent
>>>>
>>>> - after I add the SSH_BLACKLIST action I get the following
>>>> warning when running shorewall check:
>>>>
>>>> Checking /etc/shorewall/action.SSH_BLACKLIST for chain
>>>> SSH_BLACKLIST... WARNING: Log Prefix shortened to
>>>> "Shorewall:SSH_BLACKLIST:LOG: "
>>> You can ignore that -- I used the name 'SSH_BLACKLIST' because
>>> that's what the original web article used.
>>>
>>>> /etc/shorewall/action.SSH_BLACKLIST (line 10) from
>>>> /usr/share/shorewall/action.IfEvent (line 138) from
>>>> /etc/shorewall/action.SSH_LIMIT (line 14) from
>>>> /etc/shorewall/rules (line 37)
>>>>
>>>>
>>>> - shorewall check validates the configuration, but when I do a
>>>> shorewall restart I get the following error:
>>>>
>>>> Running /sbin/iptables-restore... iptables-restore v1.4.19.1:
>>>> unknown option "--reap" Error occurred at line: 85 Try
>>>> `iptables-restore -h' or 'iptables-restore --help' for more
>>>>>> -Tom
>>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> See everything from the browser to the database with AppDynamics
>>>>> Get end-to-end visibility with application monitoring from AppDynamics
>>>>> Isolate bottlenecks and diagnose root cause in seconds.
>>>>> Start your free trial of AppDynamics Pro today!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
>>>>> _______________________________________________
>>>>> Shorewall-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>> information. ERROR: iptables-restore Failed. Input is in
>>>> /var/lib/shorewall/.iptables-restore-input Processing
>>>> /etc/shorewall/stop ... Processing /etc/shorewall/tcclear ...
>>>> Running /sbin/iptables-restore... IPv4 Forwarding Enabled
>>>> Processing /etc/shorewall/stopped ...
>>>> /usr/share/shorewall/lib.common: line 113: 9618 Terminated
>>>> $SHOREWALL_SHELL $script $options $@
>>>>
>>>> The contents of iptables-restore-input are in the attachment.
>>>>
>>>> Anything I can do to work around or fix this?
>>> Hmmm -- a similar rule works in my configuration (Debian Wheezy
>>> with iptables 1.4.15 + xtables-addons), even with 'second' rather
>>> than 'seconds'. If you correct that typo in
>>> /usr/share/shorewall/action.IfEvent, does the problem go away?
>>>
>> Changing line 101 in /usr/share/shorewall/action.IfEvent
>> from
>> $duration .= '--reap ';
>> to
>>
>> $duration .= '';
>
> The command is valid as released -- if you have to hack up the code to
> make it work, there is something wrong with your kit.
I agree. Arch is currently at iptables 1.4.19.1, which doesn't have
support for the --reap option. So what is the proper way to fix this/get
this fixed?
>>
>> I can make shorewall compile, but blacklisting doesn't seem to work. I
>> corrected the second/seconds type as well.
>>
>> I made multiple attempts to login via SSH, unfortunately nothing was
>> logged and no connection attempts were blocked.
>>
>> Should there be an SSH_COUNTER event defined as well?
>
> Yes. Please forward the output of 'shorewall dump' collected as
> described at http://www.shorewall.net/support.htm#guidelines
>
I attached the dump. Thank you for your time!
> Thanks,
> -Tom
>
>
Shorewall 4.5.19 Dump at r1.psm.example.com - Thu Jul 25 17:18:41 CEST
2013
Shorewall is running
State:Started (Thu Jul 25 16:52:45 CEST 2013) from /etc/shorewall/
Counters reset Thu Jul 25 16:52:45 CEST 2013
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
851 68206 net2fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
864 351K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain %IfEvent (1 references)
pkts bytes target prot opt in out source destination
0 0 SSH_BLACKLIST all -- * * 0.0.0.0/0
0.0.0.0/0 recent: CHECK seconds: 120 hit_count: 5 name: SSH side:
source mask: 255.255.255.255
Chain %IfEvent1 (1 references)
pkts bytes target prot opt in out source destination
1 60 ~log0 all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] recent: UPDATE seconds: 3 hit_count: 1 name: SSH side: source
mask: 255.255.255.255
Chain Broadcast (2 references)
pkts bytes target prot opt in out source destination
22 3104 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type MULTICAST
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type ANYCAST
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
22 3104 all -- * * 0.0.0.0/0 0.0.0.0/0
22 3104 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain IfEvent (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
recent: CHECK seconds: 300 hit_count: 1 name: SSH_COUNTER side: source
mask: 255.255.255.255
Chain Reject (3 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 3 code 4 /* Needed ICMP types */
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 11 /* Needed ICMP types */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 /* SMB */
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535 /* SMB */
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445 /* SMB */
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900 /* UPnP */
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 /* Late DNS Replies */
Chain SSH_BLACKLIST (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix "Shorewall:SSH_BLACKLIST:LOG: "
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: SSH_COUNTER side: source mask: 255.255.255.255
Chain SSH_LIMIT (1 references)
pkts bytes target prot opt in out source destination
6 360 IfEvent all -- * * 0.0.0.0/0 0.0.0.0/0
6 360 %IfEvent all -- * * 0.0.0.0/0 0.0.0.0/0
6 360 %IfEvent1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
recent: REMOVE name: SSH_COUNTER side: source mask: 255.255.255.255
LOG flags 0 level 4 prefix "Shorewall:SSH_LIMIT:Removed:"
5 300 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: SSH side: source mask: 255.255.255.255
Chain dynamic (1 references)
pkts bytes target prot opt in out source destination
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
852 351K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
12 836 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
33 4528 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
33 4528 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED
3 984 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
814 62661 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
818 63678 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
2 80 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* Ping */
0 0 ACCEPT tcp -- * * 212.67.x.y 0.0.0.0/0
tcp dpt:587 /* Submission */
6 360 SSH_LIMIT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
22 3104 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:net2fw:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
1 60 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain smurfs (1 references)
pkts bytes target prot opt in out source destination
3 984 RETURN all -- * * 0.0.0.0 0.0.0.0/0
0 0 smurflog all -- * * 0.0.0.0/0 0.0.0.0/0
[goto] ADDRTYPE match src-type BROADCAST
0 0 smurflog all -- * * 224.0.0.0/4 0.0.0.0/0
[goto]
Chain tcpflags (1 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
[goto] tcp spt:0 flags:0x17/0x02
Chain ~log0 (1 references)
pkts bytes target prot opt in out source destination
1 60 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix "Shorewall:SSH_LIMIT:Added:"
1 60 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Log (/var/log/messages)
Jul 25 10:00:54 net2fw:DROP:IN=eth0 OUT= SRC=123.151.42.61 DST=149.210.n.m
LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=12209 DPT=8080
WINDOW=8192 RES=0x00 SYN URGP=0
Jul 25 10:53:08 net2fw:DROP:IN=eth0 OUT= SRC=125.120.227.132 DST=149.210.n.m
LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=5335 DF PROTO=TCP SPT=40910 DPT=23
WINDOW=5808 RES=0x00 SYN URGP=0
Jul 25 11:13:32 net2fw:DROP:IN=eth0 OUT= SRC=123.151.42.61 DST=149.210.n.m
LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=12207 DPT=8080
WINDOW=8192 RES=0x00 SYN URGP=0
Jul 25 11:31:54 net2fw:DROP:IN=eth0 OUT= SRC=117.7.119.111 DST=149.210.n.m
LEN=58 TOS=0x00 PREC=0x00 TTL=106 ID=28876 PROTO=UDP SPT=41871 DPT=35728 LEN=38
Jul 25 11:31:54 net2fw:DROP:IN=eth0 OUT= SRC=117.7.119.111 DST=149.210.n.m
LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=28928 PROTO=UDP SPT=41871 DPT=35728 LEN=28
Jul 25 11:31:57 net2fw:DROP:IN=eth0 OUT= SRC=117.7.119.111 DST=149.210.n.m
LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=31497 PROTO=UDP SPT=41871 DPT=35728 LEN=28
Jul 25 11:32:04 net2fw:DROP:IN=eth0 OUT= SRC=117.7.119.111 DST=149.210.n.m
LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=5220 PROTO=UDP SPT=41871 DPT=35728 LEN=28
Jul 25 11:32:16 net2fw:DROP:IN=eth0 OUT= SRC=117.7.119.111 DST=149.210.n.m
LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=21207 PROTO=UDP SPT=41871 DPT=35728 LEN=28
Jul 25 11:32:40 net2fw:DROP:IN=eth0 OUT= SRC=117.7.119.111 DST=149.210.n.m
LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=19990 PROTO=UDP SPT=41871 DPT=35728 LEN=28
Jul 25 11:33:10 net2fw:DROP:IN=eth0 OUT= SRC=117.7.119.111 DST=149.210.n.m
LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=25079 PROTO=UDP SPT=41871 DPT=35728 LEN=28
Jul 25 12:27:20 net2fw:DROP:IN=eth0 OUT= SRC=123.151.42.61 DST=149.210.n.m
LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=12210 DPT=8080
WINDOW=8192 RES=0x00 SYN URGP=0
Jul 25 12:38:57 net2fw:DROP:IN=eth0 OUT= SRC=60.196.63.211 DST=149.210.n.m
LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=8738 PROTO=TCP SPT=14721 DPT=22
WINDOW=65535 RES=0x00 SYN URGP=0
Jul 25 13:25:24 net2fw:DROP:IN=eth0 OUT= SRC=217.170.194.46 DST=149.210.n.m
LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=32735 DF PROTO=TCP SPT=43487 DPT=80
WINDOW=5840 RES=0x00 SYN URGP=0
Jul 25 13:40:43 net2fw:DROP:IN=eth0 OUT= SRC=123.151.42.61 DST=149.210.n.m
LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=12207 DPT=8080
WINDOW=8192 RES=0x00 SYN URGP=0
Jul 25 13:42:31 net2fw:DROP:IN=eth0 OUT= SRC=198.20.69.98 DST=149.210.n.m
LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=1 PROTO=TCP SPT=36867 DPT=5432 WINDOW=1024
RES=0x00 SYN URGP=0
Jul 25 14:31:51 net2fw:DROP:IN=eth0 OUT= SRC=88.150.128.85 DST=149.210.n.m
LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=58894 PROTO=TCP SPT=23992 DPT=5900
WINDOW=65535 RES=0x00 SYN URGP=0
Jul 25 14:54:17 net2fw:DROP:IN=eth0 OUT= SRC=123.151.42.61 DST=149.210.n.m
LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=12205 DPT=8080
WINDOW=8192 RES=0x00 SYN URGP=0
Jul 25 16:05:55 net2fw:DROP:IN=eth0 OUT= SRC=123.151.42.61 DST=149.210.n.m
LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=12230 DPT=8080
WINDOW=8192 RES=0x00 SYN URGP=0
Jul 25 16:06:13 net2fw:DROP:IN=eth0 OUT= SRC=113.108.21.16 DST=149.210.n.m
LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=TCP SPT=22205 DPT=1723
WINDOW=8192 RES=0x00 SYN URGP=0
Jul 25 17:01:41 SSH_LIMIT:Added:IN=eth0 OUT= SRC=212.67.x.y DST=149.210.n.m
LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=27027 DF PROTO=TCP SPT=14225 DPT=22
WINDOW=14600 RES=0x00 SYN URGP=0
NAT Table
Chain PREROUTING (policy ACCEPT 144 packets, 20720 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 7 packets, 956 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10 packets, 689 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 11 packets, 729 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 733 packets, 71539 bytes)
pkts bytes target prot opt in out source destination
966 84957 tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 619 packets, 54939 bytes)
pkts bytes target prot opt in out source destination
851 68206 tcin all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK and 0xffffff00
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 487 packets, 265K bytes)
pkts bytes target prot opt in out source destination
864 351K tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 487 packets, 265K bytes)
pkts bytes target prot opt in out source destination
864 351K tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcin (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 733 packets, 71539 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
52 4146 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 487 packets, 265K bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10080 CT helper amanda
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 CT helper ftp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6667 CT helper irc
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:137 CT helper netbios-ns
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1723 CT helper pptp
0 0 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:6566 CT helper sane
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:5060 CT helper sip
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:161 CT helper snmp
0 0 CT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:69 CT helper tftp
Conntrack Table (27 out of 31952)
ipv4 2 tcp 6 105 TIME_WAIT src=91.213.195.220 dst=149.210.n.m
sport=36881 dport=22 src=149.210.n.m dst=91.213.195.220 sport=22 dport=36881
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 16 src=149.210.n.m dst=80.69.67.66 sport=47854 dport=53
src=80.69.67.66 dst=149.210.n.m sport=53 dport=47854 mark=0 zone=0 use=2
ipv4 2 udp 17 5 src=149.210.n.m dst=80.69.67.66 sport=48291 dport=53
src=80.69.67.66 dst=149.210.n.m sport=53 dport=48291 mark=0 zone=0 use=2
ipv4 2 tcp 6 93 TIME_WAIT src=91.213.195.220 dst=149.210.n.m
sport=36880 dport=22 src=149.210.n.m dst=91.213.195.220 sport=22 dport=36880
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 16 src=149.210.n.m dst=80.69.67.66 sport=42465 dport=53
src=80.69.67.66 dst=149.210.n.m sport=53 dport=42465 mark=0 zone=0 use=2
ipv4 2 tcp 6 430173 ESTABLISHED src=212.67.x.y dst=149.210.n.m
sport=63270 dport=22 src=149.210.n.m dst=212.67.x.y sport=22 dport=63270
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 431999 ESTABLISHED src=212.67.x.y dst=149.210.n.m
sport=56145 dport=22 src=149.210.n.m dst=212.67.x.y sport=22 dport=56145
[ASSURED] mark=0 zone=0 use=2
ipv4 2 tcp 6 111 TIME_WAIT src=91.213.195.220 dst=149.210.n.m
sport=36882 dport=22 src=149.210.n.m dst=91.213.195.220 sport=22 dport=36882
[ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 5 src=149.210.n.m dst=80.69.67.66 sport=48611 dport=53
src=80.69.67.66 dst=149.210.n.m sport=53 dport=48611 mark=0 zone=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
inet 149.210.n.m/24 brd 149.210.134.255 scope global eth0
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
67347 755 0 0 0 0
TX: bytes packets errors dropped carrier collsns
67347 755 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT qlen 1000
link/ether 52:54:00:a8:13:91 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
72195686 71128 0 0 0 0
TX: bytes packets errors dropped carrier collsns
5228245 30110 0 0 0 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
local 149.210.n.m dev eth0 proto kernel scope host src 149.210.n.m
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 149.210.134.255 dev eth0 proto kernel scope link src 149.210.n.m
broadcast 149.210.134.0 dev eth0 proto kernel scope link src 149.210.n.m
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
149.210.134.0/24 dev eth0 proto kernel scope link src 149.210.n.m metric 202
149.210.134.0/24 dev eth0 proto kernel scope link src 149.210.n.m
default via 149.210.134.1 dev eth0 metric 202
Per-IP Counters
iptaccount is not installed
NF Accounting
No NF Accounting defined (nfacct not found)
Events
SSH
src=91.213.195.220 : 3145.677, 3141.175, 3102.787, 3085.985, 3081.069,
3078.482, 885.206, 10.630, 7.493, 3.977
src=212.67.x.y : 305.844, 305.808, 303.253
SSH_COUNTER
/proc
/proc/version = Linux version 3.9.9-1-ARCH (tobias@T-POWA-LX) (gcc version
4.8.1 (GCC) ) #1 SMP PREEMPT Wed Jul 3 22:45:16 CEST 2013
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
ARP
? (149.210.134.221) at 00:19:e2:b8:07:c0 [ether] on eth0
? (149.210.134.220) at 00:19:e2:bd:27:c0 [ether] on eth0
? (149.210.134.1) at 00:00:5e:00:01:02 [ether] on eth0
Modules
ip_set 24647 1 xt_set
ip_tables 17218 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_CLUSTERIP 6281 0
ipt_ECN 1888 0
ipt_MASQUERADE 2154 0
ipt_REJECT 2313 4
ipt_ULOG 9185 0
ipt_ah 1821 0
ipt_rpfilter 1836 0
iptable_filter 1488 1
iptable_mangle 1584 1
iptable_nat 3358 0
iptable_raw 1380 1
nf_conntrack 71499 35
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,ipt_MASQUERADE,nf_conntrack_proto_udplite,nf_nat,xt_state,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,ipt_CLUSTERIP,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,iptable_nat,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda 2573 3 nf_nat_amanda
nf_conntrack_broadcast 1253 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 9595 3 nf_nat_ftp
nf_conntrack_h323 49554 1 nf_nat_h323
nf_conntrack_ipv4 9262 26
nf_conntrack_irc 4267 3 nf_nat_irc
nf_conntrack_netbios_ns 1077 2
nf_conntrack_netlink 27529 0
nf_conntrack_pptp 8797 3 nf_nat_pptp
nf_conntrack_proto_gre 6087 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 10573 0
nf_conntrack_proto_udplite 4411 0
nf_conntrack_sane 4860 2
nf_conntrack_sip 22213 3 nf_nat_sip
nf_conntrack_snmp 1211 3 nf_nat_snmp_basic
nf_conntrack_tftp 4433 3 nf_nat_tftp
nf_defrag_ipv4 1371 2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6 9699 1 xt_TPROXY
nf_nat 15028 12
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,ipt_MASQUERADE,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,iptable_nat
nf_nat_amanda 1248 0
nf_nat_ftp 2020 0
nf_nat_h323 8031 0
nf_nat_ipv4 3568 1 iptable_nat
nf_nat_irc 1438 0
nf_nat_pptp 3978 0
nf_nat_proto_gre 1989 1 nf_nat_pptp
nf_nat_sip 8789 0
nf_nat_snmp_basic 7747 0
nf_nat_tftp 990 0
nf_tproxy_core 1132 1 xt_TPROXY
xt_AUDIT 2963 0
xt_CHECKSUM 1231 0
xt_CLASSIFY 1093 0
xt_CT 4290 18
xt_DSCP 2211 0
xt_LOG 12169 9
xt_NFLOG 1126 0
xt_NFQUEUE 2072 0
xt_TCPMSS 3471 0
xt_TPROXY 7735 0
xt_addrtype 2789 5
xt_comment 963 18
xt_connlimit 3330 0
xt_connmark 1845 0
xt_conntrack 3265 7
xt_dccp 2163 0
xt_dscp 1731 0
xt_hashlimit 8149 0
xt_helper 1395 0
xt_iprange 2472 0
xt_length 1252 0
xt_limit 1945 0
xt_mac 1051 0
xt_mark 1213 1
xt_multiport 2398 4
xt_nat 1969 0
xt_owner 1219 0
xt_physdev 1692 0
xt_pkttype 1091 0
xt_policy 2514 0
xt_realm 991 0
xt_recent 8632 7
xt_sctp 3239 0
xt_set 4661 0
xt_state 1295 0
xt_statistic 1343 0
xt_tcpmss 1505 0
xt_tcpudp 3143 37
xt_time 2083 0
Shorewall has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
AUDIT Target (AUDIT_TARGET): Available
Address Type Match (ADDRTYPE): Available
Amanda Helper: Available
Arptables JF: Not available
Basic Filter (BASIC_FILTER): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
Capabilities Version (CAPVERSION): 40515
Checksum Target: Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended MARK Target (XMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Available
FTP Helper: Available
FTP-0 Helper: Not available
Geo IP match: Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Not available
Helper Match (HELPER_MATCH): Available
IMQ Target (IMQ_TARGET): Not available
IP range Match(IPRANGE_MATCH): Available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IRC Helper: Available
IRC-0 Helper: Not available
Kernel Version (KERNELVERSION): 30909
LOG Target (LOG_TARGET): Available
LOGMARK Target (LOGMARK_TARGET): Not available
MARK Target (MARK): Available
MASQUERADE Target: Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
NFAcct match: Not available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Netbios_ns Helper: Available
New tos Match: Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
PPTP Helper: Available
Packet Mangling (MANGLE_ENABLED): Available
Packet Type Match (USEPKTTYPE): Available
Packet length Match (LENGTH_MATCH): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev Match (PHYSDEV_MATCH): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Policy Match (POLICY_MATCH): Available
RPFilter match: Available
Raw Table (RAW_TABLE): Available
Rawpost Table (RAWPOST_TABLE): Not available
Realm Match (REALM_MATCH): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
SANE Helper: Available
SANE-0 Helper: Not available
SIP Helper: Available
SIP-0 Helper: Not available
SNMP Helper: Available
Statistic Match (STATISTIC_MATCH): Available
TCPMSS Match (TCPMSS_MATCH): Available
TFTP Helper: Available
TFTP-0 Helper: Not available
TPROXY Target (TPROXY_TARGET): Available
Time Match (TIME_MATCH): Available
UDPLITE Port Redirection: Not available
ULOG Target (ULOG_TARGET): Available
fwmark route mask (FWMARK_RT_MASK): Available
ipset V5 (IPSET_V5): Not available
iptables -S (IPTABLES_S): Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
15023/master
tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN
14781/opendkim
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
15023/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
148/sshd
tcp 0 0 149.210.n.m:22 212.67.x.y:56145 ESTABLISHED
11503/sshd: tiemen
tcp 0 0 149.210.n.m:22 212.67.x.y:63270 ESTABLISHED
8538/sshd: tiemen [
tcp6 0 0 :::22 :::* LISTEN
148/sshd
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1
1 1
Sent 5247200 bytes 30396 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth0:
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
