Shorewall 4.6.6.2 Dump at cesso-pi - Mon Mar  9 11:37:16 EDT 2015

Shorewall is running
State:Started (Mon Mar  9 11:32:50 EDT 2015) from /etc/shorewall/ (/var/lib/shorewall/firewall compiled by Shorewall version 4.6.6.2)

Counters reset Mon Mar  9 11:32:50 EDT 2015

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5080  732K net2fw     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
   26  3249 vpn2fw     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net_frwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 vpn_frwd   all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 7506 8398K fw2net     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 fw2vpn     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain Broadcast (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST

Chain Reject (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3 code 4 /* Needed ICMP types */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11 /* Needed ICMP types */
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,445 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:137:139 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:137 dpts:1024:65535 /* SMB */
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,139,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900 /* UPnP */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 /* Late DNS Replies */

Chain dynamic (4 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 7389 8389K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            10.9.0.1             udp dpt:443
  117  8208 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2vpn (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logflags (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  374 43309 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
  374 43309 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
 4333  642K tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
 4706  688K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       10.9.0.1             0.0.0.0/0            udp spt:443
  374 43309 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2vpn (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net2vpn:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain net_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 sfilter    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 smurfs     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 net2vpn    all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           

Chain reject (11 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type BROADCAST
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain sfilter (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain sha-lh-2a5b5f78b610cece1429 (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain sha-rh-73362e4712f59977f0c0 (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

Chain smurflog (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:smurfs:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain smurfs (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0              0.0.0.0/0           
    0     0 smurflog   all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  ADDRTYPE match src-type BROADCAST
    0     0 smurflog   all  --  *      *       224.0.0.0/4          0.0.0.0/0           [goto] 

Chain tcpflags (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x29
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x00
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x06/0x06
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x03/0x03
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp spt:0 flags:0x17/0x02

Chain vpn2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   116 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
   11  1181 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
   24  3133 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:55996
    2   116 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:55996
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:55997
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:vpn2fw:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain vpn2net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:vpn2net:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain vpn_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 sfilter    all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 vpn2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           

Log (/var/log/messages)


NAT Table

Chain PREROUTING (policy ACCEPT 279 packets, 29649 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 279 packets, 29649 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 81 packets, 5942 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 73 packets, 5379 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    8   563 tun0_masq  all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           

Chain tun0_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    8   563 MASQUERADE  all  --  *      *       172.18.6.108         0.0.0.0/0            mark match 0x2/0xff

Mangle Table

Chain PREROUTING (policy ACCEPT 5106 packets, 735K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5106  735K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore mask 0xff
  336 34877 routemark  all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff
    8   749 routemark  all  --  tun0   *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff
 5080  732K tcpre      all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
   26  3249 tcpre      all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 tcpre      all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff

Chain INPUT (policy ACCEPT 5106 packets, 735K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5106  735K tcin       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK and 0xffffff00
    0     0 tcfor      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 7506 packets, 8398K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 7506 8398K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK restore mask 0xff
  117  8208 tcout      all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x0/0xff

Chain POSTROUTING (policy ACCEPT 7506 packets, 8398K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 7506 8398K tcpost     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain routemark (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  336 34877 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0xff
    8   749 MARK       all  --  tun0   *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x2/0xff
  344 35626 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match ! 0x0/0xff CONNMARK save mask 0xff

Chain tcfor (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcin (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  112  7906 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            owner UID match 1004 MARK set 0x2

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpre (3 references)
 pkts bytes target     prot opt in     out     source               destination         

Raw Table

Chain PREROUTING (policy ACCEPT 5106 packets, 735K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 7506 packets, 8398K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Conntrack Table (84 out of 62212)

udp      17 106 src=46.165.14.35 dst=172.18.6.108 sport=47846 dport=55996 src=172.18.6.108 dst=46.165.14.35 sport=55996 dport=47846 [ASSURED] mark=1 use=2
udp      17 12 src=172.18.6.136 dst=172.18.6.255 sport=54752 dport=8612 [UNREPLIED] src=172.18.6.255 dst=172.18.6.136 sport=8612 dport=54752 mark=1 use=2
udp      17 20 src=46.172.206.241 dst=172.18.6.108 sport=6981 dport=55996 src=172.18.6.108 dst=46.172.206.241 sport=55996 dport=6981 mark=1 use=2
udp      17 175 src=78.27.168.113 dst=172.18.6.108 sport=44097 dport=55996 src=172.18.6.108 dst=78.27.168.113 sport=55996 dport=44097 [ASSURED] mark=1 use=2
udp      17 18 src=14.192.213.255 dst=172.18.6.108 sport=5507 dport=55996 src=172.18.6.108 dst=14.192.213.255 sport=55996 dport=5507 mark=1 use=2
udp      17 57 src=172.18.6.108 dst=91.121.113.58 sport=47639 dport=53 src=91.121.113.58 dst=172.18.6.108 sport=53 dport=47639 [ASSURED] mark=1 use=2
udp      17 24 src=174.89.38.251 dst=172.18.6.108 sport=22418 dport=55996 src=172.18.6.108 dst=174.89.38.251 sport=55996 dport=22418 mark=1 use=2
udp      17 109 src=177.40.248.182 dst=172.18.6.108 sport=45692 dport=55996 src=172.18.6.108 dst=177.40.248.182 sport=55996 dport=45692 [ASSURED] mark=1 use=2
udp      17 1 src=172.18.6.108 dst=185.21.216.190 sport=55996 dport=46811 src=185.21.216.190 dst=172.18.6.108 sport=46811 dport=55996 mark=1 use=2
udp      17 59 src=172.18.6.108 dst=69.193.190.82 sport=55996 dport=23655 src=69.193.190.82 dst=172.18.6.108 sport=23655 dport=55996 [ASSURED] mark=1 use=2
udp      17 11 src=94.29.64.110 dst=172.18.6.108 sport=1057 dport=55996 src=172.18.6.108 dst=94.29.64.110 sport=55996 dport=1057 [ASSURED] mark=1 use=2
udp      17 8 src=141.237.79.21 dst=172.18.6.108 sport=36252 dport=55996 src=172.18.6.108 dst=141.237.79.21 sport=55996 dport=36252 mark=1 use=2
udp      17 19 src=188.182.111.74 dst=172.18.6.108 sport=6881 dport=55996 src=172.18.6.108 dst=188.182.111.74 sport=55996 dport=6881 mark=1 use=2
udp      17 45 src=190.177.82.186 dst=172.18.6.108 sport=23437 dport=55996 src=172.18.6.108 dst=190.177.82.186 sport=55996 dport=23437 [ASSURED] mark=1 use=2
udp      17 105 src=88.107.207.44 dst=172.18.6.108 sport=58841 dport=55996 src=172.18.6.108 dst=88.107.207.44 sport=55996 dport=58841 [ASSURED] mark=1 use=2
tcp      6 33 SYN_SENT src=172.18.6.108 dst=70.79.134.59 sport=59411 dport=60858 [UNREPLIED] src=70.79.134.59 dst=172.18.6.108 sport=60858 dport=59411 mark=0 use=2
udp      17 50 src=101.108.99.106 dst=172.18.6.108 sport=12732 dport=55996 src=172.18.6.108 dst=101.108.99.106 sport=55996 dport=12732 [ASSURED] mark=1 use=2
udp      17 27 src=172.18.6.136 dst=224.0.0.1 sport=54774 dport=8612 [UNREPLIED] src=224.0.0.1 dst=172.18.6.136 sport=8612 dport=54774 mark=1 use=2
tcp      6 98 SYN_SENT src=172.18.6.108 dst=96.21.68.15 sport=38542 dport=6881 [UNREPLIED] src=96.21.68.15 dst=172.18.6.108 sport=6881 dport=38542 mark=0 use=2
udp      17 16 src=94.72.183.143 dst=172.18.6.108 sport=13943 dport=55996 src=172.18.6.108 dst=94.72.183.143 sport=55996 dport=13943 mark=1 use=2
udp      17 14 src=221.4.189.59 dst=172.18.6.108 sport=35681 dport=55996 src=172.18.6.108 dst=221.4.189.59 sport=55996 dport=35681 [ASSURED] mark=1 use=2
udp      17 117 src=92.84.93.162 dst=172.18.6.108 sport=62210 dport=55996 src=172.18.6.108 dst=92.84.93.162 sport=55996 dport=62210 [ASSURED] mark=1 use=2
udp      17 17 src=172.18.6.138 dst=224.0.0.251 sport=5353 dport=5353 [UNREPLIED] src=224.0.0.251 dst=172.18.6.138 sport=5353 dport=5353 mark=1 use=2
tcp      6 431999 ESTABLISHED src=172.18.6.136 dst=172.18.6.108 sport=53623 dport=22377 src=172.18.6.108 dst=172.18.6.136 sport=22377 dport=53623 [ASSURED] mark=1 use=2
udp      17 19 src=172.18.6.136 dst=172.18.6.255 sport=21025 dport=21025 [UNREPLIED] src=172.18.6.255 dst=172.18.6.136 sport=21025 dport=21025 mark=1 use=2
udp      17 1 src=1.164.118.46 dst=172.18.6.108 sport=10043 dport=55996 src=172.18.6.108 dst=1.164.118.46 sport=55996 dport=10043 mark=1 use=2
udp      17 5 src=172.18.6.136 dst=172.18.6.255 sport=52230 dport=8612 [UNREPLIED] src=172.18.6.255 dst=172.18.6.136 sport=8612 dport=52230 mark=1 use=2
udp      17 5 src=172.18.6.136 dst=224.0.0.1 sport=63185 dport=8612 [UNREPLIED] src=224.0.0.1 dst=172.18.6.136 sport=8612 dport=63185 mark=1 use=2
tcp      6 98 SYN_SENT src=172.18.6.108 dst=180.94.73.12 sport=55799 dport=39367 [UNREPLIED] src=180.94.73.12 dst=172.18.6.108 sport=39367 dport=55799 mark=0 use=2
udp      17 20 src=172.18.6.108 dst=124.180.255.79 sport=55996 dport=13135 [UNREPLIED] src=124.180.255.79 dst=172.18.6.108 sport=13135 dport=55996 mark=0 use=2
udp      17 22 src=163.179.222.28 dst=172.18.6.108 sport=13878 dport=55996 src=172.18.6.108 dst=163.179.222.28 sport=55996 dport=13878 [ASSURED] mark=1 use=2
udp      17 2 src=180.191.68.17 dst=172.18.6.108 sport=63286 dport=55996 src=172.18.6.108 dst=180.191.68.17 sport=55996 dport=63286 mark=1 use=2
udp      17 179 src=113.116.152.175 dst=172.18.6.108 sport=16001 dport=55996 src=172.18.6.108 dst=113.116.152.175 sport=55996 dport=16001 [ASSURED] mark=1 use=2
udp      17 13 src=109.172.46.156 dst=172.18.6.108 sport=62885 dport=55996 src=172.18.6.108 dst=109.172.46.156 sport=55996 dport=62885 mark=1 use=2
tcp      6 98 SYN_SENT src=172.18.6.108 dst=201.214.150.153 sport=33523 dport=27741 [UNREPLIED] src=201.214.150.153 dst=172.18.6.108 sport=27741 dport=33523 mark=0 use=2
udp      17 62 src=86.156.207.6 dst=172.18.6.108 sport=36670 dport=55996 src=172.18.6.108 dst=86.156.207.6 sport=55996 dport=36670 [ASSURED] mark=1 use=2
udp      17 8 src=46.0.85.255 dst=172.18.6.108 sport=20996 dport=55996 src=172.18.6.108 dst=46.0.85.255 sport=55996 dport=20996 mark=1 use=2
tcp      6 431865 ESTABLISHED src=172.18.6.136 dst=172.18.6.108 sport=53204 dport=445 src=172.18.6.108 dst=172.18.6.136 sport=445 dport=53204 [ASSURED] mark=1 use=2
udp      17 14 src=116.1.79.12 dst=172.18.6.108 sport=17410 dport=55996 src=172.18.6.108 dst=116.1.79.12 sport=55996 dport=17410 mark=1 use=2
udp      17 73 src=111.243.20.17 dst=172.18.6.108 sport=26103 dport=55996 src=172.18.6.108 dst=111.243.20.17 sport=55996 dport=26103 [ASSURED] mark=1 use=2
udp      17 7 src=172.18.6.108 dst=70.74.226.66 sport=55996 dport=47041 src=70.74.226.66 dst=172.18.6.108 sport=47041 dport=55996 [ASSURED] mark=1 use=2
udp      17 19 src=99.174.204.87 dst=172.18.6.108 sport=24356 dport=55996 src=172.18.6.108 dst=99.174.204.87 sport=55996 dport=24356 mark=1 use=2
udp      17 13 src=78.162.217.36 dst=172.18.6.108 sport=27627 dport=55996 src=172.18.6.108 dst=78.162.217.36 sport=55996 dport=27627 mark=1 use=2
udp      17 166 src=91.78.154.218 dst=172.18.6.108 sport=29954 dport=55996 src=172.18.6.108 dst=91.78.154.218 sport=55996 dport=29954 [ASSURED] mark=1 use=2
udp      17 127 src=213.242.26.169 dst=172.18.6.108 sport=38172 dport=55996 src=172.18.6.108 dst=213.242.26.169 sport=55996 dport=38172 [ASSURED] mark=1 use=2
udp      17 178 src=172.18.6.108 dst=186.35.92.48 sport=55996 dport=23710 src=186.35.92.48 dst=172.18.6.108 sport=23710 dport=55996 [ASSURED] mark=1 use=2
udp      17 131 src=91.134.65.240 dst=172.18.6.108 sport=17037 dport=55996 src=172.18.6.108 dst=91.134.65.240 sport=55996 dport=17037 [ASSURED] mark=1 use=2
udp      17 156 src=90.154.64.18 dst=172.18.6.108 sport=23361 dport=55996 src=172.18.6.108 dst=90.154.64.18 sport=55996 dport=23361 [ASSURED] mark=1 use=2
udp      17 22 src=182.219.85.241 dst=172.18.6.108 sport=52225 dport=55996 src=172.18.6.108 dst=182.219.85.241 sport=55996 dport=52225 [ASSURED] mark=1 use=2
udp      17 18 src=177.94.220.41 dst=172.18.6.108 sport=1674 dport=55996 src=172.18.6.108 dst=177.94.220.41 sport=55996 dport=1674 [ASSURED] mark=1 use=2
udp      17 174 src=176.100.221.162 dst=172.18.6.108 sport=35827 dport=55996 src=172.18.6.108 dst=176.100.221.162 sport=55996 dport=35827 [ASSURED] mark=1 use=2
udp      17 19 src=172.18.6.136 dst=172.18.6.255 sport=52360 dport=8612 [UNREPLIED] src=172.18.6.255 dst=172.18.6.136 sport=8612 dport=52360 mark=1 use=2
udp      17 1 src=178.94.218.223 dst=172.18.6.108 sport=6881 dport=55996 src=172.18.6.108 dst=178.94.218.223 sport=55996 dport=6881 mark=1 use=2
udp      17 27 src=172.18.6.136 dst=172.18.6.255 sport=58727 dport=8612 [UNREPLIED] src=172.18.6.255 dst=172.18.6.136 sport=8612 dport=58727 mark=1 use=2
udp      17 135 src=91.105.177.49 dst=172.18.6.108 sport=48771 dport=55996 src=172.18.6.108 dst=91.105.177.49 sport=55996 dport=48771 [ASSURED] mark=1 use=2
udp      17 142 src=58.136.145.165 dst=172.18.6.108 sport=21454 dport=55996 src=172.18.6.108 dst=58.136.145.165 sport=55996 dport=21454 [ASSURED] mark=1 use=2
udp      17 26 src=94.236.129.254 dst=172.18.6.108 sport=57009 dport=55996 src=172.18.6.108 dst=94.236.129.254 sport=55996 dport=57009 mark=1 use=2
udp      17 20 src=91.105.156.79 dst=172.18.6.108 sport=30693 dport=55996 src=172.18.6.108 dst=91.105.156.79 sport=55996 dport=30693 mark=1 use=2
udp      17 136 src=39.72.53.63 dst=172.18.6.108 sport=16001 dport=55996 src=172.18.6.108 dst=39.72.53.63 sport=55996 dport=16001 [ASSURED] mark=1 use=2
udp      17 5 src=124.6.181.51 dst=172.18.6.108 sport=11015 dport=55996 src=172.18.6.108 dst=124.6.181.51 sport=55996 dport=11015 mark=1 use=2
udp      17 162 src=124.122.163.89 dst=172.18.6.108 sport=31285 dport=55996 src=172.18.6.108 dst=124.122.163.89 sport=55996 dport=31285 [ASSURED] mark=1 use=2
udp      17 63 src=114.121.130.127 dst=172.18.6.108 sport=6881 dport=55996 src=172.18.6.108 dst=114.121.130.127 sport=55996 dport=6881 [ASSURED] mark=1 use=2
udp      17 116 src=119.246.239.75 dst=172.18.6.108 sport=26777 dport=55996 src=172.18.6.108 dst=119.246.239.75 sport=55996 dport=26777 [ASSURED] mark=1 use=2
udp      17 35 src=172.18.6.108 dst=91.121.113.58 sport=53580 dport=53 src=91.121.113.58 dst=172.18.6.108 sport=53 dport=53580 [ASSURED] mark=1 use=2
udp      17 19 src=172.18.6.136 dst=224.0.0.1 sport=54494 dport=8612 [UNREPLIED] src=224.0.0.1 dst=172.18.6.136 sport=8612 dport=54494 mark=1 use=2
udp      17 28 src=172.18.6.108 dst=172.18.6.1 sport=40536 dport=5351 src=172.18.6.1 dst=172.18.6.108 sport=5351 dport=40536 mark=1 use=2
udp      17 142 src=172.18.6.108 dst=216.151.172.98 sport=55996 dport=6969 src=216.151.172.98 dst=172.18.6.108 sport=6969 dport=55996 [ASSURED] mark=1 use=2
tcp      6 98 SYN_SENT src=172.18.6.108 dst=71.196.1.147 sport=40630 dport=10378 [UNREPLIED] src=71.196.1.147 dst=172.18.6.108 sport=10378 dport=40630 mark=0 use=2
udp      17 100 src=172.18.6.108 dst=46.246.53.144 sport=55996 dport=51413 src=46.246.53.144 dst=172.18.6.108 sport=51413 dport=55996 [ASSURED] mark=1 use=2
udp      17 26 src=172.18.6.108 dst=86.75.230.80 sport=55996 dport=28838 src=86.75.230.80 dst=172.18.6.108 sport=28838 dport=55996 mark=1 use=2
udp      17 19 src=172.18.6.108 dst=93.141.154.64 sport=55996 dport=55207 [UNREPLIED] src=93.141.154.64 dst=172.18.6.108 sport=55207 dport=55996 mark=0 use=2
udp      17 150 src=72.182.78.53 dst=172.18.6.108 sport=45540 dport=55996 src=172.18.6.108 dst=72.182.78.53 sport=55996 dport=45540 [ASSURED] mark=1 use=2
udp      17 171 src=112.159.160.44 dst=172.18.6.108 sport=52525 dport=55996 src=172.18.6.108 dst=112.159.160.44 sport=55996 dport=52525 [ASSURED] mark=1 use=2
udp      17 110 src=93.80.37.163 dst=172.18.6.108 sport=17960 dport=55996 src=172.18.6.108 dst=93.80.37.163 sport=55996 dport=17960 [ASSURED] mark=1 use=2
udp      17 163 src=24.222.241.113 dst=172.18.6.108 sport=57521 dport=55996 src=172.18.6.108 dst=24.222.241.113 sport=55996 dport=57521 [ASSURED] mark=1 use=2
udp      17 169 src=128.68.157.162 dst=172.18.6.108 sport=38605 dport=55996 src=172.18.6.108 dst=128.68.157.162 sport=55996 dport=38605 [ASSURED] mark=1 use=2
udp      17 118 src=172.18.6.108 dst=188.173.238.166 sport=55996 dport=19610 src=188.173.238.166 dst=172.18.6.108 sport=19610 dport=55996 [ASSURED] mark=1 use=2
udp      17 28 src=172.18.6.121 dst=224.0.0.251 sport=5353 dport=5353 [UNREPLIED] src=224.0.0.251 dst=172.18.6.121 sport=5353 dport=5353 mark=1 use=2
udp      17 12 src=172.18.6.136 dst=224.0.0.1 sport=51124 dport=8612 [UNREPLIED] src=224.0.0.1 dst=172.18.6.136 sport=8612 dport=51124 mark=1 use=2
tcp      6 81 TIME_WAIT src=172.18.6.108 dst=207.237.105.203 sport=50409 dport=60111 src=207.237.105.203 dst=172.18.6.108 sport=60111 dport=50409 [ASSURED] mark=1 use=2
udp      17 177 src=172.18.6.108 dst=MYVPNIP sport=54433 dport=443 src=MYVPNIP dst=172.18.6.108 sport=443 dport=54433 [ASSURED] mark=1 use=2
udp      17 15 src=188.162.132.51 dst=172.18.6.108 sport=17694 dport=55996 src=172.18.6.108 dst=188.162.132.51 sport=55996 dport=17694 mark=1 use=2
tcp      6 431999 ESTABLISHED src=172.18.6.136 dst=172.18.6.108 sport=53241 dport=22 src=172.18.6.108 dst=172.18.6.136 sport=22 dport=53241 [ASSURED] mark=1 use=2
udp      17 14 src=172.18.6.108 dst=86.210.42.212 sport=55996 dport=20440 src=86.210.42.212 dst=172.18.6.108 sport=20440 dport=55996 mark=1 use=2

IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 172.18.6.108/24 brd 172.18.6.255 scope global dynamic eth0
       valid_lft 83221sec preferred_lft 83221sec
21: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    inet 10.9.0.245 peer 10.9.0.246/32 scope global tun0
       valid_lft forever preferred_lft forever

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    1276       22       0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    1276       22       0       0       0       0       
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 32
    link/ether b2:fb:bb:1d:3d:f7 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0       
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 32
    link/ether 76:fe:2c:3e:19:ea brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0       
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether b8:27:eb:24:fc:2c brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    1694787272 1877763  0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    823125108  1252161  0       0       0       0       
21: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 100
    link/none 
    RX: bytes  packets  errors  dropped overrun mcast   
    116        2        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0       

Routing Rules

0:	from all lookup local 
999:	from all lookup main 
10000:	from all fwmark 0x1/0xff lookup Coop 
10001:	from all fwmark 0x2/0xff lookup VPN 
20000:	from 172.18.6.108 lookup Coop 
20000:	from 10.9.0.245 lookup VPN 
32765:	from all lookup balance 
32767:	from all lookup default 

Table Coop:

172.18.6.1 dev eth0 scope link src 172.18.6.108
default via 172.18.6.1 dev eth0 src 172.18.6.108

Table VPN:


Table balance:

default via 172.18.6.1 dev eth0

Table default:


Table local:

local 172.18.6.108 dev eth0 proto kernel scope host src 172.18.6.108
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.9.0.245 dev tun0 proto kernel scope host src 10.9.0.245
broadcast 172.18.6.255 dev eth0 proto kernel scope link src 172.18.6.108
broadcast 172.18.6.0 dev eth0 proto kernel scope link src 172.18.6.108
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1

Table main:

172.18.6.1 dev eth0 scope link src 172.18.6.108
172.18.6.1 dev eth0 proto dhcp scope link src 172.18.6.108 metric 1024
10.9.0.246 dev tun0 proto kernel scope link src 10.9.0.245
172.18.6.0/24 dev eth0 proto kernel scope link src 172.18.6.108

Per-IP Counters

   iptaccount is not installed

NF Accounting

No NF Accounting defined (nfacct not found)

Events


/proc

   /proc/version = Linux version 3.18.9-1-ARCH (builduser@leming) (gcc version 4.9.2 20141224 (prerelease) (GCC) ) #1 SMP PREEMPT Sat Mar 7 17:51:53 MST 2015
   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 0
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/default/log_martians = 1
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/log_martians = 0
   /proc/sys/net/ipv4/conf/ifb0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/ifb0/arp_filter = 0
   /proc/sys/net/ipv4/conf/ifb0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/ifb0/rp_filter = 0
   /proc/sys/net/ipv4/conf/ifb0/log_martians = 1
   /proc/sys/net/ipv4/conf/ifb1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/ifb1/arp_filter = 0
   /proc/sys/net/ipv4/conf/ifb1/arp_ignore = 0
   /proc/sys/net/ipv4/conf/ifb1/rp_filter = 0
   /proc/sys/net/ipv4/conf/ifb1/log_martians = 1
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/log_martians = 1
   /proc/sys/net/ipv4/conf/tun0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/tun0/arp_filter = 0
   /proc/sys/net/ipv4/conf/tun0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/tun0/rp_filter = 0
   /proc/sys/net/ipv4/conf/tun0/log_martians = 1

ARP

? (172.18.6.136) at 00:14:bf:c8:07:71 [ether] on eth0
? (172.18.6.121) at 00:e0:4c:1d:2d:31 [ether] on eth0
? (172.18.6.1) at 00:0f:66:36:6d:33 [ether] on eth0

Modules

ip_tables              12222  4 iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_MASQUERADE          1074  1 
ipt_REJECT              1482  4 
ipt_rpfilter            1776  0 
iptable_filter          1576  1 
iptable_mangle          1571  1 
iptable_nat             1687  1 
iptable_raw             1374  0 
nf_conntrack           98622  20 xt_CT,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,nf_nat,xt_connlimit,nf_nat_ipv4,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda     2796  0 
nf_conntrack_broadcast     1243  2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp        6642  0 
nf_conntrack_h323      46144  0 
nf_conntrack_ipv4      13568  17 
nf_conntrack_irc        4306  0 
nf_conntrack_netbios_ns     1198  0 
nf_conntrack_pptp       5179  0 
nf_conntrack_proto_gre     5666  1 nf_conntrack_pptp
nf_conntrack_sane       3846  0 
nf_conntrack_sip       21511  0 
nf_conntrack_snmp       1576  0 
nf_conntrack_tftp       3724  0 
nf_defrag_ipv4          1554  2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6         14965  1 xt_TPROXY
nf_log_common           4081  1 nf_log_ipv4
nf_log_ipv4             4589  9 
nf_nat                 15334  3 nf_nat_ipv4,xt_nat,nf_nat_masquerade_ipv4
nf_nat_ipv4             5568  1 iptable_nat
nf_nat_masquerade_ipv4     2728  1 ipt_MASQUERADE
nf_reject_ipv4          2619  1 ipt_REJECT
xt_CHECKSUM             1212  0 
xt_CLASSIFY              946  0 
xt_CT                   4125  0 
xt_DSCP                 1895  0 
xt_LOG                  1236  9 
xt_NFLOG                1048  0 
xt_NFQUEUE              2492  0 
xt_TPROXY               5000  0 
xt_addrtype             2770  5 
xt_comment               855  8 
xt_connlimit            5239  0 
xt_connmark             1693  3 
xt_conntrack            2943  13 
xt_dscp                 1555  0 
xt_hashlimit            8574  0 
xt_iprange              1480  0 
xt_length               1111  0 
xt_mark                 1074  10 
xt_multiport            1656  2 
xt_nat                  1659  0 
xt_owner                1277  1 
xt_physdev              1859  0 
xt_pkttype               995  0 
xt_policy               2563  0 
xt_realm                 897  0 
xt_recent               9648  1 
xt_statistic            1258  0 
xt_tcpmss               1320  0 
xt_tcpudp               2094  15 
xt_time                 2310  0 

Shorewall has detected the following iptables/netfilter capabilities:
   ACCOUNT Target (ACCOUNT_TARGET): Not available
   AUDIT Target (AUDIT_TARGET): Not available
   Address Type Match (ADDRTYPE): Available
   Amanda Helper: Available
   Arptables JF: Not available
   Basic Ematch (BASIC_EMATCH): Available
   Basic Filter (BASIC_FILTER): Available
   CLASSIFY Target (CLASSIFY_TARGET): Available
   CONNMARK Target (CONNMARK): Available
   CT Target (CT_TARGET): Available
   Capabilities Version (CAPVERSION): 40606
   Checksum Target: Available
   Comments (COMMENTS): Available
   Condition Match (CONDITION_MATCH): Not available
   Connection Tracking Match (CONNTRACK_MATCH): Available
   Connlimit Match (CONNLIMIT_MATCH): Available
   Connmark Match (CONNMARK_MATCH): Available
   DSCP Match (DSCP_MATCH): Available
   DSCP Target (DSCP_TARGET): Available
   Enhanced Multi-port Match (EMULIPORT): Available
   Extended CONNMARK Target (XCONNMARK): Available
   Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
   Extended Connmark Match (XCONNMARK_MATCH): Available
   Extended MARK Target (XMARK): Available
   Extended MARK Target 2 (EXMARK): Available
   Extended Multi-port Match (XMULIPORT): Available
   Extended REJECT (ENHANCED_REJECT): Available
   FLOW Classifier (FLOW_FILTER): Available
   FTP Helper: Available
   FTP-0 Helper: Not available
   Geo IP match: Not available
   Goto Support (GOTO_TARGET): Available
   H323 Helper: Available
   Hashlimit Match (HASHLIMIT_MATCH): Available
   Header Match (HEADER_MATCH): Not available
   Helper Match (HELPER_MATCH): Available
   IMQ Target (IMQ_TARGET): Not available
   IP range Match(IPRANGE_MATCH): Available
   IPMARK Target (IPMARK_TARGET): Not available
   IPP2P Match (IPP2P_MATCH): Not available
   IRC Helper: Available
   IRC-0 Helper: Not available
   Iface Match: Not available
   Kernel Version (KERNELVERSION): 31809
   LOG Target (LOG_TARGET): Available
   LOGMARK Target (LOGMARK_TARGET): Not available
   MARK Target (MARK): Available
   MASQUERADE Target: Available
   Mangle FORWARD Chain (MANGLE_FORWARD): Available
   Mark in the filter table (MARK_ANYWHERE): Available
   Multi-port Match (MULTIPORT): Available
   NAT (NAT_ENABLED): Available
   NFAcct match: Not available
   NFLOG Target (NFLOG_TARGET): Available
   NFQUEUE Target (NFQUEUE_TARGET): Available
   Netbios_ns Helper: Available
   New tos Match: Available
   Owner Match (OWNER_MATCH): Available
   Owner Name Match (OWNER_NAME_MATCH): Available
   PPTP Helper: Available
   Packet Mangling (MANGLE_ENABLED): Available
   Packet Type Match (USEPKTTYPE): Available
   Packet length Match (LENGTH_MATCH): Available
   Persistent SNAT (PERSISTENT_SNAT): Available
   Physdev Match (PHYSDEV_MATCH): Available
   Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
   Policy Match (POLICY_MATCH): Available
   RPFilter match: Available
   Raw Table (RAW_TABLE): Available
   Rawpost Table (RAWPOST_TABLE): Not available
   Realm Match (REALM_MATCH): Available
   Recent Match "--reap" option (REAP_OPTION): Available
   Recent Match (RECENT_MATCH): Available
   Repeat match (KLUDGEFREE): Available
   SANE Helper: Available
   SANE-0 Helper: Not available
   SIP Helper: Available
   SIP-0 Helper: Not available
   SNMP Helper: Available
   Statistic Match (STATISTIC_MATCH): Available
   TARPIT Target: Not available
   TCPMSS Match (TCPMSS_MATCH): Available
   TFTP Helper: Available
   TFTP-0 Helper: Not available
   TPROXY Target (TPROXY_TARGET): Available
   Time Match (TIME_MATCH): Available
   UDPLITE Port Redirection: Not available
   ULOG Target (ULOG_TARGET): Not available
   fwmark route mask (FWMARK_RT_MASK): Available
   ipset V5 (IPSET_V5): Not available
   iptables -S (IPTABLES_S): Available

Netid  State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
tcp    LISTEN     0      128       *:22377                 *:*                   users:(("transmission-da",pid=199,fd=12))
tcp    LISTEN     0      50     172.18.6.108:139                   *:*                   users:(("smbd",pid=248,fd=37))
tcp    LISTEN     0      128       *:22                    *:*                   users:(("sshd",pid=198,fd=3))
tcp    LISTEN     0      5         *:631                   *:*                   users:(("cupsd",pid=187,fd=11))
tcp    LISTEN     0      128       *:55996                 *:*                   users:(("transmission-da",pid=199,fd=13))
tcp    LISTEN     0      50     172.18.6.108:445                   *:*                   users:(("smbd",pid=248,fd=36))
tcp    ESTAB      0      0      172.18.6.108:22                 172.18.6.136:53241               users:(("sshd",pid=20260,fd=3),("sshd",pid=20258,fd=3))
tcp    ESTAB      0      26535  172.18.6.108:22377              172.18.6.136:53623               users:(("transmission-da",pid=199,fd=17))
tcp    ESTAB      0      0      172.18.6.108:445                172.18.6.136:53204               users:(("smbd",pid=20245,fd=39))

Traffic Control

Device eth0:
qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 1526 target 5.0ms interval 100.0ms ecn 
 Sent 808184275 bytes 1252214 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 
  maxpacket 1514 drop_overlimit 0 new_flow_count 982 ecn_mark 0
  new_flows_len 0 old_flows_len 0


Device tun0:
qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 1500 target 5.0ms interval 100.0ms ecn 
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 
  maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0



TC Filters

Device eth0:

Device tun0:

