Shorewall 4.5.21.6 Dump at cem01fw - Sat Oct 17 09:18:46 UTC 2015

Shorewall is running
State:Started (Fri Oct 16 14:10:46 UTC 2015) from /etc/shorewall/
/var/lib/shorewall/firewall was compiled by Shorewall version 4.5.21.6
Counters reset Fri Oct 16 14:10:46 UTC 2015

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CEM092Fwall  all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
 154K   15M vlan1_in   all  --  vlan1  *       0.0.0.0/0            0.0.0.0/0           
23984 2332K CEM502Fwall  all  --  vlan3  *       0.0.0.0/0            0.0.0.0/0           
18396   15M NCI012Fwall  all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
   20  1520 MAF012Fwall  all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0           
    0     0 UNI012Fwall  all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
16055 4444K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:INPUT:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 316K   16M TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 TCPMSS clamp to PMTU
 3541 1247K CEM09_frwd  all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
1221K  121M vlan1_fwd  all  --  vlan1  *       0.0.0.0/0            0.0.0.0/0           
1777K 1564M CEM50_frwd  all  --  vlan3  *       0.0.0.0/0            0.0.0.0/0           
 5581  400K NCI01_frwd  all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 MAF01_frwd  all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0           
    0     0 UNI01_frwd  all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
 3580  340K vlan1_out  all  --  *      vlan1   0.0.0.0/0            0.0.0.0/0           
 118K   16M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain Broadcast (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  252 24056 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
  112  3360 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST

Chain CEM012CEM09 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1614  832K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.48-10.0.69.63
   27  1296 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 multiport dports 22,21,3389 /* SSH, FTP, RDP */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 udp dpt:1194 /* OpenVPN */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 993,587 /* IMAPS, Submission */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 135,3268
    0     0 ACCEPT     udp  --  *      *       10.0.69.128/27       0.0.0.0/0            udp dpt:192
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 tcp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:123 /* NTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 443,80 /* HTTPS, HTTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 143,220,993
    0     0 ACCEPT     udp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 110,135,143,587,808,993,995,3268,20,21,115,989,990
    0     0 ACCEPT     all  --  *      *       10.0.69.2            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       10.0.69.2            0.0.0.0/0            tcp dpt:25 /* SMTP */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM012CEM09:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM012CEM50 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
1184K  117M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
33159 2199K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 multiport dports 22,21,3389 /* SSH, FTP, RDP */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 udp dpt:1194 /* OpenVPN */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 993,587 /* IMAPS, Submission */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 135,3268
    0     0 ACCEPT     udp  --  *      *       10.0.69.128/27       0.0.0.0/0            udp dpt:192
    0     0 ACCEPT     all  --  *      *       10.0.69.0/24         10.20.200.128/25    
    0     0 ACCEPT     all  --  *      *       10.0.70.0/24         10.20.200.128/25    
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.20.20.0/30        source IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22,443,80,43,21,1024:65535 /* SSH, HTTPS, HTTP, Whois, FTP and others */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 tcp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:123 /* NTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 443,80 /* HTTPS, HTTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 143,220,993
    0     0 ACCEPT     udp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 110,135,143,587,808,993,995,3268,20,21,115,989,990
    0     0 ACCEPT     all  --  *      *       10.0.69.2            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       10.0.69.2            0.0.0.0/0            tcp dpt:25 /* SMTP */
    0     0 ACCEPT     all  --  *      *       10.0.69.20           10.20.0.1           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM012CEM50:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM012Fwall (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   66  5421 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 148K   15M ACCEPT     all  --  *      *       10.0.0.0/16          0.0.0.0/0           
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 multiport dports 22,21,3389 /* SSH, FTP, RDP */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 udp dpt:1194 /* OpenVPN */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 993,587 /* IMAPS, Submission */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 135,3268
    0     0 ACCEPT     udp  --  *      *       10.0.69.128/27       0.0.0.0/0            udp dpt:192
    0     0 allowBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 4/min burst 5
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain CEM012MAF01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 multiport dports 22,21,3389 /* SSH, FTP, RDP */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 udp dpt:1194 /* OpenVPN */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 993,587 /* IMAPS, Submission */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 135,3268
    0     0 ACCEPT     udp  --  *      *       10.0.69.128/27       0.0.0.0/0            udp dpt:192
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 destination IP range 192.168.11.200-192.169.11.208
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            192.168.11.249       source IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22,443,80,43,21 /* SSH, HTTPS, HTTP, Whois, FTP */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 tcp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:123 /* NTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 443,80 /* HTTPS, HTTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 143,220,993
    0     0 ACCEPT     udp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 110,135,143,587,808,993,995,3268,20,21,115,989,990
    0     0 ACCEPT     all  --  *      *       10.0.69.2            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       10.0.69.2            0.0.0.0/0            tcp dpt:25 /* SMTP */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM012MAF01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM012NCI01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 multiport dports 22,21,3389 /* SSH, FTP, RDP */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 udp dpt:1194 /* OpenVPN */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 993,587 /* IMAPS, Submission */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 135,3268
    0     0 ACCEPT     udp  --  *      *       10.0.69.128/27       0.0.0.0/0            udp dpt:192
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 tcp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:123 /* NTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 443,80 /* HTTPS, HTTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 143,220,993
    0     0 ACCEPT     udp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 110,135,143,587,808,993,995,3268,20,21,115,989,990
    0     0 ACCEPT     all  --  *      *       10.0.69.2            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            70.38.15.82          source IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       10.0.69.2            0.0.0.0/0            tcp dpt:25 /* SMTP */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM012NCI01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM012UNI01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 multiport dports 22,21,3389 /* SSH, FTP, RDP */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.63 udp dpt:1194 /* OpenVPN */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 993,587 /* IMAPS, Submission */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.128/27       0.0.0.0/0            multiport dports 135,3268
    0     0 ACCEPT     udp  --  *      *       10.0.69.128/27       0.0.0.0/0            udp dpt:192
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 tcp dpt:53 /* DNS */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.7 udp dpt:123 /* NTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 443,80 /* HTTPS, HTTP */
    0     0 ACCEPT     tcp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 143,220,993
    0     0 ACCEPT     udp  --  *      *       10.0.69.0/24         0.0.0.0/0            multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 53,88,389
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 10.0.69.1-10.0.69.31 multiport dports 110,135,143,587,808,993,995,3268,20,21,115,989,990
    0     0 ACCEPT     all  --  *      *       10.0.69.2            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            70.38.15.82          source IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       10.0.69.2            0.0.0.0/0            tcp dpt:25 /* SMTP */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM012UNI01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM01_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1641  834K CEM012CEM09  all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      vlan1   0.0.0.0/0            10.0.69.0/24        
  115 12078 ACCEPT     all  --  *      vlan1   0.0.0.0/0            10.0.70.0/24        
1217K  120M CEM012CEM50  all  --  *      vlan3   0.0.0.0/0            0.0.0.0/0           
    0     0 CEM012NCI01  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 CEM012MAF01  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           
    0     0 CEM012UNI01  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           

Chain CEM092CEM01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 3478 1244K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   63  3418 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            destination IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     tcp  --  *      *       72.1.218.10          10.0.69.2            multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       72.1.218.15          10.0.69.2            multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       64.26.186.173        10.0.69.2            multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.2            multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       10.20.0.0/16         0.0.0.0/0            tcp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       10.20.0.0/16         0.0.0.0/0            udp dpts:1024:65535
    0     0 ACCEPT     tcp  --  *      *       10.20.0.0/16         0.0.0.0/0            multiport dports 22,443,80,43 /* SSH, HTTPS, HTTP, Whois */
    0     0 ACCEPT     udp  --  *      *       10.20.0.0/16         0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       10.20.0.0/16         0.0.0.0/0            multiport dports 53,21,3389,10000 /* DNS, FTP, RDP, Webmin */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.2            tcp dpt:25 /* SMTP */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM092CEM01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM092CEM11 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.0.70.0/24        
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM092CEM11:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM092CEM50 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM092CEM50:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM092Fwall (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain CEM092MAF01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM092MAF01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM092NCI01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM092NCI01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM092UNI01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM092UNI01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM09_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   63  3418 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
 3541 1247K CEM092CEM01  all  --  *      vlan1   0.0.0.0/0            10.0.69.0/24        
    0     0 CEM092CEM11  all  --  *      vlan1   0.0.0.0/0            10.0.70.0/24        
    0     0 CEM092CEM50  all  --  *      vlan3   0.0.0.0/0            0.0.0.0/0           
    0     0 CEM092NCI01  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 CEM092MAF01  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           
    0     0 CEM092UNI01  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           

Chain CEM112CEM50 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1413  275K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   20  1040 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       10.0.70.0/24         0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM112CEM50:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM112MAF01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM112MAF01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM11_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
  192 59580 ACCEPT     all  --  *      vlan1   0.0.0.0/0            10.0.69.0/24        
    0     0 ACCEPT     all  --  *      vlan1   0.0.0.0/0            10.0.70.0/24        
 1433  276K CEM112CEM50  all  --  *      vlan3   0.0.0.0/0            0.0.0.0/0           
   66 18425 ~comb1     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 CEM112MAF01  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           
    0     0 ~comb1     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           

Chain CEM502CEM01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
1248K 1526M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
12758  665K ACCEPT     all  --  *      *       10.1.0.0/23          0.0.0.0/0           
   69  4496 ACCEPT     all  --  *      *       10.1.8.0/21          0.0.0.0/0           
  110  125K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            destination IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     all  --  *      *       192.168.6.48/28      0.0.0.0/0            destination IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     all  --  *      *       192.168.7.186        10.0.69.20          
    0     0 ACCEPT     all  --  *      *       192.168.7.186        10.0.69.1           
    0     0 ACCEPT     all  --  *      *       10.20.200.128/25     10.0.69.0/24        
    0     0 ACCEPT     all  --  *      *       10.20.200.128/25     10.0.70.0/24        
    0     0 ACCEPT     all  --  *      *       10.20.20.0/30        0.0.0.0/0            destination IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     udp  --  *      *       192.168.7.186        10.0.69.20          
    0     0 ACCEPT     tcp  --  *      *       72.1.218.10          10.0.69.2            multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       72.1.218.15          10.0.69.2            multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       64.26.186.173        10.0.69.2            multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:1024:65535
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.2            tcp dpt:25 /* SMTP */
    0     0 ACCEPT     all  --  *      *       10.20.0.1            10.0.69.20          
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM502CEM01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM502CEM09 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       10.1.0.0/23          0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       10.1.8.0/21          0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM502CEM09:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM502CEM11 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1396  148K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   47  2336 ACCEPT     all  --  *      *       10.1.0.0/23          0.0.0.0/0           
    8   640 ACCEPT     all  --  *      *       10.1.8.0/21          0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.0.70.0/24        
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM502CEM11:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM502Fwall (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 9354 1190K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
14630 1141K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 1303 91003 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
   11   628 ACCEPT     all  --  *      *       10.1.0.0/23          0.0.0.0/0           
 8039 1099K ACCEPT     all  --  *      *       10.1.8.0/21          0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       10.20.200.0/24       0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       192.168.6.48/28      0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       10.20.200.128/25     0.0.0.0/0           
    1    76 ACCEPT     udp  --  *      *       192.168.7.186        0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:1024:65535
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:1024:65535
    0     0 allowBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 4/min burst 5
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM502Fwall:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM502MAF01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       10.1.0.0/23          0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       10.1.8.0/21          0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM502MAF01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM502NCI01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       10.1.0.0/23          0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       10.1.8.0/21          0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22,443,80,43 /* SSH, HTTPS, HTTP, Whois */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 53,21 /* DNS, FTP */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM502NCI01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM502UNI01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       10.1.0.0/23          0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       10.1.8.0/21          0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:CEM502UNI01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain CEM50_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 480K   36M dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 CEM502CEM09  all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
1261K 1526M CEM502CEM01  all  --  *      vlan1   0.0.0.0/0            10.0.69.0/24        
 1451  151K CEM502CEM11  all  --  *      vlan1   0.0.0.0/0            10.0.70.0/24        
 514K   37M ACCEPT     all  --  *      vlan3   0.0.0.0/0            0.0.0.0/0           
    0     0 CEM502NCI01  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 CEM502MAF01  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           
    0     0 CEM502UNI01  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           

Chain Drop (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3 code 4 /* Needed ICMP types */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11 /* Needed ICMP types */
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:137:139 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:137 dpts:1024:65535 /* SMB */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,139,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900 /* UPnP */
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 /* Late DNS Replies */

Chain MAF012CEM01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       192.168.11.200       0.0.0.0/0            destination IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     all  --  *      *       192.168.11.201       0.0.0.0/0            destination IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     all  --  *      *       192.168.11.206       0.0.0.0/0            destination IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     all  --  *      *       192.168.11.246       0.0.0.0/0            destination IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     all  --  *      *       192.168.11.247       0.0.0.0/0            destination IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     all  --  *      *       192.168.11.248       0.0.0.0/0            destination IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.11.200-192.169.11.208 destination IP range 10.0.69.1-10.0.69.63
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.0.69.20           source IP range 192.168.11.200-192.169.11.208
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:MAF012CEM01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain MAF012CEM09 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:MAF012CEM09:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain MAF012CEM11 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:MAF012CEM11:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain MAF012CEM50 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:MAF012CEM50:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain MAF012Fwall (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   20  1520 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
   20  1520 allowBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 4/min burst 5
   20  1520 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   20  1520 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:MAF012Fwall:REJECT:"
   20  1520 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain MAF012NCI01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:MAF012NCI01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain MAF012UNI01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:MAF012UNI01:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain MAF01_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 MAF012CEM09  all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
    0     0 MAF012CEM01  all  --  *      vlan1   0.0.0.0/0            10.0.69.0/24        
    0     0 MAF012CEM11  all  --  *      vlan1   0.0.0.0/0            10.0.70.0/24        
    0     0 MAF012CEM50  all  --  *      vlan3   0.0.0.0/0            0.0.0.0/0           
    0     0 MAF012NCI01  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           
    0     0 MAF012UNI01  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           

Chain NCI012CEM01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       72.1.218.10          10.0.69.2            ctorigdst 10.99.99.106 multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       72.1.218.15          10.0.69.2            ctorigdst 10.99.99.106 multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       64.26.186.173        10.0.69.2            ctorigdst 10.99.99.106 multiport dports 25,465
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.2            ctorigdst 10.99.99.106 multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.3            ctorigdst 10.99.99.108 multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.20           ctorigdst 10.99.99.109 multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.15           ctorigdst 10.99.99.106 tcp dpt:80 ctorigdstport 8032
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.15           ctorigdst 10.99.99.106 multiport dports 1720,3230:3235
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            10.0.69.15           ctorigdst 10.99.99.106 udp dpts:3230:3253
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.0.69.15           ctorigdst 10.99.99.106 tcp dpt:5500 ctorigdstport 5664
    0     0 ACCEPT     all  --  *      *       10.99.99.104/29     0.0.0.0/0            destination IP range 10.0.69.48-10.0.69.63
    0     0 ACCEPT     udp  --  *      *       70.38.15.82          10.0.69.20           ctorigdst 10.99.99.106 udp dpt:4569
    0     0 ACCEPT     all  --  *      *       70.38.15.82          0.0.0.0/0            destination IP range 10.0.69.1-10.0.69.31
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain NCI012Fwall (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1437  143K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
16959   15M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    6   382 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 53,5000 /* DNS and others */
    1    30 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5000
    0     0 ACCEPT     all  --  *      *       70.38.15.82          0.0.0.0/0           
    7   332 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.99.99.107        tcp dpt:443 /* HTTPS */
   30  1642 ~log1      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  icmptype 8 /* Ping */
 1393  141K Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  608 84725 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain NCI01_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5581  400K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 ~comb1     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
    0     0 NCI012CEM01  all  --  *      vlan1   0.0.0.0/0            10.0.69.0/24        
    0     0 ~comb1     all  --  *      vlan1   0.0.0.0/0            10.0.70.0/24        
 5581  400K ~comb0     all  --  *      vlan3   0.0.0.0/0            0.0.0.0/0           
    0     0 ~comb1     all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           
    0     0 ~comb1     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           

Chain Reject (34 references)
 pkts bytes target     prot opt in     out     source               destination         
 1479  161K            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1479  161K Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3 code 4 /* Needed ICMP types */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11 /* Needed ICMP types */
  388 27651 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,445 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:137:139 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:137 dpts:1024:65535 /* SMB */
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 135,139,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900 /* UPnP */
   33  1320 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 /* Late DNS Replies */

Chain UNI012CEM01 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       70.38.15.82          10.0.69.20           udp dpt:4569
    0     0 ACCEPT     all  --  *      *       70.38.15.82          0.0.0.0/0            destination IP range 10.0.69.1-10.0.69.31
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain UNI012Fwall (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 /* DNS */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 /* DNS */
    0     0 ACCEPT     all  --  *      *       70.38.15.82          0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.99.99.107        tcp dpt:443 /* HTTPS */
    0     0 ~log0      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  icmptype 8 /* Ping */
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain UNI01_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 sfilter    all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    0     0 ~comb1     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
    0     0 UNI012CEM01  all  --  *      vlan1   0.0.0.0/0            10.0.69.0/24        
    0     0 ~comb1     all  --  *      vlan1   0.0.0.0/0            10.0.70.0/24        
    0     0 ~comb0     all  --  *      vlan3   0.0.0.0/0            0.0.0.0/0           
    0     0 ~comb1     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 ~comb1     all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           

Chain allowBcast (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.0/4         

Chain dynamic (12 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain reject (39 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type BROADCAST
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0           
  376 18724 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
  318 85946 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain sfilter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

Chain vlan1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
33464 2277K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
1219K  120M CEM01_frwd  all  --  *      *       10.0.69.0/24         0.0.0.0/0           
 1691  354K CEM11_frwd  all  --  *      *       10.0.70.0/24         0.0.0.0/0           

Chain vlan1_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 154K   15M dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
  301  104K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
    0     0 ACCEPT     udp  --  *      *       0.0.0.0              0.0.0.0/0            udp dpts:67:68
 148K   15M CEM012Fwall  all  --  *      *       10.0.69.0/24         0.0.0.0/0           
 4867  357K ACCEPT     all  --  *      *       10.0.70.0/24         0.0.0.0/0           

Chain vlan1_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   78 26728 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
   47 18816 ACCEPT     all  --  *      *       0.0.0.0/0            10.0.69.0/24        
 3455  294K ACCEPT     all  --  *      *       0.0.0.0/0            10.0.70.0/24        

Chain ~comb0 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 5581  400K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain ~comb1 (10 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   66 18425 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   66 18425 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain ~log0 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Ping */ LOG flags 0 level 6 prefix "Shorewall:UNI012Fwall:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Ping */

Chain ~log1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   30  1642 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Ping */ LOG flags 0 level 6 prefix "Shorewall:NCI012Fwall:DROP:"
   30  1642 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* Ping */

Log (/var/log/kern.log)

Oct 17 08:30:14 cem01fw TRACE: filter:CEM012Fwall:rule:1 IN=vlan1 OUT= SRC=10.0.69.20 DST=10.0.69.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=28169 DF PROTO=ICMP TYPE=8 CODE=0 ID=17920 SEQ=9 
Oct 17 08:30:14 cem01fw TRACE: raw:OUTPUT:policy:13 IN= OUT=vlan3 SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=50736 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=9 
Oct 17 08:30:14 cem01fw TRACE: mangle:OUTPUT:policy:1 IN= OUT=vlan3 SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=50736 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=9 
Oct 17 08:30:14 cem01fw TRACE: filter:OUTPUT:policy:3 IN= OUT=vlan3 SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=50736 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=9 
Oct 17 08:30:14 cem01fw TRACE: mangle:POSTROUTING:policy:2 IN= OUT=vlan3 SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=50736 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=9 
Oct 17 08:30:14 cem01fw TRACE: raw:PREROUTING:policy:14 IN=vlan3 OUT= SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=50736 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=9 
Oct 17 08:30:14 cem01fw TRACE: mangle:PREROUTING:policy:5 IN=vlan3 OUT= SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=50736 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=9 
Oct 17 08:30:15 cem01fw TRACE: raw:PREROUTING:policy:14 IN=vlan1 OUT= SRC=10.0.69.20 DST=10.0.69.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=28176 DF PROTO=ICMP TYPE=8 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: mangle:PREROUTING:policy:5 IN=vlan1 OUT= SRC=10.0.69.20 DST=10.0.69.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=28176 DF PROTO=ICMP TYPE=8 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: mangle:INPUT:policy:1 IN=vlan1 OUT= SRC=10.0.69.20 DST=10.0.69.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=28176 DF PROTO=ICMP TYPE=8 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: filter:INPUT:rule:2 IN=vlan1 OUT= SRC=10.0.69.20 DST=10.0.69.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=28176 DF PROTO=ICMP TYPE=8 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: filter:vlan1_in:rule:4 IN=vlan1 OUT= SRC=10.0.69.20 DST=10.0.69.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=28176 DF PROTO=ICMP TYPE=8 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: filter:CEM012Fwall:rule:1 IN=vlan1 OUT= SRC=10.0.69.20 DST=10.0.69.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=28176 DF PROTO=ICMP TYPE=8 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: raw:OUTPUT:policy:13 IN= OUT=vlan3 SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=50804 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: mangle:OUTPUT:policy:1 IN= OUT=vlan3 SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=50804 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: filter:OUTPUT:policy:3 IN= OUT=vlan3 SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=50804 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: mangle:POSTROUTING:policy:2 IN= OUT=vlan3 SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=50804 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: raw:PREROUTING:policy:14 IN=vlan3 OUT= SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=50804 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=10 
Oct 17 08:30:15 cem01fw TRACE: mangle:PREROUTING:policy:5 IN=vlan3 OUT= SRC=10.0.69.1 DST=10.0.69.20 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=50804 PROTO=ICMP TYPE=0 CODE=0 ID=17920 SEQ=10 
Oct 17 09:16:37 MAF012Fwall:REJECT:IN=vlan2 OUT= SRC=192.168.11.247 DST=192.168.11.248 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=58526 DF PROTO=UDP SPT=55284 DPT=123 LEN=56 

NAT Table

Chain PREROUTING (policy ACCEPT 107K packets, 7509K bytes)
 pkts bytes target     prot opt in     out     source               destination         
38559 1209K NCI01_dnat  all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       udp  --  ppp0   *       70.38.15.82          0.0.0.0/0            udp dpt:4569 to:10.0.69.20

Chain INPUT (policy ACCEPT 29208 packets, 3783K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1560 packets, 127K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 40975 packets, 2546K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ~comb0     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
 1191 73985 ~comb0     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 vlan2_masq  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           

Chain NCI01_dnat (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       72.1.218.10          10.99.99.106        multiport dports 25,465 to:10.0.69.2
    0     0 DNAT       tcp  --  *      *       72.1.218.15          10.99.99.106        multiport dports 25,465 to:10.0.69.2
    0     0 DNAT       tcp  --  *      *       64.26.186.173        10.99.99.106        multiport dports 25,465 to:10.0.69.2
   90  3936 DNAT       tcp  --  *      *       0.0.0.0/0            10.99.99.106        multiport dports 80,443 to:10.0.69.2
   54  2160 DNAT       tcp  --  *      *       0.0.0.0/0            10.99.99.108        multiport dports 80,443 to:10.0.69.3
   66  2640 DNAT       tcp  --  *      *       0.0.0.0/0            10.99.99.109        multiport dports 80,443 to:10.0.69.20
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            10.99.99.106        tcp dpt:8032 to:10.0.69.15:80
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            10.99.99.106        multiport dports 1720,3230:3235 to:10.0.69.15
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            10.99.99.106        udp dpts:3230:3253 to:10.0.69.15
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            10.99.99.106        tcp dpt:5664 to:10.0.69.15:5500
    0     0 DNAT       udp  --  *      *       70.38.15.82          10.99.99.106        udp dpt:4569 to:10.0.69.20

Chain vlan2_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      *       10.0.69.0/24         192.168.11.200      
    0     0 MASQUERADE  all  --  *      *       10.99.99.104/29     192.168.11.200      

Chain ~comb0 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      *       10.1.0.0/23          0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      *       10.1.8.0/21          0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      *       10.0.69.0/24         0.0.0.0/0           

Mangle Table

Chain PREROUTING (policy ACCEPT 464K packets, 232M bytes)
 pkts bytes target     prot opt in     out     source               destination         
  854  826K MARK       tcp  --  *      *       10.0.69.2            0.0.0.0/0            tcp dpt:25 MARK set 0x19
  817 63305 MARK       tcp  --  *      *       10.0.69.2            0.0.0.0/0            tcp spt:25 MARK set 0x19
 8404  651K MARK       udp  --  *      *       10.0.69.2            0.0.0.0/0            udp dpt:53 MARK set 0x35
    0     0 MARK       udp  --  *      *       10.0.69.2            0.0.0.0/0            udp spt:53 MARK set 0x35

Chain INPUT (policy ACCEPT 34643 packets, 3714K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 414K packets, 227M bytes)
 pkts bytes target     prot opt in     out     source               destination         
3007K 1686M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK and 0xffffff00

Chain OUTPUT (policy ACCEPT 20677 packets, 2998K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 435K packets, 230M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DSCP       udp  --  *      *       0.0.0.0/0            70.38.15.82          udp dpt:5000 DSCP set 0x2e

Raw Table

Chain PREROUTING (policy ACCEPT 173K packets, 87M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:10080 CT helper amanda
   10   555 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 CT helper ftp
    1    76 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1719 CT helper RAS
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1720 CT helper Q.931
    5   492 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6667 CT helper irc
50669 4004K CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137 CT helper netbios-ns
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1723 CT helper pptp
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6566 CT helper sane
11661 6050K CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5060 CT helper sip
 219K   23M CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161 CT helper snmp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:69 CT helper tftp

Chain OUTPUT (policy ACCEPT 6109 packets, 885K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:10080 CT helper amanda
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 CT helper ftp
    1    76 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1719 CT helper RAS
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1720 CT helper Q.931
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6667 CT helper irc
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137 CT helper netbios-ns
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1723 CT helper pptp
    0     0 CT         tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6566 CT helper sane
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5060 CT helper sip
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161 CT helper snmp
    0     0 CT         udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:69 CT helper tftp

Conntrack Table (330 out of 65536)


IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 10.99.99.106/29 brd 10.99.99.111 scope global eth0
       valid_lft forever preferred_lft forever
    inet 10.99.99.108/29 brd 10.99.99.111 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet 10.99.99.107/29 brd 10.99.99.111 scope global secondary eth0:2
       valid_lft forever preferred_lft forever
    inet 10.99.99.109/29 brd 10.99.99.111 scope global secondary eth0:3
       valid_lft forever preferred_lft forever
4: vlan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    inet 10.0.69.1/24 brd 10.0.69.255 scope global vlan1
       valid_lft forever preferred_lft forever
    inet 10.0.70.1/24 brd 10.0.70.255 scope global vlan1:1
       valid_lft forever preferred_lft forever
5: vlan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    inet 192.168.11.248/24 brd 192.168.11.255 scope global vlan2
       valid_lft forever preferred_lft forever
6: vlan3@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    inet 10.1.10.248/24 brd 10.1.10.255 scope global vlan3
       valid_lft forever preferred_lft forever
8: tun2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    inet 10.20.200.129 peer 10.20.200.130/32 scope global tun2
       valid_lft forever preferred_lft forever
10: tun0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UNKNOWN group default qlen 500
    inet 10.20.1.185 peer 10.20.1.186/32 scope global tun0
       valid_lft forever preferred_lft forever

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    4468145    16350    0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    4468145    16350    0       0       0       0      
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:9c:02:aa:37:dc brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    18577197   67976    0       0       0       36508  
    TX: bytes  packets  errors  dropped carrier collsns 
    2342545    20696    0       0       0       0      
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:9c:02:aa:37:dd brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    1807308964 3574587  0       0       0       3450   
    TX: bytes  packets  errors  dropped carrier collsns 
    1779617096 3324657  0       0       0       0      
4: vlan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 00:9c:02:aa:37:dd brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    143231696  1472027  0       0       0       1462   
    TX: bytes  packets  errors  dropped carrier collsns 
    1546700220 1285017  0       0       0       0      
5: vlan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 00:9c:02:aa:37:dd brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    108148     2338     0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    99608      2328     0       0       0       0      
6: vlan3@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 00:9c:02:aa:37:dd brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    1576876619 1890520  0       0       0       1246   
    TX: bytes  packets  errors  dropped carrier collsns 
    193370046  1828426  0       0       0       0      
7: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:02:6f:4f:89:4c brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
8: tun2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
    link/none 
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
10: tun0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 500
    link/none 
    RX: bytes  packets  errors  dropped overrun mcast   
    18604      258      0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    4599       52       0       0       0       0      

Bridges

bridge name	bridge id		STP enabled	interfaces

Routing Rules

0:	from all lookup local 
900:	from 10.0.69.2 fwmark 0x19 lookup cem09 
948:	from all to 10.1.0.0/23 lookup main 
949:	from all to 10.1.8.0/21 lookup main 
950:	from all to 10.20.0.0/30 lookup main 
952:	from all to 192.168.2.0/24 lookup main 
954:	from all to 192.168.4.0/24 lookup main 
955:	from all to 192.168.5.0/24 lookup main 
956:	from all to 192.168.6.0/24 lookup main 
957:	from all to 192.168.7.0/24 lookup main 
1000:	from 10.0.69.0/26 lookup cem05 
32766:	from all lookup main 
32767:	from all lookup default 

Table cem05:

default via 10.1.10.35 dev vlan3 metric 10

Table cem09:

default via 10.20.1.186 dev tun0 src 10.20.1.185

Table default:


Table local:

local 10.99.99.109 dev eth0 proto kernel scope host src 10.99.99.106
local 10.99.99.108 dev eth0 proto kernel scope host src 10.99.99.106
local 10.99.99.107 dev eth0 proto kernel scope host src 10.99.99.106
local 10.99.99.106 dev eth0 proto kernel scope host src 10.99.99.106
local 192.168.11.248 dev vlan2 proto kernel scope host src 192.168.11.248
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 10.20.200.129 dev tun2 proto kernel scope host src 10.20.200.129
local 10.20.1.185 dev tun0 proto kernel scope host src 10.20.1.185
local 10.1.10.248 dev vlan3 proto kernel scope host src 10.1.10.248
local 10.0.70.1 dev vlan1 proto kernel scope host src 10.0.70.1
local 10.0.69.1 dev vlan1 proto kernel scope host src 10.0.69.1
broadcast 10.99.99.111 dev eth0 proto kernel scope link src 10.99.99.106
broadcast 10.99.99.104 dev eth0 proto kernel scope link src 10.99.99.106
broadcast 192.168.11.255 dev vlan2 proto kernel scope link src 192.168.11.248
broadcast 192.168.11.0 dev vlan2 proto kernel scope link src 192.168.11.248
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.10.255 dev vlan3 proto kernel scope link src 10.1.10.248
broadcast 10.1.10.0 dev vlan3 proto kernel scope link src 10.1.10.248
broadcast 10.0.70.255 dev vlan1 proto kernel scope link src 10.0.70.1
broadcast 10.0.70.0 dev vlan1 proto kernel scope link src 10.0.70.1
broadcast 10.0.69.255 dev vlan1 proto kernel scope link src 10.0.69.1
broadcast 10.0.69.0 dev vlan1 proto kernel scope link src 10.0.69.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1

Table main:

70.38.15.83 via 10.20.1.186 dev tun0 src 10.20.1.185
10.20.200.130 dev tun2 proto kernel scope link src 10.20.200.129
10.20.1.186 dev tun0 proto kernel scope link src 10.20.1.185
10.20.200.0/30 via 10.1.10.35 dev vlan3 metric 10
10.20.0.0/30 via 10.1.10.35 dev vlan3 metric 10
10.99.99.104/29 dev eth0 proto kernel scope link src 10.99.99.106
10.20.200.128/25 via 10.20.200.130 dev tun2
10.20.200.0/25 via 10.20.1.186 dev tun0 src 10.20.1.185
192.168.7.0/24 via 10.1.10.35 dev vlan3 metric 10
192.168.6.0/24 via 10.1.10.35 dev vlan3 metric 10
192.168.5.0/24 via 10.1.10.35 dev vlan3 metric 10
192.168.4.0/24 via 10.1.10.35 dev vlan3 metric 10
192.168.2.0/24 via 10.1.10.35 dev vlan3 metric 10
192.168.11.0/24 dev vlan2 proto kernel scope link src 192.168.11.248
10.1.4.0/24 via 10.20.1.186 dev tun0 src 10.20.1.185
10.1.111.0/24 via 10.20.1.186 dev tun0 src 10.20.1.185
10.1.10.0/24 dev vlan3 proto kernel scope link src 10.1.10.248
10.0.70.0/24 dev vlan1 proto kernel scope link src 10.0.70.1
10.0.69.0/24 dev vlan1 proto kernel scope link src 10.0.69.1
10.1.0.0/23 via 10.1.10.35 dev vlan3 metric 10
10.1.8.0/21 via 10.1.10.35 dev vlan3 metric 10
default via 10.99.99.105 dev eth0 metric 20

Per-IP Counters

   iptaccount is not installed

NF Accounting

No NF Accounting defined (nfacct not found)

Events


/proc

   /proc/version = Linux version 3.13.0-65-generic (buildd@lgw01-49) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #105-Ubuntu SMP Mon Sep 21 18:51:54 UTC 2015
   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 0
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/default/log_martians = 0
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 1
   /proc/sys/net/ipv4/conf/eth0/log_martians = 1
   /proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth1/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth1/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/log_martians = 0
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/log_martians = 0
   /proc/sys/net/ipv4/conf/tun0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/tun0/arp_filter = 0
   /proc/sys/net/ipv4/conf/tun0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/tun0/rp_filter = 0
   /proc/sys/net/ipv4/conf/tun0/log_martians = 0
   /proc/sys/net/ipv4/conf/tun2/proxy_arp = 0
   /proc/sys/net/ipv4/conf/tun2/arp_filter = 0
   /proc/sys/net/ipv4/conf/tun2/arp_ignore = 0
   /proc/sys/net/ipv4/conf/tun2/rp_filter = 0
   /proc/sys/net/ipv4/conf/tun2/log_martians = 0
   /proc/sys/net/ipv4/conf/vlan1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/vlan1/arp_filter = 0
   /proc/sys/net/ipv4/conf/vlan1/arp_ignore = 2
   /proc/sys/net/ipv4/conf/vlan1/rp_filter = 0
   /proc/sys/net/ipv4/conf/vlan1/log_martians = 0
   /proc/sys/net/ipv4/conf/vlan2/proxy_arp = 0
   /proc/sys/net/ipv4/conf/vlan2/arp_filter = 0
   /proc/sys/net/ipv4/conf/vlan2/arp_ignore = 0
   /proc/sys/net/ipv4/conf/vlan2/rp_filter = 0
   /proc/sys/net/ipv4/conf/vlan2/log_martians = 0
   /proc/sys/net/ipv4/conf/vlan3/proxy_arp = 0
   /proc/sys/net/ipv4/conf/vlan3/arp_filter = 0
   /proc/sys/net/ipv4/conf/vlan3/arp_ignore = 0
   /proc/sys/net/ipv4/conf/vlan3/rp_filter = 0
   /proc/sys/net/ipv4/conf/vlan3/log_martians = 0
   /proc/sys/net/ipv4/conf/wlan0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/wlan0/arp_filter = 0
   /proc/sys/net/ipv4/conf/wlan0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/wlan0/rp_filter = 0
   /proc/sys/net/ipv4/conf/wlan0/log_martians = 0

ARP

? (10.0.69.118) at 00:04:f2:05:55:60 [ether] on vlan1
? (10.0.69.124) at 00:04:f2:05:2d:72 [ether] on vlan1
? (10.0.69.170) at 78:e7:d1:d0:29:6d [ether] on vlan1
? (10.0.70.37) at ac:16:2d:cd:91:44 [ether] on vlan1
? (10.1.10.200) at 00:0d:b9:2c:c8:18 [ether] on vlan3
? (10.0.69.183) at 80:c1:6e:f7:7b:ac [ether] on vlan1
? (10.0.70.50) at d8:eb:97:d2:94:1e [ether] on vlan1
? (10.0.70.43) at d8:eb:97:d2:44:b4 [ether] on vlan1
? (10.0.69.19) at 2c:41:38:b1:b3:53 [ether] on vlan1
? (10.0.69.58) at 00:1e:65:09:f8:66 [ether] on vlan1
? (10.0.70.10) at 6c:b0:ce:e1:3e:73 [ether] on vlan1
? (10.0.69.110) at 00:04:f2:05:53:ee [ether] on vlan1
? (10.0.69.117) at 00:04:f2:05:4d:70 [ether] on vlan1
? (10.0.70.23) at 10:0d:7f:5e:ef:60 [ether] on vlan1
? (10.0.69.84) at 00:04:f2:05:54:f4 [ether] on vlan1
? (10.0.70.36) at d4:85:64:83:96:14 [ether] on vlan1
? (10.0.69.175) at 88:51:fb:48:ed:91 [ether] on vlan1
? (10.0.70.42) at d8:eb:97:d2:44:c5 [ether] on vlan1
? (10.1.10.35) at 4c:5e:0c:87:86:83 [ether] on vlan3
? (10.0.70.49) at d8:eb:97:d2:93:f4 [ether] on vlan1
? (10.0.69.57) at 00:25:b3:69:55:4b [ether] on vlan1
? (10.0.69.18) at 84:c9:b2:5f:c3:5d [ether] on vlan1
? (10.0.69.234) at a0:d3:c1:21:a1:db [ether] on vlan1
? (10.0.69.24) at 00:14:bf:50:57:1f [ether] on vlan1
? (10.0.69.109) at 00:04:f2:04:e8:19 [ether] on vlan1
? (10.0.69.201) at 80:c1:6e:f9:87:0f [ether] on vlan1
? (10.99.99.105) at 00:60:43:82:a1:65 [ether] on eth0
? (10.0.70.48) at d8:eb:97:d2:93:de [ether] on vlan1
? (10.0.70.41) at d8:eb:97:d2:44:bb [ether] on vlan1
? (10.0.69.10) at 00:10:75:37:c2:62 [ether] on vlan1
? (10.0.69.187) at 2c:27:d7:28:66:6a [ether] on vlan1
? (10.0.70.47) at d8:eb:97:d2:91:91 [ether] on vlan1
? (10.0.69.75) at 00:04:f2:05:29:f9 [ether] on vlan1
? (10.0.69.206) at c4:34:6b:61:3b:6e [ether] on vlan1
? (10.0.69.3) at a0:d3:c1:fd:b6:20 [ether] on vlan1
? (10.0.69.88) at 00:04:f2:c3:1e:0a [ether] on vlan1
? (10.0.69.127) at 00:04:f2:05:4e:e7 [ether] on vlan1
? (10.0.70.46) at d8:eb:97:d2:44:aa [ether] on vlan1
? (10.0.69.68) at 00:04:f2:05:0f:c5 [ether] on vlan1
? (10.0.69.245) at 00:24:21:a7:a2:05 [ether] on vlan1
? (10.0.69.81) at 00:04:f2:05:4e:dd [ether] on vlan1
? (10.0.69.120) at 00:04:f2:05:54:f9 [ether] on vlan1
? (10.0.69.74) at 00:04:f2:05:29:38 [ether] on vlan1
? (10.0.70.26) at 10:0d:7f:5e:ef:7b [ether] on vlan1
? (10.0.69.2) at 00:1e:4f:39:f9:b7 [ether] on vlan1
? (192.168.11.247) at b0:c7:45:6b:b0:49 [ether] on vlan2
? (10.0.69.126) at 00:04:f2:04:e6:9b [ether] on vlan1
? (10.0.69.87) at 00:04:f2:05:4e:8c [ether] on vlan1
? (10.0.70.39) at fc:15:b4:32:82:9b [ether] on vlan1
? (10.0.69.106) at 00:04:f2:05:29:b8 [ether] on vlan1
? (10.0.69.237) at 00:1c:c0:a6:d2:dd [ether] on vlan1
? (10.0.69.119) at 00:04:f2:04:e4:c0 [ether] on vlan1
? (10.0.69.86) at 00:04:f2:05:12:bb [ether] on vlan1
? (10.0.70.44) at d8:eb:97:d2:44:c1 [ether] on vlan1
? (10.0.69.20) at 78:e3:b5:fc:3c:22 [ether] on vlan1
? (10.0.70.51) at d8:eb:97:d2:92:6f [ether] on vlan1
? (10.0.69.112) at 00:04:f2:05:2d:54 [ether] on vlan1
? (10.0.70.11) at 6c:b0:ce:e1:3e:5e [ether] on vlan1

Modules

ip_set                 35596  1 xt_set
iptable_filter         12706  1 
iptable_mangle         12615  1 
iptable_nat            12867  1 
iptable_raw            12598  1 
ip_tables              17987  4 iptable_filter,iptable_mangle,iptable_nat,iptable_raw
ipt_ah                 12694  0 
ipt_CLUSTERIP          13327  0 
ipt_ECN                12473  0 
ipt_MASQUERADE         12760  5 
ipt_REJECT             12485  4 
ipt_rpfilter           12490  0 
ipt_ULOG               13742  0 
nf_conntrack           83879  35 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_helper,ipt_MASQUERADE,nf_conntrack_proto_udplite,nf_nat,xt_state,xt_connlimit,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,ipt_CLUSTERIP,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,iptable_nat,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
nf_conntrack_amanda    12897  3 nf_nat_amanda
nf_conntrack_broadcast    12541  2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp       14056  3 nf_nat_ftp
nf_conntrack_h323      62817  5 nf_nat_h323
nf_conntrack_ipv4      14492  84 
nf_conntrack_irc       13249  3 nf_nat_irc
nf_conntrack_netbios_ns    12585  2 
nf_conntrack_netlink    31473  0 
nf_conntrack_pptp      14628  3 nf_nat_pptp
nf_conntrack_proto_gre    14021  1 nf_conntrack_pptp
nf_conntrack_proto_sctp    18328  0 
nf_conntrack_proto_udplite    13076  0 
nf_conntrack_sane      12938  2 
nf_conntrack_sip       23655  3 nf_nat_sip
nf_conntrack_snmp      12745  3 nf_nat_snmp_basic
nf_conntrack_tftp      12953  3 nf_nat_tftp
nf_defrag_ipv4         12649  2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6         26163  1 xt_TPROXY
nf_nat                 20861  12 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,ipt_MASQUERADE,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,iptable_nat
nf_nat_amanda          12422  0 
nf_nat_ftp             12645  0 
nf_nat_h323            17419  0 
nf_nat_ipv4            13095  1 iptable_nat
nf_nat_irc             12606  0 
nf_nat_pptp            12926  0 
nf_nat_proto_gre       12865  1 nf_nat_pptp
nf_nat_sip             16997  0 
nf_nat_snmp_basic      17082  0 
nf_nat_tftp            12420  0 
xt_addrtype            12563  5 
xt_AUDIT               12590  0 
xt_CHECKSUM            12493  0 
xt_CLASSIFY            12459  0 
xt_comment             12456  98 
xt_connlimit           12564  0 
xt_connmark            12659  0 
xt_conntrack           12664  61 
xt_CT                  12820  22 
xt_dccp                12534  0 
xt_dscp                12525  0 
xt_DSCP                12549  1 
xt_hashlimit           17320  0 
xt_helper              12519  0 
xt_iprange             12679  72 
xt_length              12480  0 
xt_limit               12541  3 
xt_LOG                 17445  32 
xt_mac                 12444  0 
xt_mark                12499  5 
xt_multiport           12694  80 
xt_nat                 12601  12 
xt_NFLOG               12481  0 
xt_NFQUEUE             12672  0 
xt_owner               12478  0 
xt_physdev             12523  0 
xt_pkttype             12456  0 
xt_policy              12518  0 
xt_realm               12450  0 
xt_recent              18069  1 
xt_sctp                12733  0 
xt_set                 12998  0 
xt_state               12514  0 
xt_statistic           12537  0 
xt_tcpmss              12453  0 
xt_TCPMSS              12584  1 
xt_tcpudp              12756  112 
xt_time                12581  0 
xt_TPROXY              17135  0 
xt_TRACE               12450  0 

Shorewall has detected the following iptables/netfilter capabilities:
   ACCOUNT Target (ACCOUNT_TARGET): Not available
   Address Type Match (ADDRTYPE): Available
   Amanda Helper: Available
   Arptables JF: Not available
   AUDIT Target (AUDIT_TARGET): Available
   Basic Filter (BASIC_FILTER): Available
   Capabilities Version (CAPVERSION): 40515
   Checksum Target: Available
   CLASSIFY Target (CLASSIFY_TARGET): Available
   Comments (COMMENTS): Available
   Condition Match (CONDITION_MATCH): Not available
   Connection Tracking Match (CONNTRACK_MATCH): Available
   Connlimit Match (CONNLIMIT_MATCH): Available
   Connmark Match (CONNMARK_MATCH): Available
   CONNMARK Target (CONNMARK): Available
   CT Target (CT_TARGET): Available
   DSCP Match (DSCP_MATCH): Available
   DSCP Target (DSCP_TARGET): Available
   Enhanced Multi-port Match (EMULIPORT): Available
   Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
   Extended Connmark Match (XCONNMARK_MATCH): Available
   Extended CONNMARK Target (XCONNMARK): Available
   Extended MARK Target 2 (EXMARK): Available
   Extended MARK Target (XMARK): Available
   Extended Multi-port Match (XMULIPORT): Available
   Extended REJECT (ENHANCED_REJECT): Available
   FLOW Classifier (FLOW_FILTER): Available
   FTP-0 Helper: Not available
   FTP Helper: Available
   fwmark route mask (FWMARK_RT_MASK): Available
   Geo IP match: Not available
   Goto Support (GOTO_TARGET): Available
   H323 Helper: Available
   Hashlimit Match (HASHLIMIT_MATCH): Available
   Header Match (HEADER_MATCH): Not available
   Helper Match (HELPER_MATCH): Available
   IMQ Target (IMQ_TARGET): Not available
   IPMARK Target (IPMARK_TARGET): Not available
   IPP2P Match (IPP2P_MATCH): Not available
   IP range Match(IPRANGE_MATCH): Available
   ipset V5 (IPSET_V5): Not available
   iptables -S (IPTABLES_S): Available
   IRC-0 Helper: Not available
   IRC Helper: Available
   Kernel Version (KERNELVERSION): 31300
   LOGMARK Target (LOGMARK_TARGET): Not available
   LOG Target (LOG_TARGET): Available
   Mangle FORWARD Chain (MANGLE_FORWARD): Available
   Mark in the filter table (MARK_ANYWHERE): Available
   MARK Target (MARK): Available
   MASQUERADE Target: Available
   Multi-port Match (MULTIPORT): Available
   NAT (NAT_ENABLED): Available
   Netbios_ns Helper: Available
   New tos Match: Available
   NFAcct match: Not available
   NFLOG Target (NFLOG_TARGET): Available
   NFQUEUE Target (NFQUEUE_TARGET): Available
   Owner Match (OWNER_MATCH): Available
   Owner Name Match (OWNER_NAME_MATCH): Available
   Packet length Match (LENGTH_MATCH): Available
   Packet Mangling (MANGLE_ENABLED): Available
   Packet Type Match (USEPKTTYPE): Available
   Persistent SNAT (PERSISTENT_SNAT): Available
   Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
   Physdev Match (PHYSDEV_MATCH): Available
   Policy Match (POLICY_MATCH): Available
   PPTP Helper: Available
   Rawpost Table (RAWPOST_TABLE): Not available
   Raw Table (RAW_TABLE): Available
   Realm Match (REALM_MATCH): Available
   Recent Match "--reap" option (REAP_OPTION): Not available
   Recent Match (RECENT_MATCH): Available
   Repeat match (KLUDGEFREE): Available
   RPFilter match: Available
   SANE-0 Helper: Not available
   SANE Helper: Available
   SIP-0 Helper: Not available
   SIP Helper: Available
   SNMP Helper: Available
   Statistic Match (STATISTIC_MATCH): Available
   TCPMSS Match (TCPMSS_MATCH): Available
   TFTP-0 Helper: Not available
   TFTP Helper: Available
   Time Match (TIME_MATCH): Available
   TPROXY Target (TPROXY_TARGET): Available
   UDPLITE Port Redirection: Not available
   ULOG Target (ULOG_TARGET): Available

Netid  State      Recv-Q Send-Q     Local Address:Port       Peer Address:Port 
tcp    ESTAB      0      0          10.99.99.106:5000        70.38.15.82:48672  users:(("vtund",20480,6))
tcp    UNCONN     0      0                      *:4603                  *:*      users:(("dhcpd",3102,20))
tcp    UNCONN     0      0                      *:58374                 *:*      users:(("snmpd",3574,11))
tcp    UNCONN     0      0            10.20.1.185:53                    *:*      users:(("named",3092,555),("named",3092,554),("named",3092,553),("named",3092,552))
tcp    UNCONN     0      0          10.20.200.129:53                    *:*      users:(("named",3092,551),("named",3092,550),("named",3092,549),("named",3092,548))
tcp    UNCONN     0      0            10.1.10.248:53                    *:*      users:(("named",3092,547),("named",3092,546),("named",3092,545),("named",3092,544))
tcp    UNCONN     0      0         192.168.11.248:53                    *:*      users:(("named",3092,543),("named",3092,542),("named",3092,541),("named",3092,540))
tcp    UNCONN     0      0              10.0.70.1:53                    *:*      users:(("named",3092,539),("named",3092,538),("named",3092,537),("named",3092,536))
tcp    UNCONN     0      0              10.0.69.1:53                    *:*      users:(("named",3092,535),("named",3092,534),("named",3092,533),("named",3092,532))
tcp    UNCONN     0      0          10.99.99.109:53                    *:*      users:(("named",3092,531),("named",3092,530),("named",3092,529),("named",3092,528))
tcp    UNCONN     0      0          10.99.99.107:53                    *:*      users:(("named",3092,527),("named",3092,526),("named",3092,525),("named",3092,524))
tcp    UNCONN     0      0          10.99.99.108:53                    *:*      users:(("named",3092,523),("named",3092,522),("named",3092,521),("named",3092,520))
tcp    UNCONN     0      0          10.99.99.106:53                    *:*      users:(("named",3092,519),("named",3092,518),("named",3092,517),("named",3092,516))
tcp    UNCONN     0      0              127.0.0.1:53                    *:*      users:(("named",3092,515),("named",3092,514),("named",3092,513),("named",3092,512))
tcp    UNCONN     0      0                      *:67                    *:*      users:(("dhcpd",3102,7))
tcp    UNCONN     0      0            10.20.1.185:123                   *:*      users:(("ntpd",4357,28))
tcp    UNCONN     0      0          10.20.200.129:123                   *:*      users:(("ntpd",4357,27))
tcp    UNCONN     0      0            10.1.10.248:123                   *:*      users:(("ntpd",4357,26))
tcp    UNCONN     0      0         192.168.11.248:123                   *:*      users:(("ntpd",4357,25))
tcp    UNCONN     0      0              10.0.70.1:123                   *:*      users:(("ntpd",4357,24))
tcp    UNCONN     0      0              10.0.69.1:123                   *:*      users:(("ntpd",4357,23))
tcp    UNCONN     0      0          10.99.99.109:123                   *:*      users:(("ntpd",4357,22))
tcp    UNCONN     0      0          10.99.99.107:123                   *:*      users:(("ntpd",4357,21))
tcp    UNCONN     0      0          10.99.99.108:123                   *:*      users:(("ntpd",4357,20))
tcp    UNCONN     0      0          10.99.99.106:123                   *:*      users:(("ntpd",4357,19))
tcp    UNCONN     0      0              127.0.0.1:123                   *:*      users:(("ntpd",4357,18))
tcp    UNCONN     0      0                      *:123                   *:*      users:(("ntpd",4357,16))
tcp    UNCONN     0      0              127.0.0.1:161                   *:*      users:(("snmpd",3574,10))
tcp    ESTAB      0      0              127.0.0.1:54516         127.0.0.1:54516  users:(("postgres",3422,9),("postgres",3421,9),("postgres",3420,9),("postgres",3419,9),("postgres",3418,9),("postgres",3412,9))
tcp    UNCONN     0      0                      *:10000                 *:*      users:(("miniserv.pl",3896,7))
tcp    ESTAB      0      0              127.0.0.1:60265         127.0.0.1:60265  users:(("postgres",3344,7),("postgres",3343,7),("postgres",3342,7),("postgres",3341,7),("postgres",3338,7))
tcp    LISTEN     0      100            127.0.0.1:25                    *:*      users:(("master",3548,12))
tcp    LISTEN     0      128            127.0.0.1:5433                  *:*      users:(("postgres",3412,3))
tcp    LISTEN     0      128            127.0.0.1:953                   *:*      users:(("named",3092,29))
tcp    LISTEN     0      1          10.99.99.107:443                   *:*      users:(("openvpn",3198,5))
tcp    LISTEN     0      10                     *:5000                  *:*      users:(("vtund",3585,4))
tcp    LISTEN     0      128                    *:10000                 *:*      users:(("miniserv.pl",3896,6))
tcp    LISTEN     0      10           10.20.1.185:53                    *:*      users:(("named",3092,31))
tcp    LISTEN     0      10         10.20.200.129:53                    *:*      users:(("named",3092,30))
tcp    LISTEN     0      10           10.1.10.248:53                    *:*      users:(("named",3092,28))
tcp    LISTEN     0      10        192.168.11.248:53                    *:*      users:(("named",3092,27))
tcp    LISTEN     0      10             10.0.70.1:53                    *:*      users:(("named",3092,26))
tcp    LISTEN     0      10             10.0.69.1:53                    *:*      users:(("named",3092,25))
tcp    LISTEN     0      10         10.99.99.109:53                    *:*      users:(("named",3092,24))
tcp    LISTEN     0      10         10.99.99.107:53                    *:*      users:(("named",3092,23))
tcp    LISTEN     0      10         10.99.99.108:53                    *:*      users:(("named",3092,22))
tcp    LISTEN     0      10         10.99.99.106:53                    *:*      users:(("named",3092,21))
tcp    LISTEN     0      10             127.0.0.1:53                    *:*      users:(("named",3092,20))
tcp    LISTEN     0      32                     *:21                    *:*      users:(("vsftpd",1779,3))
tcp    LISTEN     0      128                    *:22                    *:*      users:(("sshd",3066,3))
tcp    LISTEN     0      128            127.0.0.1:5432                  *:*      users:(("postgres",3338,3))
tcp    ESTAB      0      0              10.0.69.1:22           10.1.0.211:23426  users:(("sshd",23292,3),("sshd",23254,3))

Traffic Control

Device eth0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 1978796 bytes 18585 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 


Device eth1:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 1751556817 bytes 3324763 pkt (dropped 0, overlimits 0 requeues 58) 
 backlog 0b 0p requeues 58 


Device tun2:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 


Device tun0:
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 4599 bytes 52 pkt (dropped 0, overlimits 0 requeues 0) 
 backlog 0b 0p requeues 0 



TC Filters

Device eth0:

Device eth1:

Device tun2:

Device tun0:

