Shorewall 4.5.4 Dump at FW - Fri Nov 13 17:10:33 CET 2015

Shorewall is running
State:Started (Fri Nov 13 17:10:24 CET 2015) from /etc/shorewall/
Counters reset Fri Nov 13 17:10:24 CET 2015

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   19  3167 eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 vpn2fw     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth1.5_in  all  --  eth1.5 *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth1.89_in  all  --  eth1.89 *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   120 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 vpn_frwd   all  --  tun+   *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth1.5_fwd  all  --  eth1.5 *       0.0.0.0/0            0.0.0.0/0           
    0     0 eth1.89_fwd  all  --  eth1.89 *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   560 eth0_out   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 fw2vpn     all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           
    0     0 fw2net     all  --  *      eth1.5  0.0.0.0/0            0.0.0.0/0           
    0     0 fw2net     all  --  *      eth1.89  0.0.0.0/0            0.0.0.0/0           
    1    88 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain Broadcast (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   12  2695 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type BROADCAST 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type MULTICAST 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type ANYCAST 
    0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4         

Chain Drop (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 /* Auth */ 
    0     0 Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4 /* Needed ICMP types */ 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 /* Needed ICMP types */ 
    0     0 Invalid    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445 /* SMB */ 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 /* SMB */ 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535 /* SMB */ 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445 /* SMB */ 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 /* UPnP */ 
    0     0 NotSyn     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 /* Late DNS Replies */ 

Chain Invalid (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID 

Chain NotSyn (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 

Chain Reject (4 references)
 pkts bytes target     prot opt in     out     source               destination         
   12  2695            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 /* Auth */ 
   12  2695 Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4 /* Needed ICMP types */ 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 /* Needed ICMP types */ 
    0     0 Invalid    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445 /* SMB */ 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 /* SMB */ 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535 /* SMB */ 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445 /* SMB */ 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 /* UPnP */ 
    0     0 NotSyn     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 /* Late DNS Replies */ 

Chain all2all (15 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
   12  2695 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain dynamic (8 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 sfilter    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           [goto] 
    2   120 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
    2   120 loc_frwd   all  --  *      *       10.1.1.0/24          0.0.0.0/0           
    0     0 wifi_frwd  all  --  *      *       10.1.2.0/24          0.0.0.0/0           
    0     0 store_frwd  all  --  *      *       10.1.4.0/24          0.0.0.0/0           

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   12  2695 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
   19  3167 loc2fw     all  --  *      *       10.1.1.0/24          0.0.0.0/0           
    0     0 wifi2fw    all  --  *      *       10.1.2.0/24          0.0.0.0/0           
    0     0 all2all    all  --  *      *       10.1.4.0/24          0.0.0.0/0           

Chain eth0_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    4   560 fw2loc     all  --  *      *       0.0.0.0/0            10.1.1.0/24         
    0     0 all2all    all  --  *      *       0.0.0.0/0            10.1.2.0/24         
    0     0 fw2store   all  --  *      *       0.0.0.0/0            10.1.4.0/24         

Chain eth1.5_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 sfilter    all  --  *      eth1.5  0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
    0     0 net_frwd   all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1.5_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
    0     0 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1.89_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 sfilter    all  --  *      eth1.89  0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
    0     0 net_frwd   all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1.89_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
    0     0 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    4   560 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2net (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2store (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain fw2vpn (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    7   472 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       10.1.1.11            0.0.0.0/0           tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       10.1.1.12            0.0.0.0/0           tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:873 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:873 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3128 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3052 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 
    0     0 ACCEPT     tcp  --  *      *       10.1.1.204           0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       10.1.1.204           0.0.0.0/0           tcp dpt:23 
   12  2695 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain loc2net (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    2   120 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 587,993 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            8.8.8.8             udp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       10.1.1.119           0.0.0.0/0           multiport dports 80,443 
    0     0 ACCEPT     tcp  --  *      *       10.1.1.113           0.0.0.0/0           multiport dports 80,443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           source IP range 10.1.1.120-10.1.1.130 multiport dports 80,443 
    0     0 ACCEPT     tcp  --  *      *       10.1.1.149           0.0.0.0/0           multiport dports 80,443 
    0     0 ACCEPT     tcp  --  *      *       10.1.1.143           0.0.0.0/0           multiport dports 80,443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           source IP range 10.1.1.140-10.1.1.150 multiport dports 80,443 
    0     0 DROP       tcp  --  *      *       10.1.1.8             0.0.0.0/0           multiport dports 80,443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            82.85.188.0/24      tcp dpt:25 
    0     0 ACCEPT     udp  --  *      *       10.1.1.91            0.0.0.0/0           udp dpt:123 
    0     0 ACCEPT     udp  --  *      *       10.1.1.92            0.0.0.0/0           udp dpt:123 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain loc2vpn (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain loc_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 loc2vpn    all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           
    0     0 loc2net    all  --  *      eth1.5  0.0.0.0/0            0.0.0.0/0           
    2   120 loc2net    all  --  *      eth1.89  0.0.0.0/0            0.0.0.0/0           

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2all (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2fw (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] tcp dpt:25 
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] tcp dpt:80 
    0     0 DROP       tcp  --  *      *       122.117.0.0/16       0.0.0.0/0           multiport dports 110,143 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 995,993 
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1194 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5000 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5001 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5002 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5003 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5005 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5006 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5007 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5008 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5030 
    0     0 ACCEPT     udp  --  *      *       151.58.204.74        0.0.0.0/0           udp dpt:5004 
    0     0 DROP       tcp  --  *      *       151.13.116.224/27    0.0.0.0/0           tcp dpt:22 
    0     0 DROP       tcp  --  *      *       151.36.79.60         0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.14           tcp spt:4672 dpt:4662 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            10.1.1.14           udp spt:4672 dpt:4662 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.11           tcp dpt:3389 ctorigdst 93.64.191.172 
    0     0 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain net_frwd (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net2loc    all  --  *      eth0    0.0.0.0/0            10.1.1.0/24         
    0     0 net2all    all  --  *      eth0    0.0.0.0/0            10.1.2.0/24         
    0     0 net2all    all  --  *      eth0    0.0.0.0/0            10.1.4.0/24         
    0     0 net2all    all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      eth1.5  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      eth1.89  0.0.0.0/0            0.0.0.0/0           

Chain reject (11 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match src-type BROADCAST 
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain sfilter (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:sfilter:DROP:' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain store2net (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 80,443 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain store_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 all2all    all  --  *      eth0    0.0.0.0/0            10.1.2.0/24         
    0     0 all2all    all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           
    0     0 store2net  all  --  *      eth1.5  0.0.0.0/0            0.0.0.0/0           
    0     0 store2net  all  --  *      eth1.89  0.0.0.0/0            0.0.0.0/0           

Chain vpn2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       192.168.144.0/29     0.0.0.0/0           tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       192.168.144.8/30     0.0.0.0/0           tcp dpt:25 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain vpn2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain vpn_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 sfilter    all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate INVALID,NEW 
    0     0 vpn2loc    all  --  *      eth0    0.0.0.0/0            10.1.1.0/24         
    0     0 all2all    all  --  *      eth0    0.0.0.0/0            10.1.2.0/24         
    0     0 all2all    all  --  *      eth0    0.0.0.0/0            10.1.4.0/24         
    0     0 all2all    all  --  *      eth1.5  0.0.0.0/0            0.0.0.0/0           
    0     0 all2all    all  --  *      eth1.89  0.0.0.0/0            0.0.0.0/0           

Chain wifi2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 110,143,25 
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain wifi2net (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain wifi_frwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 all2all    all  --  *      eth0    0.0.0.0/0            10.1.4.0/24         
    0     0 all2all    all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           
    0     0 wifi2net   all  --  *      eth1.5  0.0.0.0/0            0.0.0.0/0           
    0     0 wifi2net   all  --  *      eth1.89  0.0.0.0/0            0.0.0.0/0           

Chain ~log0 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2fw:ACCEPT:' 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Log (/var/log/messages)


NAT Table

Chain PREROUTING (policy ACCEPT 13 packets, 2755 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   13  2755 dnat       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 eth0_masq  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 eth1.5_masq  all  --  *      eth1.5  0.0.0.0/0            0.0.0.0/0           
    1    60 eth1.89_masq  all  --  *      eth1.89  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain dnat (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 net_dnat   all  --  eth1.5 *       0.0.0.0/0            0.0.0.0/0           
    0     0 net_dnat   all  --  eth1.89 *       0.0.0.0/0            0.0.0.0/0           

Chain eth0_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       all  --  *      *       192.168.144.0/24     0.0.0.0/0           to:10.1.1.253 
    0     0 SNAT       all  --  *      *       192.168.145.0/24     0.0.0.0/0           to:10.1.1.253 

Chain eth1.5_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       all  --  *      *       10.1.1.0/24          0.0.0.0/0           to:2.32.75.196 

Chain eth1.89_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    60 SNAT       all  --  *      *       10.1.1.0/24          0.0.0.0/0           to:89.96.153.140 

Chain net_dnat (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ~log0      tcp  --  *      *       0.0.0.0/0            93.64.191.172       [goto] tcp dpt:3389 

Chain ~log0 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net_dnat:DNAT:' 
    0     0 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0           to:10.1.1.11 

Mangle Table

Chain PREROUTING (policy ACCEPT 30 packets, 5427 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match !0x0/0xff CONNMARK restore mask 0xff 
    0     0 routemark  all  --  eth1.89 *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff 
    0     0 routemark  all  --  eth1.5 *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff 
    0     0 tcpre      all  --  eth1.89 *       0.0.0.0/0            0.0.0.0/0           
    0     0 tcpre      all  --  eth1.5 *       0.0.0.0/0            0.0.0.0/0           
   30  5427 tcpre      all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff 

Chain INPUT (policy ACCEPT 19 packets, 3167 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   19  3167 tcin       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 2 packets, 120 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   120 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK and 0xffffff00 
    2   120 tcfor      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 5 packets, 648 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match !0x0/0xff CONNMARK restore mask 0xff 
    5   648 tcout      all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0xff 

Chain POSTROUTING (policy ACCEPT 7 packets, 768 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    7   768 tcpost     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain routemark (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  eth1.89 *       0.0.0.0/0            0.0.0.0/0           MARK set 0x1 
    0     0 MARK       all  --  eth1.5 *       0.0.0.0/0            0.0.0.0/0           MARK set 0x2 
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0/0xff CONNMARK save mask 0xff 

Chain tcfor (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcin (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain tcpre (3 references)
 pkts bytes target     prot opt in     out     source               destination         

Raw Table

Chain PREROUTING (policy ACCEPT 30 packets, 5427 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 5 packets, 648 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Conntrack Table (4 out of 64404)

ipv4     2 udp      17 28 src=10.1.1.21 dst=10.1.1.255 sport=46637 dport=694 [UNREPLIED] src=10.1.1.255 dst=10.1.1.21 sport=694 dport=46637 mark=0 secmark=0 use=2
ipv4     2 tcp      6 431999 ESTABLISHED src=10.1.1.129 dst=10.1.1.215 sport=50737 dport=22 src=10.1.1.215 dst=10.1.1.129 sport=22 dport=50737 [ASSURED] mark=0 secmark=0 use=2
ipv4     2 icmp     1 27 src=10.1.1.129 dst=8.8.8.8 type=8 code=0 id=1 [UNREPLIED] src=8.8.8.8 dst=89.96.153.140 type=0 code=0 id=1 mark=0 secmark=0 use=3
ipv4     2 udp      17 28 src=10.1.1.22 dst=10.1.1.255 sport=36543 dport=694 [UNREPLIED] src=10.1.1.255 dst=10.1.1.22 sport=694 dport=36543 mark=0 secmark=0 use=2

IP Configuration

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    inet 10.1.1.215/24 brd 10.1.1.255 scope global eth0
    inet 10.1.1.253/24 brd 10.1.1.255 scope global secondary eth0
4: eth1.5@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    inet 2.32.75.196/29 brd 2.32.75.199 scope global eth1.5
5: eth1.89@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    inet 89.96.153.140/29 brd 89.96.153.143 scope global eth1.89

IP Stats

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    578        6        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    578        6        0       0       0       0      
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:0c:29:8d:18:4a brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    340980     2601     1       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    59401      366      0       0       0       0      
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:0c:29:8d:18:54 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    1207       9        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    4234       73       0       0       0       0      
4: eth1.5@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 00:0c:29:8d:18:54 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    864        12       0       0       0       0      
5: eth1.89@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 00:0c:29:8d:18:54 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    2722       53       0       0       0       0      

Bridges

bridge name	bridge id		STP enabled	interfaces

Per-IP Counters

   iptaccount is not installed

/proc

   /proc/version = Linux version 2.6.32-431.29.2.el6.i686 (mockbuild@c6b9.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Tue Sep 9 20:14:52 UTC 2014
   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/icmp_echo_ignore_all = 0
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/arp_ignore = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 0
   /proc/sys/net/ipv4/conf/all/log_martians = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/arp_ignore = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/default/log_martians = 0
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/log_martians = 0
   /proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth1/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth1/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/log_martians = 0
   /proc/sys/net/ipv4/conf/eth1.5/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth1.5/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1.5/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth1.5/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth1.5/log_martians = 0
   /proc/sys/net/ipv4/conf/eth1.89/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth1.89/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1.89/arp_ignore = 0
   /proc/sys/net/ipv4/conf/eth1.89/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth1.89/log_martians = 0
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/arp_ignore = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/log_martians = 0

Routing Rules

0:	from all lookup local 
10000:	from all fwmark 0x1/0xff lookup ISP1 
10001:	from all fwmark 0x2/0xff lookup ISP2 
20000:	from 89.96.153.140 lookup ISP1 
20000:	from 2.32.75.196 lookup ISP2 
32766:	from all lookup main 
32767:	from all lookup default 

Table default:


Table ISP1:

89.96.153.137 dev eth1.89 scope link src 89.96.153.140
89.96.153.136/29 dev eth1.89 proto kernel scope link src 89.96.153.140
10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.215
169.254.0.0/16 dev eth1.89 scope link metric 1005
169.254.0.0/16 dev eth0 scope link metric 1002
default via 89.96.153.137 dev eth1.89 src 89.96.153.140

Table ISP2:

2.32.75.193 dev eth1.5 scope link src 2.32.75.196
2.32.75.192/29 dev eth1.5 proto kernel scope link src 2.32.75.196
10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.215
169.254.0.0/16 dev eth1.5 scope link metric 1004
169.254.0.0/16 dev eth0 scope link metric 1002
default via 2.32.75.193 dev eth1.5 src 2.32.75.196

Table local:

local 89.96.153.140 dev eth1.89 proto kernel scope host src 89.96.153.140
local 2.32.75.196 dev eth1.5 proto kernel scope host src 2.32.75.196
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 10.1.1.253 dev eth0 proto kernel scope host src 10.1.1.215
local 10.1.1.215 dev eth0 proto kernel scope host src 10.1.1.215
broadcast 89.96.153.143 dev eth1.89 proto kernel scope link src 89.96.153.140
broadcast 89.96.153.136 dev eth1.89 proto kernel scope link src 89.96.153.140
broadcast 2.32.75.199 dev eth1.5 proto kernel scope link src 2.32.75.196
broadcast 2.32.75.192 dev eth1.5 proto kernel scope link src 2.32.75.196
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.1.1.255 dev eth0 proto kernel scope link src 10.1.1.215

Table main:

89.96.153.137 dev eth1.89 scope link src 89.96.153.140
2.32.75.193 dev eth1.5 scope link src 2.32.75.196
89.96.153.136/29 dev eth1.89 proto kernel scope link src 89.96.153.140
2.32.75.192/29 dev eth1.5 proto kernel scope link src 2.32.75.196
10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.215
169.254.0.0/16 dev eth1 scope link metric 1003
169.254.0.0/16 dev eth1.89 scope link metric 1005
169.254.0.0/16 dev eth1.5 scope link metric 1004
169.254.0.0/16 dev eth0 scope link metric 1002
default nexthop via 89.96.153.137 dev eth1.89 weight 2 nexthop via 2.32.75.193 dev eth1.5 weight 1

ARP

? (10.1.1.15) at 38:60:77:f1:48:db [ether] on eth0
? (89.96.153.137) at <incomplete> on eth1.89
? (10.1.1.129) at 9c:ad:97:6a:66:9d [ether] on eth0

Modules

ip_set                 26232  1 xt_set
iptable_filter          2173  1 
iptable_mangle          2641  1 
iptable_nat             5053  1 
iptable_raw             1740  0 
ip_tables               9567  4 iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype            1597  4 
ipt_ah                   859  0 
ipt_CLUSTERIP           5471  0 
ipt_ecn                 1119  0 
ipt_ECN                 1503  0 
ipt_LOG                 4861  8 
ipt_MASQUERADE          1822  0 
ipt_NETMAP              1388  0 
ipt_REDIRECT            1428  0 
ipt_REJECT              1867  4 
ipt_ULOG                7612  0 
nf_conntrack           65661  34 xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_conntrack_snmp,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_udplite,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_conntrack_amanda     2279  1 nf_nat_amanda
nf_conntrack_broadcast     1123  2 nf_conntrack_snmp,nf_conntrack_netbios_ns
nf_conntrack_ftp       10475  1 nf_nat_ftp
nf_conntrack_h323      58050  1 nf_nat_h323
nf_conntrack_ipv4       7694  34 iptable_nat,nf_nat
nf_conntrack_irc        4293  1 nf_nat_irc
nf_conntrack_netbios_ns      943  0 
nf_conntrack_netlink    14710  0 
nf_conntrack_pptp      10049  1 nf_nat_pptp
nf_conntrack_proto_gre     5718  1 nf_conntrack_pptp
nf_conntrack_proto_sctp    10398  0 
nf_conntrack_proto_udplite     2616  0 
nf_conntrack_sane       4359  0 
nf_conntrack_sip       16318  1 nf_nat_sip
nf_conntrack_snmp       1203  1 nf_nat_snmp_basic
nf_conntrack_tftp       3662  1 nf_nat_tftp
nf_defrag_ipv4          1039  2 xt_TPROXY,nf_conntrack_ipv4
nf_defrag_ipv6          8839  1 xt_TPROXY
nf_nat                 18765  12 ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,iptable_nat
nf_nat_amanda            812  0 
nf_nat_ftp              2602  0 
nf_nat_h323             7733  0 
nf_nat_irc              1346  0 
nf_nat_pptp             4068  0 
nf_nat_proto_gre        2316  1 nf_nat_pptp
nf_nat_sip              5234  0 
nf_nat_snmp_basic       7495  0 
nf_nat_tftp              650  0 
nf_tproxy_core           976  1 xt_TPROXY,[permanent]
xt_AUDIT                2516  0 
xt_CLASSIFY              721  0 
xt_comment               686  18 
xt_connlimit            2562  0 
xt_CONNMARK             1079  3 
xt_connmark              919  2 
xt_conntrack            2236  26 
xt_dccp                 1731  0 
xt_dscp                 1267  0 
xt_DSCP                 1643  0 
xt_hashlimit            7562  0 
xt_helper               1037  0 
xt_iprange              1868  2 
xt_length                902  0 
xt_limit                1284  0 
xt_mac                   770  0 
xt_MARK                  709  3 
xt_mark                  709  5 
xt_multiport            2216  16 
xt_NFLOG                 839  0 
xt_NFQUEUE              1673  0 
xt_owner                 904  0 
xt_physdev              1441  0 
xt_pkttype               814  0 
xt_policy               2156  0 
xt_realm                 712  0 
xt_recent               6335  0 
xt_set                  3236  0 
xt_state                1064  0 
xt_statistic            1084  0 
xt_tcpmss               1163  0 
xt_time                 1803  0 
xt_TPROXY               7995  0 

Shorewall has detected the following iptables/netfilter capabilities:
   NAT (NAT_ENABLED): Available
   Packet Mangling (MANGLE_ENABLED): Available
   Multi-port Match (MULTIPORT): Available
   Extended Multi-port Match (XMULIPORT): Available
   Connection Tracking Match (CONNTRACK_MATCH): Available
   Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available
   Packet Type Match (USEPKTTYPE): Available
   Policy Match (POLICY_MATCH): Available
   Physdev Match (PHYSDEV_MATCH): Available
   Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
   Packet length Match (LENGTH_MATCH): Available
   IP range Match(IPRANGE_MATCH): Available
   Recent Match (RECENT_MATCH): Available
   Owner Match (OWNER_MATCH): Available
   Owner Name Match (OWNER_NAME_MATCH): Available
   CONNMARK Target (CONNMARK): Available
   Extended CONNMARK Target (XCONNMARK): Available
   Connmark Match (CONNMARK_MATCH): Available
   Extended Connmark Match (XCONNMARK_MATCH): Available
   Raw Table (RAW_TABLE): Available
   Rawpost Table (RAWPOST_TABLE): Not available
   IPP2P Match (IPP2P_MATCH): Not available
   CLASSIFY Target (CLASSIFY_TARGET): Available
   Extended REJECT (ENHANCED_REJECT): Available
   Repeat match (KLUDGEFREE): Available
   MARK Target (MARK): Available
   Extended MARK Target (XMARK): Available
   Extended MARK Target 2 (EXMARK): Available
   Mangle FORWARD Chain (MANGLE_FORWARD): Available
   Comments (COMMENTS): Available
   Address Type Match (ADDRTYPE): Available
   TCPMSS Match (TCPMSS_MATCH): Available
   Hashlimit Match (HASHLIMIT_MATCH): Available
   NFQUEUE Target (NFQUEUE_TARGET): Available
   Realm Match (REALM_MATCH): Available
   Helper Match (HELPER_MATCH): Available
   Connlimit Match (CONNLIMIT_MATCH): Available
   Time Match (TIME_MATCH): Available
   Goto Support (GOTO_TARGET): Available
   LOGMARK Target (LOGMARK_TARGET): Not available
   IPMARK Target (IPMARK_TARGET): Not available
   LOG Target (LOG_TARGET): Available
   ULOG Target (ULOG_TARGET): Available
   NFLOG Target (NFLOG_TARGET): Available
   Persistent SNAT (PERSISTENT_SNAT): Available
   TPROXY Target (TPROXY_TARGET): Available
   FLOW Classifier (FLOW_FILTER): Available
   fwmark route mask (FWMARK_RT_MASK): Available
   Mark in any table (MARK_ANYWHERE): Available
   Header Match (HEADER_MATCH): Not available
   ACCOUNT Target (ACCOUNT_TARGET): Not available
   AUDIT Target (AUDIT_TARGET): Available
   ipset V5 (IPSET_V5): Not available
   Condition Match (CONDITION_MATCH): Not available
   Statistic Match (STATISTIC_MATCH): Available
   IMQ Target (IMQ_TARGET): Not available
   DSCP Match (DSCP_MATCH): Available
   DSCP Target (DSCP_TARGET): Available
   Geo IP match: Not available
   iptables -S (IPTABLES_S): Available
   Basic Filter (BASIC_FILTER): Available
   CT Target (CT_TARGET): Not available

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1087/rpcbind        
tcp        0      0 0.0.0.0:59347               0.0.0.0:*                   LISTEN      1106/rpc.statd      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1864/sshd           
tcp        0      0 10.1.1.215:22               10.1.1.129:50737            ESTABLISHED 1941/sshd           
tcp        0      0 :::111                      :::*                        LISTEN      1087/rpcbind        
tcp        0      0 :::22                       :::*                        LISTEN      1864/sshd           
tcp        0      0 :::36890                    :::*                        LISTEN      1106/rpc.statd      
udp        0      0 0.0.0.0:55082               0.0.0.0:*                               1106/rpc.statd      
udp        0      0 0.0.0.0:838                 0.0.0.0:*                               1087/rpcbind        
udp        0      0 0.0.0.0:858                 0.0.0.0:*                               1106/rpc.statd      
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               1087/rpcbind        
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               1038/portreserve    
udp        0      0 :::46721                    :::*                                    1106/rpc.statd      
udp        0      0 :::838                      :::*                                    1087/rpcbind        
udp        0      0 :::111                      :::*                                    1087/rpcbind        
