Running Fedora 36 with shorewall6 5.2.3.4
It loads fine, but can' ping6 from client
ran dump and got the following errors:
/usr/bin/which" no tc in
(/sbin:/usr/sbin:/usr/bin:/local/bin:usr/local/sbin)
/usr/share/shorewall/lib.cli: line 255 tc: command not found
/usr/share/shorewall/lib.cli: line 255 tc: command not found
/usr/share/shorewall/lib.cli: line 255 tc: command not found
/usr/share/shorewall/lib.cli: line 255 tc: command not found
/usr/share/shorewall/lib.cli: line 255 tc: command not found
/usr/share/shorewall/lib.cli: line 297 tc: command not found
/usr/share/shorewall/lib.cli: line 297 tc: command not found
/usr/share/shorewall/lib.cli: line 297 tc: command not found
/usr/share/shorewall/lib.cli: line 297 tc: command not found
/usr/share/shorewall/lib.cli: line 297 tc: command not found
/usr/share/shorewall/lib.cli: line 297 tc: command not found
I'm assuming there's a missing dependency for tc.
Anyone know what needs to installed?
Funny thing is it doesn't seam to affect Shorewall, just Shorewall6 as I
get same message with Shorewall.
Here is the dump.
Shorewall6 5.2.3.4 Dump at 071-089-078-193.res.spectrum.com - Thu Jul 28
07:38:42 AM CDT 2022
Shorewall 5.2.3.4
Shorewall6 is running
State:Started Thu Jul 28 07:37:45 AM CDT 2022 from /etc/shorewall6/
(/var/lib/shorewall6/firewall compiled Thu Jul 28 07:27:44 AM CDT 2022
by Shorewall version 5.2.3.4)
Counters reset Thu Jul 28 07:37:45 AM CDT 2022
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
31 2056 net-fw all eno1 * ::/0 ::/0
3 216 loc-fw all eno2 * ::/0 ::/0
3 216 dmz-fw all eno3 * ::/0 ::/0
0 0 ACCEPT all lo * ::/0 ::/0
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "INPUT
REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 net_frwd all eno1 * ::/0 ::/0
0 0 loc_frwd all eno2 * ::/0 ::/0
0 0 dmz_frwd all eno3 * ::/0 ::/0
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"FORWARD REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
54 9504 fw-net all * eno1 ::/0 ::/0
0 0 fw-loc all * eno2 ::/0 ::/0
0 0 fw-dmz all * eno3 ::/0 ::/0
0 0 ACCEPT all * lo ::/0 ::/0
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"OUTPUT REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain AllowICMPs (14 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 1 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 2 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 3 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 4 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 133 /* Needed ICMP types (RFC4890) */
31 2056 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 134 /* Needed ICMP types (RFC4890) */
6 432 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 135 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 136 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 137 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 141 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 142 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10
::/0 ipv6-icmptype 130 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10
::/0 ipv6-icmptype 131 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10
::/0 ipv6-icmptype 132 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10
::/0 ipv6-icmptype 143 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 148 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
ipv6-icmptype 149 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10
::/0 ipv6-icmptype 151 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10
::/0 ipv6-icmptype 152 /* Needed ICMP types (RFC4890) */
0 0 ACCEPT icmpv6 * * fe80::/10
::/0 ipv6-icmptype 153 /* Needed ICMP types (RFC4890) */
Chain Broadcast (14 references)
pkts bytes target prot opt in out source destination
Chain dmz-fw (1 references)
pkts bytes target prot opt in out source destination
3 216 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp * * ::/0 ::/0 tcp
dpt:80 /* HTTP */
0 0 ACCEPT udp * * ::/0 ::/0 udp
dpt:53 /* DNS */
0 0 ACCEPT tcp * * ::/0 ::/0 tcp
dpt:53 /* DNS */
0 0 ACCEPT udp * * ::/0 ::/0 udp
dpt:123 /* NTP */
3 216 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"dmz-fw REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain dmz-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"dmz-loc REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain dmz-net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp * * ::/0 ::/0 udp
dpt:53 /* DNS */
0 0 ACCEPT tcp * * ::/0 ::/0
multiport dports 53,80,443 /* DNS, Web */
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"dmz-net REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain dmz_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all * eno3 ::/0 ::/0
[goto]
0 0 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
0 0 dmz-net all * eno1 ::/0 ::/0
0 0 dmz-loc all * eno2 ::/0 ::/0
Chain dynamic (6 references)
pkts bytes target prot opt in out source destination
Chain fw-dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp * * ::/0 ::/0 tcp
dpt:10000 /* Webmin */
0 0 ACCEPT udp * * ::/0 ::/0 udp
dpt:123 /* NTP */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"fw-dmz REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain fw-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp * * ::/0 ::/0 udp
dpt:123 /* NTP */
0 0 ACCEPT icmpv6 * * ::/0 ::/0
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"fw-loc REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain fw-net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp * * ::/0 ::/0 udp
dpt:53 /* DNS */
0 0 ACCEPT tcp * * ::/0 ::/0
multiport dports 53,80,443 /* DNS, Web */
54 9504 ACCEPT icmpv6 * * ::/0 ::/0
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"fw-net REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain loc-dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp * * ::/0 ::/0
multiport dports 22,10000 /* SSH, Webmin */
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"loc-dmz REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain loc-fw (1 references)
pkts bytes target prot opt in out source destination
3 216 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp * * ::/0 ::/0
multiport dports 22,10000,9090 /* SSH, Webmin, Cockpit */
0 0 ACCEPT udp * * ::/0 ::/0
multiport dports 123,161,162 /* NTP, SNMP, SNMPtrap */
0 0 ACCEPT tcp * * ::/0 ::/0 tcp
dpt:80 /* HTTP */
0 0 ACCEPT udp * * ::/0 ::/0 udp
dpt:53 /* DNS */
0 0 ACCEPT tcp * * ::/0 ::/0 tcp
dpt:53 /* DNS */
3 216 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"loc-fw REJECT "
0 0 reject all * * ::/0 ::/0 [goto]
Chain loc_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all * eno2 ::/0 ::/0
[goto]
0 0 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
0 0 ACCEPT all * eno1 ::/0 ::/0
0 0 loc-dmz all * eno3 ::/0 ::/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0
Chain logflags (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix
"logflags DROP "
0 0 DROP all * * ::/0 ::/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all * * ::/0 ::/0
Chain net-dmz (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp * * ::/0 ::/0
ctstate INVALID
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"net-dmz DROP "
0 0 DROP all * * ::/0 ::/0
Chain net-fw (1 references)
pkts bytes target prot opt in out source destination
31 2056 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp * * ::/0 ::/0
ctstate INVALID
0 0 ACCEPT tcp * * ::/0 ::/0 tcp
dpt:80 /* HTTP */
0 0 ACCEPT udp * * ::/0 ::/0 udp
dpt:53 /* DNS */
0 0 ACCEPT tcp * * ::/0 ::/0 tcp
dpt:53 /* DNS */
0 0 DROP icmpv6 * * ::/0 ::/0
ipv6-icmptype 128 /* Ping */
31 2056 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"net-fw DROP "
0 0 DROP all * * ::/0 ::/0
Chain net-loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0
ctstate RELATED,ESTABLISHED
0 0 DROP tcp * * ::/0 ::/0
ctstate INVALID
0 0 ACCEPT tcp * * ::/0 ::/0 tcp
dpt:995 /* POP3S */
0 0 AllowICMPs icmpv6 * * ::/0 ::/0
0 0 Broadcast all * * ::/0 ::/0
0 0 DROP all * * ::/0 ff00::/8
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"net-loc DROP "
0 0 DROP all * * ::/0 ::/0
Chain net_frwd (1 references)
pkts bytes target prot opt in out source destination
0 0 sfilter all * eno1 ::/0 ::/0
[goto]
0 0 dynamic all * * ::/0 ::/0
ctstate INVALID,NEW,UNTRACKED
0 0 tcpflags tcp * * ::/0 ::/0
0 0 net-loc all * eno2 ::/0 ::/0
0 0 net-dmz all * eno3 ::/0 ::/0
Chain reject (12 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ff00::/8 ::/0
0 0 DROP 2 * * ::/0 ::/0
0 0 REJECT tcp * * ::/0 ::/0
reject-with tcp-reset
0 0 REJECT udp * * ::/0 ::/0
reject-with icmp6-port-unreachable
0 0 REJECT icmpv6 * * ::/0 ::/0
reject-with icmp6-addr-unreachable
0 0 REJECT all * * ::/0 ::/0
reject-with icmp6-adm-prohibited
Chain sfilter (3 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0
limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix
"sfilter DROP "
0 0 DROP all * * ::/0 ::/0
Chain sha-lh-13ba9d0277df931311e5 (0 references)
pkts bytes target prot opt in out source destination
Chain sha-rh-1a6cdeaf899e0de395ac (0 references)
pkts bytes target prot opt in out source destination
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
0 0 all * * ::/0 ::/0
recent: SET name: %CURRENTTIME side: source mask:
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Chain tcpflags (6 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x3F/0x29
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x3F/0x00
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x06/0x06
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x05/0x05
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x03/0x03
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp flags:0x19/0x09
0 0 logflags tcp * * ::/0 ::/0
[goto] tcp spt:0 flags:0x17/0x02
ARP rules
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 37 packets, 2488 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 37 packets, 2488 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK all * * ::/0 ::/0 MARK
and 0xffffff00
Chain OUTPUT (policy ACCEPT 54 packets, 9504 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 54 packets, 9504 bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 37 packets, 2488 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp * * ::/0 ::/0 udp
dpt:10080 CT helper amanda
0 0 CT tcp * * ::/0 ::/0 tcp
dpt:21 flags:0x17/0x02 CT helper ftp
0 0 CT udp * * ::/0 ::/0 udp
dpt:1719 CT helper RAS
0 0 CT tcp * * ::/0 ::/0 tcp
dpt:1720 flags:0x17/0x02 CT helper Q.931
0 0 CT tcp * * ::/0 ::/0 tcp
dpt:6566 flags:0x17/0x02 CT helper sane
0 0 CT udp * * ::/0 ::/0 udp
dpt:5060 CT helper sip
0 0 CT udp * * ::/0 ::/0 udp
dpt:69 CT helper tftp
Chain OUTPUT (policy ACCEPT 54 packets, 9504 bytes)
pkts bytes target prot opt in out source destination
0 0 CT udp * * ::/0 ::/0 udp
dpt:10080 CT helper amanda
0 0 CT tcp * * ::/0 ::/0 tcp
dpt:21 flags:0x17/0x02 CT helper ftp
0 0 CT udp * * ::/0 ::/0 udp
dpt:1719 CT helper RAS
0 0 CT tcp * * ::/0 ::/0 tcp
dpt:1720 flags:0x17/0x02 CT helper Q.931
0 0 CT tcp * * ::/0 ::/0 tcp
dpt:6566 flags:0x17/0x02 CT helper sane
0 0 CT udp * * ::/0 ::/0 udp
dpt:5060 CT helper sip
0 0 CT udp * * ::/0 ::/0 udp
dpt:69 CT helper tftp
Conntrack Table (97 out of 262144)
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2600:6c44:7028:100:d4aa:9b4e:2615:5aba/128 scope global
dynamic noprefixroute
valid_lft 577144sec preferred_lft 577144sec
inet6 fe80::d6be:d9ff:fef4:e062/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd76:86fd:5e6d:3c65::253/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::d6be:d9ff:fef4:e064/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd77:86fd:5e6d:4c65::253/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::d6be:d9ff:fef4:e066/64 scope link noprefixroute
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped missed mcast
1607 15 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1607 15 0 0 0 0
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether d4:be:d9:f4:e0:62 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped missed mcast
935958744 738750 0 0 0 14919
TX: bytes packets errors dropped carrier collsns
67814177 356622 0 0 0 0
altname enp1s0f0
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether d4:be:d9:f4:e0:64 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped missed mcast
58481052 238724 0 32 0 2554
TX: bytes packets errors dropped carrier collsns
174438544 243661 0 0 0 0
altname enp1s0f1
4: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether d4:be:d9:f4:e0:66 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped missed mcast
6158961 18837 0 24 0 17336
TX: bytes packets errors dropped carrier collsns
22744 348 0 0 0 0
altname enp2s0f0
5: eno4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
DOWN mode DEFAULT group default qlen 1000
link/ether d4:be:d9:f4:e0:68 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped missed mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
altname enp2s0f1
Routing Rules
0: from all lookup local
32766: from all lookup main
Table local:
multicast ff00::/8 dev eno3 proto kernel metric 256 pref medium
multicast ff00::/8 dev eno2 proto kernel metric 256 pref medium
multicast ff00::/8 dev eno1 proto kernel metric 256 pref medium
local fe80::d6be:d9ff:fef4:e066 dev eno3 proto kernel metric 0 pref medium
local fe80::d6be:d9ff:fef4:e064 dev eno2 proto kernel metric 0 pref medium
local fe80::d6be:d9ff:fef4:e062 dev eno1 proto kernel metric 0 pref medium
local fd77:86fd:5e6d:4c65::253 dev eno3 proto kernel metric 0 pref medium
local fd76:86fd:5e6d:3c65::253 dev eno2 proto kernel metric 0 pref medium
local 2600:6c44:7028:100:d4aa:9b4e:2615:5aba dev eno1 proto kernel
metric 0 pref medium
local ::1 dev lo proto kernel metric 0 pref medium
anycast fe80:: dev eno3 proto kernel metric 0 pref medium
anycast fe80:: dev eno2 proto kernel metric 0 pref medium
anycast fe80:: dev eno1 proto kernel metric 0 pref medium
anycast fd77:86fd:5e6d:4c65:: dev eno3 proto kernel metric 0 pref medium
anycast fd76:86fd:5e6d:3c65:: dev eno2 proto kernel metric 0 pref medium
Table main:
2600:6c44:7028:100:d4aa:9b4e:2615:5aba dev eno1 proto kernel metric 102
pref medium
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev eno3 proto kernel metric 1024 pref medium
fe80::/64 dev eno2 proto kernel metric 1024 pref medium
fe80::/64 dev eno1 proto kernel metric 1024 pref medium
fd77:86fd:5e6d:4c65::/64 dev eno3 proto kernel metric 100 pref medium
fd76:86fd:5e6d:3c65::/64 dev eno2 proto kernel metric 101 pref medium
default via fe80::201:5cff:fe67:5c46 dev eno1 proto ra metric 102 pref
medium
NF Accounting
No NF Accounting defined (nfacct not found)
Events
PFKEY SPD
PFKEY SAD
/proc
/proc/version = Linux version 5.17.5-300.fc36.x86_64
(mockbu...@bkernel01.iad2.fedoraproject.org) (gcc (GCC) 12.0.1 20220413
(Red Hat 12.0.1-0), GNU ld version 2.37-24.fc36) #1 SMP PREEMPT Thu Apr
28 15:51:30 UTC 2022
/proc/sys/net/ipv6/conf/all/forwarding = 1
/proc/sys/net/ipv6/conf/all/proxy_ndp = 0
/proc/sys/net/ipv6/conf/default/forwarding = 1
/proc/sys/net/ipv6/conf/default/proxy_ndp = 0
/proc/sys/net/ipv6/conf/eno1/forwarding = 1
/proc/sys/net/ipv6/conf/eno1/proxy_ndp = 0
/proc/sys/net/ipv6/conf/eno2/forwarding = 1
/proc/sys/net/ipv6/conf/eno2/proxy_ndp = 0
/proc/sys/net/ipv6/conf/eno3/forwarding = 1
/proc/sys/net/ipv6/conf/eno3/proxy_ndp = 0
/proc/sys/net/ipv6/conf/eno4/forwarding = 1
/proc/sys/net/ipv6/conf/eno4/proxy_ndp = 0
/proc/sys/net/ipv6/conf/lo/forwarding = 1
/proc/sys/net/ipv6/conf/lo/proxy_ndp = 0
Neighbors
fe80::201:5cff:fe67:5c46 dev eno1 lladdr 00:01:5c:67:5c:46 router REACHABLE
Modules
ip6_tables 36864 21
ip6t_REJECT 16384 4
nf_conntrack 163840 25
xt_conntrack,nf_nat_irc,nf_nat,nf_conntrack_tftp,nft_ct,nf_nat_ftp,nf_conntrack_pptp,nf_conntrack_netbios_ns,nf_conntrack_sane,nf_nat_tftp,nf_nat_amanda,nf_conntrack_sip,nf_conntrack_h323,nf_nat_pptp,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_amanda,nf_conntrack_netlink,nf_conntrack_ftp,xt_CT,nf_nat_h323,nf_conntrack_snmp,nf_nat_snmp_basic,xt_MASQUERADE,nf_nat_sip
nf_conntrack_amanda 16384 5 nf_nat_amanda
nf_conntrack_broadcast 16384 2
nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_ftp 24576 5 nf_nat_ftp
nf_conntrack_h323 86016 9 nf_nat_h323
nf_conntrack_irc 20480 3 nf_nat_irc
nf_conntrack_netbios_ns 16384 2
nf_conntrack_netlink 53248 0
nf_conntrack_pptp 24576 3 nf_nat_pptp
nf_conntrack_sane 20480 4
nf_conntrack_sip 36864 5 nf_nat_sip
nf_conntrack_snmp 16384 3 nf_nat_snmp_basic
nf_conntrack_tftp 20480 5 nf_nat_tftp
nf_defrag_ipv4 16384 1 nf_conntrack
nf_defrag_ipv6 24576 1 nf_conntrack
nf_log_syslog 20480 27
nf_nat 57344 9
nf_nat_irc,nf_nat_ftp,nf_nat_tftp,nf_nat_amanda,nf_nat_pptp,nf_nat_h323,nft_chain_nat,xt_MASQUERADE,nf_nat_sip
nf_nat_amanda 16384 0
nf_nat_ftp 20480 0
nf_nat_h323 24576 0
nf_nat_irc 20480 0
nf_nat_pptp 20480 0
nf_nat_sip 20480 0
nf_nat_snmp_basic 20480 0
nf_nat_tftp 16384 0
nf_reject_ipv4 16384 2 nft_reject_inet,ipt_REJECT
nf_reject_ipv6 20480 2 nft_reject_inet,ip6t_REJECT
nf_tables 274432 970
nft_ct,nft_compat,nft_reject_inet,nft_fib_ipv6,nft_fib_ipv4,nft_chain_nat,nft_reject,nft_fib,nft_fib_inet
xt_addrtype 16384 17
xt_comment 16384 46
xt_conntrack 16384 28
xt_CT 16384 36
xt_hashlimit 20480 23
xt_LOG 20480 27
xt_mark 16384 2
xt_MASQUERADE 20480 4
xt_multiport 20480 5
xt_NFLOG 16384 0
xt_recent 24576 2
Shorewall6 has detected the following iptables/netfilter capabilities:
ACCOUNT Target (ACCOUNT_TARGET): Not available
Address Type Match (ADDRTYPE): Not available
Amanda Helper: Available
Arptables JF (ARPTABLESJF): Not available
AUDIT Target (AUDIT_TARGET): Available
Basic Ematch (BASIC_EMATCH): Not available
Basic Filter (BASIC_FILTER): Not available
Capabilities Version (CAPVERSION): 50200
Checksum Target (CHECKSUM_TARGET): Available
CLASSIFY Target (CLASSIFY_TARGET): Available
Comments (COMMENTS): Available
Condition Match (CONDITION_MATCH): Not available
Connection Tracking Match (CONNTRACK_MATCH): Available
Connlimit Match (CONNLIMIT_MATCH): Available
Connmark Match (CONNMARK_MATCH): Available
CONNMARK Target (CONNMARK): Available
CT Target (CT_TARGET): Available
DSCP Match (DSCP_MATCH): Available
DSCP Target (DSCP_TARGET): Available
Enhanced Multi-port Match (EMULIPORT): Available
Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH):
Available
Extended Connmark Match (XCONNMARK_MATCH): Available
Extended CONNMARK Target (XCONNMARK): Available
Extended MARK Target 2 (EXMARK): Available
Extended MARK Target (XMARK): Available
Extended Multi-port Match (XMULIPORT): Available
Extended REJECT (ENHANCED_REJECT): Available
FLOW Classifier (FLOW_FILTER): Not available
FTP-0 Helper: Not available
FTP Helper: Available
fwmark route mask (FWMARK_RT_MASK): Available
Geo IP Match (GEOIP_MATCH): Not available
Goto Support (GOTO_TARGET): Available
H323 Helper: Available
Hashlimit Match (HASHLIMIT_MATCH): Available
Header Match (HEADER_MATCH): Available
Helper Match (HELPER_MATCH): Available
Iface Match (IFACE_MATCH): Not available
IMQ Target (IMQ_TARGET): Not available
INPUT chain in nat table (NAT_INPUT_CHAIN): Available
ip6tables-restore --wait option (RESTORE_WAIT_OPTION): Available
ip6tables -S (IPTABLES_S): Available
ip6tables --wait option (WAIT_OPTION): Available
IPMARK Target (IPMARK_TARGET): Not available
IPP2P Match (IPP2P_MATCH): Not available
IP range Match(IPRANGE_MATCH): Available
Ipset Match (IPSET_MATCH): Not available
ipset V5 (IPSET_V5): Not available
IRC-0 Helper: Not available
IRC Helper: Not available
Kernel Version (KERNELVERSION): 51705
LOGMARK Target (LOGMARK_TARGET): Not available
LOG Target (LOG_TARGET): Available
Mangle FORWARD Chain (MANGLE_FORWARD): Available
Mark in the filter table (MARK_ANYWHERE): Available
MARK Target (MARK): Available
MASQUERADE Target (MASQUERADE_TGT): Available
Multi-port Match (MULTIPORT): Available
NAT (NAT_ENABLED): Available
Netbios_ns Helper: Not available
NETMAP Target (NETMAP_TARGET): Available
New tos Match (NEW_TOS_MATCH): Available
NFAcct Match: Not available
--nflog-size support (NFLOG_SIZE): Available
NFLOG Target (NFLOG_TARGET): Available
NFQUEUE CPU Fanout (CPU_FANOUT): Available
NFQUEUE Target (NFQUEUE_TARGET): Available
Owner Match (OWNER_MATCH): Available
Owner Name Match (OWNER_NAME_MATCH): Available
Packet length Match (LENGTH_MATCH): Available
Packet Mangling (MANGLE_ENABLED): Available
Persistent SNAT (PERSISTENT_SNAT): Available
Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
Physdev Match (PHYSDEV_MATCH): Available
Policy Match (POLICY_MATCH): Available
PPTP Helper: Not available
Raw Table (RAW_TABLE): Available
Realm Match (REALM_MATCH): Not available
Recent Match "--reap" option (REAP_OPTION): Available
Recent Match (RECENT_MATCH): Available
Repeat match (KLUDGEFREE): Available
RPFilter Match (RPFILTER_MATCH): Available
SANE-0 Helper: Not available
SANE Helper: Available
SIP-0 Helper: Not available
SIP Helper: Available
SNMP Helper: Not available
Statistic Match (STATISTIC_MATCH): Available
TARPIT Target (TARPIT_TARGET): Not available
TCPMSS Match (TCPMSS_MATCH): Available
TCPMSS Target (TCPMSS_TARGET): Available
TFTP-0 Helper: Not available
TFTP Helper: Available
Time Match (TIME_MATCH): Available
TPROXY Target (TPROXY_TARGET): Available
UDPLITE Port Redirection (UDPLITEREDIRECT): Not available
ULOG Target (ULOG_TARGET): Not available
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:PortProcess
udp UNCONN 0 0 [::1]:323 [::]:*
users:(("chronyd",pid=1042,fd=6))
udp UNCONN 0 0 [fe80::d6be:d9ff:fef4:e062]%eno1:546 [::]:*
users:(("NetworkManager",pid=1072,fd=32))
udp UNCONN 0 0 [::]:5355 [::]:*
users:(("systemd-resolve",pid=967,fd=12))
tcp LISTEN 0 128 [::]:22 [::]:*
users:(("sshd",pid=3418,fd=4))
tcp LISTEN 0 4096 *:9090 *:*
users:(("systemd",pid=1,fd=126))
tcp LISTEN 0 4096 [::]:5355 [::]:*
users:(("systemd-resolve",pid=967,fd=13))
Traffic Control
TC Filters
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
