diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-09-04 17:32:23 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-09-04 17:34:07 +0300 |
commit | d47507f34e34c294782eadbd332845f10bd7c5b4 (patch) | |
tree | b4b194e1a931d1d2f050efa8aebebd362563dd9d | |
parent | eb1673e9470de54024bebecd03e6ef363a0de16d (diff) | |
download | awall-d47507f34e34c294782eadbd332845f10bd7c5b4.tar.bz2 awall-d47507f34e34c294782eadbd332845f10bd7c5b4.tar.xz |
test: log: nflogv1.6.5
-rw-r--r-- | test/mandatory/log.json | 2 | ||||
-rw-r--r-- | test/output/address/dump | 12 | ||||
-rw-r--r-- | test/output/address/rules-save | 1 | ||||
-rw-r--r-- | test/output/address/rules6-save | 1 | ||||
-rw-r--r-- | test/output/filter-limit/dump | 12 | ||||
-rw-r--r-- | test/output/filter-limit/rules-save | 1 | ||||
-rw-r--r-- | test/output/filter-limit/rules6-save | 1 | ||||
-rw-r--r-- | test/output/filter/dump | 12 | ||||
-rw-r--r-- | test/output/filter/rules-save | 1 | ||||
-rw-r--r-- | test/output/filter/rules6-save | 1 | ||||
-rw-r--r-- | test/output/no-track/dump | 12 | ||||
-rw-r--r-- | test/output/no-track/rules-save | 1 | ||||
-rw-r--r-- | test/output/no-track/rules6-save | 1 | ||||
-rw-r--r-- | test/output/route-track/dump | 12 | ||||
-rw-r--r-- | test/output/route-track/rules-save | 1 | ||||
-rw-r--r-- | test/output/route-track/rules6-save | 1 | ||||
-rw-r--r-- | test/output/tproxy/dump | 12 | ||||
-rw-r--r-- | test/output/tproxy/rules-save | 1 | ||||
-rw-r--r-- | test/output/tproxy/rules6-save | 1 |
19 files changed, 80 insertions, 6 deletions
diff --git a/test/mandatory/log.json b/test/mandatory/log.json index 1324f21..d1cbb4c 100644 --- a/test/mandatory/log.json +++ b/test/mandatory/log.json @@ -2,12 +2,14 @@ "log": { "dual": { "mode": "log", "mirror": "fc00::1" }, "mirror": { "mirror": [ "10.0.0.1", "10.0.0.2", "fc00::2" ] }, + "nflog": { "mode": "nflog", "group": 1, "range": 128 }, "none": { "mode": "none" }, "ulog": { "mode": "ulog", "limit": { "interval": 5 } } }, "packet-log": [ { "out": "_fw" }, { "out": "_fw", "log": "mirror" }, + { "out": "_fw", "log": "nflog" }, { "out": "_fw", "log": "ulog" } ], "filter": [ diff --git a/test/output/address/dump b/test/output/address/dump index af338a6..be86a63 100644 --- a/test/output/address/dump +++ b/test/output/address/dump @@ -8085,6 +8085,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} (log) +Log nflog {"group":1,"mode":"nflog","range":128} +(log) + Log none {"mode":"none"} (log) @@ -8141,7 +8144,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet6/filter/INPUT -j TEE --gateway fc00::2 -Packet-log 3 {"log":"ulog","out":"_fw"} +Packet-log 3 {"log":"nflog","out":"_fw"} +(log) + inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + +Packet-log 4 {"log":"ulog","out":"_fw"} (log) inet/filter/INPUT -m limit --limit 12/minute -j ULOG @@ -10306,6 +10314,7 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG @@ -13186,6 +13195,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/address/rules-save b/test/output/address/rules-save index 9000c6c..7af7160 100644 --- a/test/output/address/rules-save +++ b/test/output/address/rules-save @@ -1950,6 +1950,7 @@ -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG diff --git a/test/output/address/rules6-save b/test/output/address/rules6-save index c3e0e74..47efb3c 100644 --- a/test/output/address/rules6-save +++ b/test/output/address/rules6-save @@ -571,6 +571,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/filter-limit/dump b/test/output/filter-limit/dump index 6802fd6..4c418c2 100644 --- a/test/output/filter-limit/dump +++ b/test/output/filter-limit/dump @@ -59513,6 +59513,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} (log) +Log nflog {"group":1,"mode":"nflog","range":128} +(log) + Log none {"mode":"none"} (log) @@ -59569,7 +59572,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet6/filter/INPUT -j TEE --gateway fc00::2 -Packet-log 3 {"log":"ulog","out":"_fw"} +Packet-log 3 {"log":"nflog","out":"_fw"} +(log) + inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + +Packet-log 4 {"log":"ulog","out":"_fw"} (log) inet/filter/INPUT -m limit --limit 12/minute -j ULOG @@ -68693,6 +68701,7 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG @@ -100475,6 +100484,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set diff --git a/test/output/filter-limit/rules-save b/test/output/filter-limit/rules-save index 03f9c88..01016b3 100644 --- a/test/output/filter-limit/rules-save +++ b/test/output/filter-limit/rules-save @@ -8909,6 +8909,7 @@ -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG diff --git a/test/output/filter-limit/rules6-save b/test/output/filter-limit/rules6-save index ff7a50e..9c55c12 100644 --- a/test/output/filter-limit/rules6-save +++ b/test/output/filter-limit/rules6-save @@ -8882,6 +8882,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set diff --git a/test/output/filter/dump b/test/output/filter/dump index e1466f3..b70d419 100644 --- a/test/output/filter/dump +++ b/test/output/filter/dump @@ -433,6 +433,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} (log) +Log nflog {"group":1,"mode":"nflog","range":128} +(log) + Log none {"mode":"none"} (log) @@ -489,7 +492,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet6/filter/INPUT -j TEE --gateway fc00::2 -Packet-log 3 {"log":"ulog","out":"_fw"} +Packet-log 3 {"log":"nflog","out":"_fw"} +(log) + inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + +Packet-log 4 {"log":"ulog","out":"_fw"} (log) inet/filter/INPUT -m limit --limit 12/minute -j ULOG @@ -804,6 +812,7 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG @@ -1022,6 +1031,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/filter/rules-save b/test/output/filter/rules-save index 73a1332..3d22084 100644 --- a/test/output/filter/rules-save +++ b/test/output/filter/rules-save @@ -100,6 +100,7 @@ -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG diff --git a/test/output/filter/rules6-save b/test/output/filter/rules6-save index fca9ec3..0285ab6 100644 --- a/test/output/filter/rules6-save +++ b/test/output/filter/rules6-save @@ -73,6 +73,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/no-track/dump b/test/output/no-track/dump index 042a882..2e9a303 100644 --- a/test/output/no-track/dump +++ b/test/output/no-track/dump @@ -429,6 +429,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} (log) +Log nflog {"group":1,"mode":"nflog","range":128} +(log) + Log none {"mode":"none"} (log) @@ -485,7 +488,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet6/filter/INPUT -j TEE --gateway fc00::2 -Packet-log 3 {"log":"ulog","out":"_fw"} +Packet-log 3 {"log":"nflog","out":"_fw"} +(log) + inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + +Packet-log 4 {"log":"ulog","out":"_fw"} (log) inet/filter/INPUT -m limit --limit 12/minute -j ULOG @@ -796,6 +804,7 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG @@ -1018,6 +1027,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/no-track/rules-save b/test/output/no-track/rules-save index 9274a53..ad71f1b 100644 --- a/test/output/no-track/rules-save +++ b/test/output/no-track/rules-save @@ -96,6 +96,7 @@ -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG diff --git a/test/output/no-track/rules6-save b/test/output/no-track/rules6-save index e59b5f8..f742fd3 100644 --- a/test/output/no-track/rules6-save +++ b/test/output/no-track/rules6-save @@ -63,6 +63,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/route-track/dump b/test/output/route-track/dump index 647ad25..329c4fe 100644 --- a/test/output/route-track/dump +++ b/test/output/route-track/dump @@ -363,6 +363,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} (log) +Log nflog {"group":1,"mode":"nflog","range":128} +(log) + Log none {"mode":"none"} (log) @@ -419,7 +422,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet6/filter/INPUT -j TEE --gateway fc00::2 -Packet-log 3 {"log":"ulog","out":"_fw"} +Packet-log 3 {"log":"nflog","out":"_fw"} +(log) + inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + +Packet-log 4 {"log":"ulog","out":"_fw"} (log) inet/filter/INPUT -m limit --limit 12/minute -j ULOG @@ -736,6 +744,7 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG @@ -928,6 +937,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/route-track/rules-save b/test/output/route-track/rules-save index c03183d..4071f9e 100644 --- a/test/output/route-track/rules-save +++ b/test/output/route-track/rules-save @@ -90,6 +90,7 @@ -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG diff --git a/test/output/route-track/rules6-save b/test/output/route-track/rules6-save index d3e9b88..cca38f2 100644 --- a/test/output/route-track/rules6-save +++ b/test/output/route-track/rules6-save @@ -63,6 +63,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/tproxy/dump b/test/output/tproxy/dump index 4c79af7..7370c14 100644 --- a/test/output/tproxy/dump +++ b/test/output/tproxy/dump @@ -363,6 +363,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} (log) +Log nflog {"group":1,"mode":"nflog","range":128} +(log) + Log none {"mode":"none"} (log) @@ -419,7 +422,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet6/filter/INPUT -j TEE --gateway fc00::2 -Packet-log 3 {"log":"ulog","out":"_fw"} +Packet-log 3 {"log":"nflog","out":"_fw"} +(log) + inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128 + +Packet-log 4 {"log":"ulog","out":"_fw"} (log) inet/filter/INPUT -m limit --limit 12/minute -j ULOG @@ -730,6 +738,7 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG @@ -921,6 +930,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT diff --git a/test/output/tproxy/rules-save b/test/output/tproxy/rules-save index 29d9752..3620968 100644 --- a/test/output/tproxy/rules-save +++ b/test/output/tproxy/rules-save @@ -90,6 +90,7 @@ -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG diff --git a/test/output/tproxy/rules6-save b/test/output/tproxy/rules6-save index 781a4c8..08f7075 100644 --- a/test/output/tproxy/rules6-save +++ b/test/output/tproxy/rules6-save @@ -63,6 +63,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 -A INPUT -j TEE --gateway fc00::2 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT |